top of page

Privacy Policy

In compliance with the General Data Protection Regulations, effective as of 25th May 2018 this Privacy Notice, with our Terms and Conditions, sets out how Nalo Box, retains and uses personal information or data about our prospective, current and past customers.

It is important that you read this Notice so that you are aware of how and why we are using such information and how we will treat it.

Introduction

Nalo Box is an online only store that sells digital products, as well as curated boxes online. The personal data we collect is limited to personal information of individuals who purchase from us, or set up accounts with us on our website. This information is collected and stored to enable us to manage our commercial relationship with you.

Any changes we may make to this Notice will be updated on our website and, where appropriate, notified to you in writing.

We are the data controller of your personal information which you provide to us. This means that we are responsible for deciding how we hold and use personal information about you and that we are required to notify you of the information contained in this Notice.

You can also contact us using the details provided at the end of this Notice in the “Contacting Us” section.

What data we hold?


This depends on the reason we obtain your data.

Purpose & Information Required

Website sign up:

  • Full name

  • Address

  • Date of birth

  • Email address​

Making a purchase:

  • Full name

  • Address

  • Date of birth

  • Billing address (if different from destination address)

  • Card information (should you chose to save this on our website)

  • Email address

Newsletter sign up:

  • Full name

  • Date of birth

  • Email address


How data is stored?

All data is stored in a secure, password-protected and encrypted database. This is accessible by our designated data processors only for the purposes stated below.


What we use your data for?

Your data is used only to pursue our legitimate business interests, provided that your legal rights do not override those interests. Your data will never be shared with any other company or individual, with the exception of requests for information from legal entities and registered Credit Reference Agencies (CRAs), including the financial regulator. We will notify you of any provision of data to these organisations.

That means we will only request as much information from you as we need to carry out the activity you have requested or to enable us to carry out commercial transactions.

Other use of your data

Provision of loyalty rewards or other promotions, competitions and surveys

We will not use automated decision making with your personal data.

Outside the UK and/or EU

Your personal data may be processed by our employees in other countries and regions, but it will be subject at all times to the terms of this Privacy Notice.

How long your data is retained for?

Your personal data will be kept for as long as necessary to fulfil the purpose for which it was obtained as outlined above or as required by current legislation.

e.g. Information about our customers (including contact, identity, financial and transactional data) must be kept for seven years after they cease being customers for tax purposes.

You can ask us to delete your personal information at any time – providing you no longer require the services for which it is required and not in contravention of the law.

We may anonymise personal data for research or statistical purpose. In this case there will be no means of identifying you from this information and this data may be used on an ongoing basis, without giving you any further notice.

Your rights

Data protection laws provide you, as an individual, the right to:

  • Request access to your personal information (a data subject access request), so you can check what data we hold about you and are using it in accordance with the law

  • Request us to correct personal information that we hold about you

  • Request us to delete your personal data where there is no good reason for us to hold this data. You can also ask us to delete or remove your personal information where you have exercised your right to object to processing

  • Ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it

  • Ask for a copy of the data we hold about you, in an accessible format and the right to transfer it, or to require us to transfer it directly, to another controller.

  • Object to the processing of your personal information and there is something about your particular situation which makes you want to object to processing on this ground.

  • Object to us processing your personal information for direct marketing purposes.

No fee is required to claim any of these rights. However, we may charge a reasonable fee or refuse to comply if your request for access is considered to be unfounded or excessive.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO). Their contact details are:

Telephone: 0303 123 1113

Email: casework@ico.org.uk

Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF at.

However, please contact us in the first instance if you have any issue that you wish to discuss.

CHANGES TO OUR PRIVACY NOTICE

Any changes we make to our Notice in the future will be posted on our website and, where appropriate, notified to you in writing.

CONTACTING US

If you have any queries, comments or requests regarding this Notice you can contact our Data Protection Controller at:

Email: naloboxonline@gmail.com

bottom of page