Privacy Policy

 

Privacy Policy

Nerenova – Online Jewelry Store

Last Updated: November 2025

Introduction

At Nerenova, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website, make a purchase, or interact with our services.

We respect your privacy rights and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for customers in the European Union and UK, and other relevant privacy legislation worldwide.

By using our website and services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our website or services.

1. Information We Collect

We collect various types of information to provide and improve our services to you.

1.1 Information You Provide Directly

Account Information: When you create an account with Nerenova, we collect:

  • Full name
  • Email address
  • Password (encrypted)
  • Phone number (optional)
  • Date of birth (optional, for special offers)

Order & Payment Information: When you make a purchase, we collect:

  • Billing address
  • Shipping address
  • Payment method information (processed securely through third-party payment processors – we do not store complete credit card numbers)
  • Order history
  • Purchase preferences

Customization Information: For personalized jewelry, we may collect:

  • Custom text for engravings
  • Names for name necklaces
  • Photos for photo jewelry
  • Special instructions or requests

Communication Information: When you contact us, we collect:

  • Content of your messages
  • Email correspondence
  • Customer service interactions
  • Feedback and reviews
  • Survey responses

Marketing Preferences:

  • Email subscription status
  • Marketing communication preferences
  • Cookie and tracking preferences

1.2 Information Collected Automatically

Device & Browser Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (mobile, tablet, desktop)
  • Screen resolution
  • Language preferences

Usage Data:

  • Pages visited on our website
  • Products viewed
  • Time spent on pages
  • Click-through rates
  • Search queries on our site
  • Referring/exit pages
  • Date and time stamps

Cookies & Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your browsing behavior. See Section 8 for detailed information about cookies.

Location Data:

  • Approximate location based on IP address
  • Precise location (only if you grant permission through your device)

1.3 Information from Third Parties

Social Media: If you connect your social media accounts or interact with us on social platforms, we may receive:

  • Profile information (name, profile picture, email)
  • Friends list (if you choose to share)
  • Interests and preferences

Payment Processors: We receive transaction confirmation and fraud prevention information from:

  • PayPal
  • Stripe
  • Klarna
  • Other payment providers

Analytics & Advertising Partners: We receive aggregated and anonymized data from:

  • Google Analytics
  • Facebook/Meta Pixel
  • Other marketing and analytics platforms

Shipping Carriers: Delivery status and tracking information from our shipping partners.

2. How We Use Your Information

We use your personal information for the following purposes:

2.1 Order Processing & Fulfillment

  • Processing and completing your orders
  • Managing payments and billing
  • Creating personalized/customized jewelry according to your specifications
  • Arranging shipping and delivery
  • Providing order confirmations and shipping notifications
  • Managing returns, exchanges, and refunds

2.2 Customer Service & Communication

  • Responding to your inquiries and support requests
  • Providing customer assistance
  • Sending important account and order updates
  • Notifying you about changes to our services or policies
  • Resolving disputes and troubleshooting problems

2.3 Marketing & Promotional Activities

  • Sending promotional emails about new products, special offers, and sales (with your consent)
  • Personalizing marketing content based on your preferences
  • Running contests, giveaways, and promotional campaigns
  • Displaying personalized advertisements on our website and third-party platforms
  • Sending abandoned cart reminders
  • Requesting product reviews and feedback

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or updating your preferences in your account settings.

2.4 Website Improvement & Personalization

  • Analyzing website usage to improve functionality and user experience
  • Personalizing your shopping experience based on browsing history
  • Providing product recommendations
  • A/B testing new features and designs
  • Understanding customer preferences and behavior
  • Optimizing website performance and navigation

2.5 Security & Fraud Prevention

  • Verifying your identity
  • Detecting and preventing fraudulent transactions
  • Protecting against unauthorized access and cyber attacks
  • Investigating suspicious activity
  • Complying with legal obligations and law enforcement requests
  • Maintaining the security and integrity of our systems

2.6 Legal Compliance & Business Operations

  • Complying with applicable laws, regulations, and legal processes
  • Enforcing our Terms and Conditions and other policies
  • Protecting our legal rights and interests
  • Conducting business analytics and reporting
  • Managing business transactions (mergers, acquisitions, etc.)
  • Maintaining business records

2.7 Research & Development

  • Developing new products and features
  • Conducting market research
  • Improving our jewelry designs and offerings
  • Understanding industry trends

3. Legal Basis for Processing (GDPR)

For customers in the EU/UK, we process your personal data based on the following legal grounds:

3.1 Contractual Necessity

Processing is necessary to fulfill our contract with you (e.g., processing orders, delivering products, providing customer service).

3.2 Consent

You have given explicit consent for specific processing activities (e.g., marketing emails, cookies for advertising).

3.3 Legitimate Interests

Processing is necessary for our legitimate business interests, such as:

  • Improving our services and website
  • Fraud prevention and security
  • Direct marketing (where permitted)
  • Business analytics

We always balance our interests against your rights and freedoms.

3.4 Legal Obligation

Processing is necessary to comply with legal requirements (e.g., tax laws, consumer protection regulations).

4. How We Share Your Information

We do not sell your personal information to third parties. We only share your data in the following circumstances:

4.1 Service Providers & Business Partners

We share information with trusted third-party service providers who help us operate our business:

Payment Processors:

  • PayPal, Stripe, Klarna, and other payment gateways
  • Purpose: Processing transactions securely
  • Data shared: Payment information, billing address, order amount

Shipping & Logistics Partners:

  • DHL, Royal Mail, USPS, and other carriers
  • Purpose: Delivering your orders
  • Data shared: Name, shipping address, phone number, order contents

Email & Marketing Services:

  • Klaviyo, Mailchimp, or similar platforms
  • Purpose: Sending promotional and transactional emails
  • Data shared: Email address, name, purchase history, preferences

Analytics Providers:

  • Google Analytics, Hotjar, etc.
  • Purpose: Understanding website usage and improving user experience
  • Data shared: Anonymized browsing data, device information

Advertising Platforms:

  • Facebook/Meta, Google Ads, TikTok, etc.
  • Purpose: Displaying relevant advertisements
  • Data shared: Cookie identifiers, browsing behavior, demographic data

Customer Support Tools:

  • Zendesk, Gorgias, or similar platforms
  • Purpose: Managing customer inquiries
  • Data shared: Contact information, order details, communication history

Fraud Prevention Services:

  • Fraud detection and prevention tools
  • Purpose: Protecting against fraudulent transactions
  • Data shared: Transaction details, IP address, device fingerprint

Hosting & Infrastructure:

  • Shopify, AWS, or other hosting providers
  • Purpose: Website hosting and data storage
  • Data shared: All data necessary for website operation

4.2 Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders, subpoenas, or legal processes
  • Law enforcement or government agency requests
  • Protection of our legal rights, property, or safety
  • Investigation of fraud, security issues, or illegal activities
  • Enforcement of our Terms and Conditions

4.3 Business Transfers

If Nerenova is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred to the successor entity. You will be notified of any such change via email and/or prominent notice on our website.

4.4 With Your Consent

We may share your information with other third parties when you have given explicit consent for us to do so.

4.5 Aggregated & Anonymized Data

We may share aggregated or anonymized data that cannot identify you personally with partners for research, analytics, or marketing purposes.

5. Data Retention

5.1 How Long We Keep Your Data

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data: Retained while your account is active and for up to 3 years after account closure or last activity

Order Information: Retained for 7 years for accounting, tax, and legal purposes

Marketing Data: Retained until you unsubscribe or withdraw consent, then deleted within 30 days

Analytics Data: Typically anonymized after 26 months (Google Analytics default)

Customer Service Records: Retained for 3 years after the last interaction

Legal/Compliance Data: Retained as required by applicable laws

5.2 Deletion of Data

After the retention period expires, we will:

  • Delete or anonymize your personal data
  • Remove identifiable information from backups during routine backup cycles
  • Ensure data is securely destroyed and cannot be recovered

5.3 Exceptions

We may retain certain information longer if:

  • Required by law (e.g., financial records)
  • Necessary for legal claims or disputes
  • You have explicitly requested extended retention
  • The data has been anonymized and can no longer identify you

6. Your Privacy Rights

Depending on your location, you have various rights regarding your personal information.

6.1 Rights Under GDPR (EU/UK Customers)

Right to Access: You can request a copy of the personal data we hold about you.

Right to Rectification: You can request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data in certain circumstances, such as:

  • The data is no longer necessary for its original purpose
  • You withdraw consent
  • You object to processing and there are no overriding legitimate grounds
  • The data was unlawfully processed

Right to Restriction of Processing: You can request that we limit how we use your data in certain situations.

Right to Data Portability: You can request to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Object: You can object to:

  • Processing based on legitimate interests
  • Direct marketing (including profiling)
  • Processing for research/statistical purposes

Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Right to Lodge a Complaint: You can file a complaint with your local data protection authority if you believe we have violated your rights.

6.2 Additional Rights for Other Jurisdictions

California Residents (CCPA/CPRA):

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or shared
  • Right to opt-out of the sale/sharing of personal information
  • Right to deletion
  • Right to correction
  • Right to limit use of sensitive personal information
  • Right to non-discrimination

Other Regions: Residents of other jurisdictions may have similar rights under local privacy laws. Contact us to learn more.

6.3 How to Exercise Your Rights

To exercise any of these rights, please:

Email us: [Privacy Email Address]
Subject line: "Privacy Rights Request"
Include:

  • Your full name
  • Email address associated with your account
  • Specific request details
  • Proof of identity (if required)

We will respond to your request within:

  • 30 days for most requests
  • 45 days for complex requests (with notification of extension)
  • Immediately for opt-out of marketing communications

6.4 Verification

To protect your privacy and security, we may need to verify your identity before fulfilling requests. We may ask for:

  • Email verification
  • Order number or account details
  • Government-issued ID (for sensitive requests)

7. International Data Transfers

7.1 Global Operations

Nerenova operates globally, and your information may be transferred to, stored, and processed in countries other than your country of residence, including:

  • United Kingdom
  • United States
  • European Union member states
  • Other countries where our service providers operate

These countries may have data protection laws that differ from those in your country.

7.2 Safeguards for EU/UK Data

When we transfer personal data outside the EU/UK, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with our service providers.

Adequacy Decisions: We transfer data to countries recognized by the EU Commission as providing adequate protection.

Additional Safeguards: We implement technical and organizational measures to protect data during international transfers.

7.3 Your Rights Regarding International Transfers

You have the right to:

  • Obtain information about the safeguards we use for international transfers
  • Request copies of Standard Contractual Clauses
  • Object to transfers in certain circumstances

8. Cookies & Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and analyze website performance.

8.2 Types of Cookies We Use

Strictly Necessary Cookies: Essential for website operation. Cannot be disabled.

  • Session management
  • Shopping cart functionality
  • Security features
  • Load balancing

Functional Cookies: Enhance website functionality and personalization.

  • Remember your preferences
  • Language settings
  • Previously entered information
  • Customized content

Performance/Analytics Cookies: Help us understand how visitors use our website.

  • Google Analytics
  • Page visit statistics
  • User behavior analysis
  • A/B testing
  • Error tracking

Advertising/Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness.

  • Facebook Pixel
  • Google Ads remarketing
  • Personalized product recommendations
  • Ad performance measurement
  • Cross-site tracking

8.3 Third-Party Cookies

Some cookies are placed by third-party services:

  • Google Analytics – Website analytics
  • Facebook/Meta Pixel – Advertising and retargeting
  • TikTok Pixel – Advertising measurement
  • Payment processors – Secure payment processing
  • Live chat services – Customer support

8.4 Cookie Duration

Session Cookies: Temporary; deleted when you close your browser

Persistent Cookies: Remain on your device for a set period (from days to years) or until manually deleted

8.5 Managing Cookies

Cookie Consent Banner: When you first visit our website, you'll see a cookie consent banner allowing you to accept or customize cookie preferences.

Browser Settings: You can control cookies through your browser settings:

  • Google Chrome: Settings > Privacy and Security > Cookies
  • Safari: Preferences > Privacy
  • Firefox: Options > Privacy & Security
  • Edge: Settings > Cookies and site permissions

Opt-Out Tools:

Note: Disabling cookies may affect website functionality and your user experience.

8.6 Do Not Track Signals

Some browsers offer "Do Not Track" (DNT) signals. Currently, there is no industry standard for how to respond to DNT signals. We do not respond to DNT signals but provide cookie management options as described above.

9. Data Security

9.1 Security Measures

We implement robust technical and organizational measures to protect your personal information:

Technical Safeguards:

  • SSL/TLS encryption for data transmission
  • Encrypted data storage
  • Secure payment processing (PCI-DSS compliant processors)
  • Firewalls and intrusion detection systems
  • Regular security audits and vulnerability assessments
  • Secure backup systems
  • Access controls and authentication

Organizational Safeguards:

  • Employee training on data protection
  • Confidentiality agreements with staff and contractors
  • Limited access to personal data (need-to-know basis)
  • Data breach response procedures
  • Regular policy reviews and updates

9.2 Payment Security

We do not store complete credit card information on our servers. All payment processing is handled by PCI-DSS compliant third-party processors (PayPal, Stripe, Klarna) that meet the highest security standards.

9.3 Account Security

Your Responsibilities:

  • Choose a strong, unique password
  • Do not share your password with others
  • Log out after using shared devices
  • Keep your contact information up to date
  • Report suspicious activity immediately

Our Recommendations:

  • Enable two-factor authentication (if available)
  • Use a password manager
  • Review account activity regularly

9.4 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected individuals within 72 hours (as required by GDPR)
  • Inform relevant data protection authorities
  • Provide details about the breach and remedial actions
  • Offer guidance on protective measures you can take

9.5 Limitations

While we strive to protect your personal information, no security system is completely impenetrable. We cannot guarantee absolute security of data transmitted over the internet or stored on our systems. You use our services at your own risk.

10. Third-Party Links & Services

10.1 External Websites

Our website may contain links to third-party websites, including:

  • Social media platforms
  • Partner websites
  • Payment processors
  • Review platforms
  • Affiliate sites

We are not responsible for:

  • Privacy practices of third-party websites
  • Content on external sites
  • Security of third-party platforms

10.2 Social Media Features

Our website may include social media features (e.g., Facebook Like button, Instagram feed, Pinterest pin button). These features:

  • May collect your IP address and browsing data
  • May set cookies to enable proper functionality
  • Are governed by the privacy policies of the respective social media companies

10.3 User Responsibility

Before providing personal information to third-party websites or services, we recommend reviewing their privacy policies to understand how they handle your data.

11. Children's Privacy

11.1 Age Restrictions

Our website and services are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

11.2 Parental Consent

If we discover that we have inadvertently collected information from a child without parental consent, we will:

  • Delete the information as quickly as possible
  • Terminate any associated account
  • Not use the information for any purpose

11.3 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [Privacy Email Address], and we will take appropriate action.

12. Marketing Communications

12.1 Types of Marketing

We may send you marketing communications about:

  • New product launches
  • Special offers and discounts
  • Seasonal sales
  • Exclusive promotions
  • Style guides and jewelry care tips
  • Personalized product recommendations
  • Abandoned cart reminders

12.2 Consent

We only send marketing emails to customers who have:

  • Opted in to receive marketing communications
  • Made a purchase and have not opted out (soft opt-in)
  • Provided consent through other legitimate means

12.3 Opting Out

You can opt out of marketing communications at any time:

Email Unsubscribe: Click the "Unsubscribe" link at the bottom of any marketing email.

Account Settings: Log into your account and update your communication preferences.

Contact Us: Email [Privacy Email Address] with "Unsubscribe" in the subject line.

Note: Even if you opt out of marketing emails, we will still send transactional emails related to your orders (confirmations, shipping updates, etc.).

12.4 Personalization

We may personalize marketing content based on:

  • Your browsing history
  • Purchase history
  • Preferences indicated in your account
  • Demographic information

You can opt out of personalized advertising through cookie settings or by contacting us.

13. User-Generated Content

13.1 Reviews & Testimonials

If you submit product reviews, ratings, testimonials, photos, or other content to our website:

Public Display: Your content may be publicly displayed on our website, social media, or marketing materials.

Content License: You grant us a non-exclusive, worldwide, royalty-free license to use, reproduce, modify, and display your content for marketing and promotional purposes.

Moderation: We reserve the right to moderate, edit, or remove content that:

  • Violates our Terms and Conditions
  • Contains inappropriate, offensive, or harmful material
  • Infringes on intellectual property rights
  • Contains spam or commercial solicitations

13.2 Privacy in User Content

Do not include:

  • Personal information of yourself or others (addresses, phone numbers, email addresses)
  • Sensitive information (financial data, health information)
  • Information about minors

Your responsibility: You are responsible for ensuring any content you submit does not violate privacy rights or laws.

14. California Privacy Rights (CCPA/CPRA)

14.1 Information for California Residents

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

14.2 Categories of Personal Information We Collect

  • Identifiers: Name, email, postal address, IP address
  • Commercial Information: Purchase history, shopping behavior
  • Internet Activity: Browsing history, interactions with our website
  • Geolocation Data: Approximate location from IP address
  • Inferences: Preferences and characteristics derived from your activity

14.3 Your California Rights

Right to Know: You can request information about:

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collection
  • Categories of third parties with whom we share data
  • Specific pieces of personal information we hold about you

Right to Delete: You can request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out: You can opt-out of the "sale" or "sharing" of personal information (for advertising purposes).

Right to Correct: You can request correction of inaccurate personal information.

Right to Limit: You can request limitation of the use of sensitive personal information.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

14.4 Do We "Sell" or "Share" Personal Information?

Under CCPA, "sale" and "sharing" have broad definitions that may include allowing third parties (like advertising platforms) to collect information through cookies and similar technologies.

We may "share" information with advertising partners for targeted advertising purposes. You can opt out through our cookie consent banner or by contacting us.

We do not sell personal information in the traditional sense (i.e., exchanging data for money).

14.5 Exercising Your Rights

To exercise your California privacy rights:

  • Email: [Privacy Email Address]
  • Phone: [Phone Number]
  • Online Form: [Link to Privacy Request Form]

We will verify your identity and respond within 45 days.

14.6 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide:

  • Written authorization signed by you
  • Proof of their identity
  • Verification that they are registered with the California Secretary of State (if applicable)

14.7 Shine the Light Law

California residents can request information about personal information disclosed to third parties for direct marketing purposes. Contact us at [Privacy Email Address] with "California Shine the Light" in the subject line.

15. Changes to This Privacy Policy

15.1 Policy Updates

We may update this Privacy Policy periodically to reflect:

  • Changes in our practices
  • New legal requirements
  • Improvements to our services
  • Feedback from customers

15.2 Notification of Changes

Material Changes: We will notify you of significant changes via:

  • Email to your registered email address
  • Prominent notice on our website
  • Pop-up notification when you log into your account

Minor Changes: For minor updates, we will update the "Last Updated" date at the top of this policy.

15.3 Your Acceptance

Continued use of our website and services after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree with changes, please discontinue use and contact us to close your account.

15.4 Reviewing Changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

16.1 Privacy Questions & Requests

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [Privacy Email Address]
Subject Line: "Privacy Inquiry" or "Privacy Rights Request"

Postal Mail:
Nerenova – Privacy Department
[Complete Address]
[Postal Code, City, Country]

Phone: [Phone Number]

16.2 Data Protection Officer

For EU/UK customers, you can contact our Data Protection Officer at:
Email: [DPO Email Address]

16.3 Response Time

We aim to respond to all privacy inquiries within:

  • 5 business days for general questions
  • 30 days for rights requests (GDPR)
  • 45 days for rights requests (CCPA)

16.4 Complaints

If you're not satisfied with our response, you have the right to lodge a complaint with:

EU/UK Residents: Your local data protection authority:

California Residents: California Attorney General's Office – oag.ca.gov

Other Jurisdictions: Your local consumer protection or privacy authority

Summary: Your Privacy Matters

At Nerenova, we are committed to:

Transparency – Clear communication about data practices
Control – Giving you control over your personal information
Security – Implementing robust measures to protect your data
Respect – Honoring your privacy choices and rights
Compliance – Adhering to all applicable privacy laws

We only collect data necessary to provide excellent service and never sell your information to third parties.

Thank you for trusting Nerenova with your personal information. Your privacy is our priority.