Privacy policy

This Privacy Policy explains how NORVELANE ("NORVELANE", "we", "us" or "our") collects, uses, and protects the personal information of anyone who visits or purchases through this online store and its associated services (the "Website").

As the entity operating this Website, we act as the data controller for all personal information processed through it.

Continuing to use the Website after reading this Policy indicates that you understand and accept the practices described below.

 

1. WHO WE ARE

NORVELANE
Email: support@norvelane.com
Support Hours: Monday to Saturday, 9:00 a.m. – 6:00 p.m. | Sunday, 10:00 a.m. – 6:00 p.m. (GMT)

 

2. WHAT INFORMATION WE COLLECT

The type of personal information we hold about you depends on how you interact with the Website. This may include:

Who You Are & How to Reach You Your name, email address, phone number, and both your delivery and billing addresses.

Purchase & Transaction Records What you bought, how much you spent, any refunds processed, transaction IDs, and partial card details. We never store complete card numbers — your payment provider handles all sensitive financial data on our behalf.

Account Information (registered users only) The username and password you selected, along with any preferences you have saved.

Customer Service Correspondence The content of any messages, attachments, or details you share with our team when seeking assistance.

Technical & Session Data Your IP address, browser version, device type, operating system, language, which pages you visit, how long you stay, and information captured via cookies and similar tracking technologies.

 

3. HOW YOUR INFORMATION COMES TO US

We gather information through three main channels:

✔️ Things you do directly — checking out, registering, subscribing to our newsletter, or writing to our support team.
✔️ Automatic data collection — through cookies, pixels, and other tracking tools embedded in the Website.
✔️ External partners — such as payment processors, shipping companies, marketing tools, and analytics providers.

 

4. WHY WE PROCESS YOUR DATA & OUR LEGAL BASIS (ARTICLE 6 GDPR)

Below is a breakdown of what we use your data for and the legal ground that justifies each activity:

Completing Orders & Managing Your Account Processing your purchase, coordinating delivery, handling returns, and responding to enquiries. Legal basis: Contract performance (Art. 6(1)(b)) + Legitimate interests (Art. 6(1)(f)).

Securing Payments & Preventing Fraud Verifying transactions and flagging suspicious behaviour. Legal basis: Legitimate interests (Art. 6(1)(f)) + Legal obligations (Art. 6(1)(c)).

Improving the Website Analysing visitor behaviour to make the shopping experience better. Legal basis: Legitimate interests (Art. 6(1)(f)).

Sending You Offers & Updates Delivering promotional emails and personalised content. Legal basis: Consent where legally required (Art. 6(1)(a)); otherwise legitimate interests (Art. 6(1)(f)). You may unsubscribe whenever you wish.

Meeting Legal Obligations Complying with tax, financial reporting, and regulatory requirements. Legal basis: Legal obligation (Art. 6(1)(c)).

 

5. COOKIES & TRACKING TECHNOLOGIES

Cookies on our Website serve several functions:

  • Ensuring the Website operates correctly
  • Remembering your settings and preferences across sessions
  • Monitoring traffic patterns and site performance
  • Delivering targeted advertising where you have permitted it

For any cookies that are not strictly necessary, we will seek your permission through a banner when you first visit. Your preferences can be changed at any time via your browser or our cookie settings panel.

Switching off certain cookies may limit what you can do on the Website.

 

6. WHO ELSE SEES YOUR DATA

Your information is shared only where it is genuinely needed to run our business, and only with the following categories of recipient:

  • Shopify (the platform powering our store)
  • Payment processors (such as Stripe, PayPal, Klarna, and others)
  • Delivery and fulfilment companies
  • Marketing and email service providers
  • Technology vendors and analytics platforms
  • Legal, tax, and compliance professionals

Your personal data is never sold to outside parties — full stop.

 

7. CROSS-BORDER DATA TRANSFERS

Some of our service providers, Shopify included, may process your data in countries outside the UK or EEA. Whenever this happens, we put safeguards in place to protect your information, including:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities
  • Transfers to countries with an adequacy decision in place
  • Supplementary technical and organisational measures

Feel free to write to us if you want a fuller picture of the protections we apply.

 

8. DATA RETENTION PERIODS

We keep your information only for as long as we genuinely need it — whether to serve you or to satisfy a legal requirement.

Typical timeframes are as follows:

  • Purchase and financial records: retained for up to 10 years to meet tax and accounting obligations
  • Account data: kept until you delete your account or it becomes dormant for an extended period
  • Support conversations: held for up to 3 years from when the matter was resolved
  • Marketing preferences: maintained until you opt out or withdraw consent

 

9. YOUR RIGHTS UNDER DATA PROTECTION LAW

Subject to the applicable legal framework, you are entitled to:

✔️ Request a copy of the personal data we hold about you
✔️ Have any inaccuracies in your data corrected
✔️ Ask for your data to be erased, where the law permits
✔️ Place restrictions on how we use your data, or object to certain uses altogether
✔️ Obtain your data in a machine-readable format for transfer elsewhere
✔️ Pull back any consent you previously gave us, at any time

Write to us at support@norvelane.com to make any of these requests.

We may need to confirm your identity before proceeding. In most cases we will respond within 30 days, though particularly complex requests may take a little longer.

If you feel your rights have not been respected, you are entitled to lodge a formal complaint with your national Data Protection Authority.

 

10. CHILDREN

This Website is designed for adults and is not intended for anyone under 16 years of age. We do not knowingly gather data from children. If you suspect that a minor has shared information with us, please alert us straight away and we will remove it without delay.

 

11. AUTOMATED DECISIONS

We do not make decisions about you through automated processes or profiling that would produce legal consequences or similarly significant effects, as described in Article 22 of the GDPR.

 

12. ABOUT SHOPIFY

Our Website runs on Shopify's infrastructure, which handles the technical backbone of our store — from order management through to security and analytics. For certain platform-level functions, Shopify operates as a data controller in its own right.

We recommend reading Shopify's own Privacy Policy to understand how they manage data on their end.

 

13. POLICY UPDATES

This Policy is reviewed periodically and may be revised to reflect changes in our practices or legal requirements. The updated version will always be published here, clearly dated. For significant changes, we will notify you as required by law.

 

14. CONTACT US

Questions about this Policy or about how we handle your data are always welcome:

NORVELANE
Email: support@norvelane.com
Support Hours: Monday to Saturday, 9:00 a.m. – 6:00 p.m. | Sunday, 10:00 a.m. – 6:00 p.m. (GMT)

We make every effort to respond within 24–48 hours.