Privacy & Data Protection Policy (UK GDPR)
Last updated: 26 September 2025
Nouveau Cultura Limited ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, store, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Scope. This policy applies when you use nouveaucultura.com, buy from us, contact us, or otherwise interact with our services.
1. Who we are
Controller: Nouveau Cultura Limited (registered in England & Wales). We determine the purposes and means of processing your personal data for our products and services.
Contact
Website: https://nouveaucultura.com
Email (privacy): [email protected]
General: [email protected]
Company info
Registered in England & Wales.
Company No.: 16566648
Registered address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
2. Data we collect
| Category | Examples | Why we collect it |
|---|---|---|
| Identity & Contact | Name, email, phone | Customer support, order fulfilment, account communications |
| Transaction | Billing & shipping address, order details | Process and deliver your orders; tax and accounting |
| Payment | Card/payment token (handled by our payment processors) | Take payments securely (we do not store full card numbers) |
| Technical | IP address, device, browser, error logs | Security, diagnostics, and service performance |
| Usage & Analytics | Pages viewed, time on page, clicks | Improve website experience and content relevance |
| Marketing Preferences | Opt-ins, unsubscribe status | Send newsletters and offers with consent; honour opt-outs |
3. How we collect data
- Directly from you (e.g., orders, contact forms, newsletter signup).
- Automatically via cookies and similar technologies (see Cookies & tracking).
- From trusted third parties (payment gateways, delivery/logistics, analytics providers).
4. Lawful bases for processing
| Lawful basis | Typical use | What this means for you |
|---|---|---|
| Consent | Newsletters and marketing emails, non-essential cookies | You can withdraw consent at any time via unsubscribe links or by emailing us |
| Contract | Order processing, delivery, customer service | We need your data to fulfil our contract with you |
| Legal obligation | Accounting, tax, fraud prevention | We must retain certain records to comply with the law |
| Legitimate interests | Website security, product improvement, service analytics | Balanced against your rights and expectations |
5. How we use your data
- Provide and improve our products and services.
- Process payments and deliver orders.
- Communicate with you about your orders, updates, and support.
- Run analytics to understand and improve site performance.
- Send marketing communications with your consent (you can opt out any time).
- Comply with legal and regulatory requirements.
7. Data retention
| Data type | Typical retention | Reason |
|---|---|---|
| Transaction & invoicing | Up to 6 years | UK tax and accounting obligations |
| Customer support emails | 12–24 months | Service history and quality assurance |
| Marketing preferences | Until you withdraw consent | Respect opt-ins and opt-outs |
| Website analytics | Up to 26 months (typical) | Trend analysis and site optimisation |
8. Security
- HTTPS (SSL/TLS) encryption for data in transit.
- Access controls and least-privilege permissions.
- Regular updates, patching, and secure backups.
- Staff awareness and training on data protection best practices.
If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will assess and, where required, notify the UK Information Commissioner’s Office (ICO) and affected individuals in line with UK GDPR.
9. International transfers
If we transfer your personal data outside the UK/EEA, we will ensure appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement (IDTA), or standard contractual clauses (SCCs), and apply additional measures where necessary.
10. Your rights
You have the following rights under UK GDPR:
- Access – to obtain a copy of your personal data.
- Rectification – to correct inaccurate or incomplete data.
- Erasure – to request deletion ("right to be forgotten").
- Restriction – to limit our processing in certain circumstances.
- Objection – to object to processing, including direct marketing.
- Portability – to receive your data in a machine-readable format or request we transfer it to another controller.
To exercise your rights, email [email protected]. We may need to verify your identity before acting on your request.
12. Children’s data
Our services are not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
13. Automated decision-making
We do not carry out automated decision-making (including profiling) that produces legal or similarly significant effects about you.
14. Changes to this policy
We may update this policy periodically. The latest version will always be available at https://nouveaucultura.com/privacy and will indicate the date of the most recent update.
Contact & complaints
If you have questions or concerns about this policy or our handling of your data, contact our Data Protection Lead at [email protected].
You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), ICO Registration Number: ZB935488: https://ico.org.uk/make-a-complaint/.
References
- ICO – UK GDPR guidance & resources: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/
- ICO – SME Hub: https://ico.org.uk/for-organisations/sme-web-hub/
- GOV.UK – Data protection: https://www.gov.uk/data-protection
This policy reflects UK GDPR principles (lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity/confidentiality, and accountability) and draws on ICO best-practice guidance for SMEs.
