Privacy Policy
Privacy Policy – Nordrue
Effective Date: July 19, 2025
Legal Entity: DRAKAR ST LTD (Trading as Nordrue)
Website: https://nordrue.com
1. Introduction
This Privacy Policy explains how Nordrue ("we", "us", or "our") collects, uses, shares, and protects your personal data when you visit or interact with our website https://nordrue.com.
We process personal data in accordance with the EU General Data Protection Regulation (GDPR), UK GDPR, ePrivacy Directive, and other applicable data protection laws.
By using our website, you agree to the terms of this policy. If you do not agree, please refrain from using our services.
2. Data Controller
Controller Name: DRAKAR ST LTD
Registration Number: 16496337
Registered Address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Email: contact@nordrue.com
3. What Personal Data We Collect
We may collect the following types of personal data, depending on your interactions:
| Category | Examples |
|---|---|
| Identification Data | Name, email, phone number, shipping and billing address |
| Transaction Data | Payment method, order history, invoice data |
| Technical Data | IP address, browser type, operating system, device ID |
| Usage Data | Pages visited, clicks, session duration, referring URLs |
| Marketing Preferences | Newsletter subscription, cookie consent choices |
| Account Data | Login credentials (encrypted), user settings |
We do not knowingly collect data from individuals under 16 years of age.
4. Legal Basis for Processing
We rely on the following lawful bases for processing personal data, as defined under Article 6 of the GDPR:
| Legal Basis | Purpose of Processing |
|---|---|
| Performance of a contract | Processing orders, payments, shipping, and customer service |
| Legal obligation | Tax reporting, fraud prevention, record-keeping |
| Consent | Sending marketing emails, using cookies, delivering personalized ads |
| Legitimate interests | Improving website performance, internal analytics, user experience |
| Vital interests | Protecting health or safety in exceptional circumstances (e.g., product recalls) |
You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
5. How We Use Your Data
- Process orders and payments
- Deliver products and handle returns
- Provide customer support
- Optimize website functionality and analytics
- Send updates and promotions (only with your consent)
- Prevent fraud and security threats
- Comply with applicable laws and regulations
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. If this changes, we will inform you and provide options for human review.
6. Sharing Your Information
| Recipient | Purpose | Location and Safeguards |
|---|---|---|
| Shopify Inc. | Website hosting & ecommerce platform | Canada (Adequacy decision) |
| Stripe / PayPal | Payment processing | Independent controllers; safeguards via SCCs / Adequacy |
| Delivery Partners | Shipping & order fulfillment | EU/EEA-based |
| Google Analytics | Website analytics | US-based; SCCs, IP anonymization, user-level controls |
| Marketing Providers | Advertising & promotions (with consent) | EU/US; SCCs + consent-based data sharing |
All third-party processors are bound by Data Processing Agreements (DPAs) under Article 28 GDPR. Where providers act as independent controllers, they process your data under their own privacy policies.
7. International Data Transfers
When your personal data is transferred outside the UK or EEA, we implement safeguards under Chapter V of the GDPR, including:
- Adequacy Decisions (e.g., Canada)
- Standard Contractual Clauses (SCCs) adopted by the EU Commission
- Supplementary measures, such as:
- End-to-end encryption
- Data minimization
- Risk-based assessments
- Access limitations for foreign authorities
8. Data Retention
We retain your personal data only for as long as necessary for its intended purpose:
| Data Type | Retention Period |
|---|---|
| Order & transaction data | 6 years (for tax, accounting, and legal obligations) |
| Customer support data | 2 years from last contact |
| Marketing consent logs | 5 years from date of withdrawal |
| Analytics & cookies | Per cookie duration (see Cookie Policy) |
Once retention periods expire, data is securely deleted or anonymized.
9. Your Rights
As a data subject under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure | Request deletion of your data where no longer necessary |
| Restriction | Request restriction of processing under certain circumstances |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interests or for direct marketing |
| Withdraw Consent | Revoke consent at any time for processing based on consent |
| Automated Decisions | Request human review of any automated processing (currently not applicable) |
To exercise these rights, contact us at: contact@nordrue.com. We aim to respond to all data subject requests within 30 days.
You may also lodge a complaint with the UK ICO or your local EU authority. Residents of Spain may contact the Agencia Española de Protección de Datos (AEPD).
10. Cookies & Tracking Technologies
We use cookies and similar technologies to:
- Enhance user experience
- Provide essential site functionality
- Analyze website performance
- Deliver personalized advertisements (with consent)
Full details are provided in our Cookie Policy.
We:
- Do not deploy non-essential cookies unless you give clear, affirmative consent via our cookie banner
- Store your cookie preferences using a Consent Management Platform (CMP)
- Respect “Do Not Track” (DNT) settings, where technically feasible
You can change or withdraw your consent at any time via the banner or your browser settings.
11. Security Measures
We implement industry-standard technical and organizational security measures, including:
- HTTPS encryption of all website traffic
- PCI-DSS compliant payment systems
- Multi-layered access controls
- Encrypted storage of sensitive information
- Regular vulnerability testing and patching
Data Breach Notification:
In the event of a personal data breach, we will:
- Notify the appropriate supervisory authority within 72 hours
- Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
12. Updates to This Privacy Policy
We may update this Privacy Policy to reflect changes in legal, technical, or business developments.
- Last Updated: July 18, 2025
- Changes will be posted on this page
- For material updates, we may notify you by email or platform notice
Archived versions are available upon request.
13. Contact Us
For any privacy-related questions or to exercise your rights, please contact:
DRAKAR ST LTD
71–75 Shelton Street, Covent Garden
London, WC2H 9JQ, United Kingdom
Email: contact@nordrue.com
Phone / WhatsApp: +44 7412 852546
Contact Form: https://nordrue.com/pages/contact