Privacy Policy

Nour Naturels is operated by Exact Solutions Sp. z o.o., registered in Poland at Stanisława Bodycha 87, 05-816 Reguły, REGON 366864056. We are the data controller responsible for your personal data when you use our website or purchase from us. Contact our data protection officer at privacy@exactsolutions.pl.

We collect data you provide directly: name, email address, billing and shipping address, phone number, and payment method details (processed by Stripe — we never store full card numbers). We also automatically collect: IP address, browser type, pages visited, time spent on pages, and referral source via analytics cookies. If you create an account, we store your purchase history and preferences.

We use your data to process and fulfil your orders; to send order confirmations, shipping notifications, and receipts; to respond to customer service enquiries; to personalise your shopping experience; to send marketing emails if you have opted in; to improve our website and product range; and to comply with legal obligations including tax and financial reporting.

We process your data on the following legal bases: Contract performance — processing necessary to fulfil your order. Legitimate interests — fraud prevention, website security, analytics. Consent — marketing emails (you may withdraw this consent at any time by unsubscribing). Legal obligation — tax records, financial compliance.

We do not sell your personal data. We share it only with: payment processors (Stripe) to process transactions; courier and logistics partners to deliver your orders; email service providers to send transactional and marketing emails; analytics providers (anonymised data only); legal authorities if required by law. All third-party processors are bound by GDPR-compliant data processing agreements.

Order data is retained for 7 years for tax and financial compliance. Account data is retained for as long as your account is active, plus 3 years after last activity. Marketing consent is retained until you withdraw it. Analytics data is retained for 26 months and then aggregated.

Under GDPR you have the right to: access your personal data (Subject Access Request); correct inaccurate data; request deletion of your data (right to erasure); restrict processing; portability of your data in a machine-readable format; object to processing for direct marketing; withdraw consent at any time. To exercise any of these rights, email privacy@exactsolutions.pl. We will respond within 30 days.

We use cookies for website functionality, analytics, and marketing. Full details are in our Cookie Policy. You can manage cookie preferences via our cookie consent banner or by adjusting your browser settings.

Our website is hosted in the EU. Some of our service providers (including Stripe and analytics tools) may transfer data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl.