Privacy policy

Last updated: October 2025

1. Overview

This Privacy Policy explains how Nuboca OÜ (“Nuboca”, “we”, “our”, “us”) collects, uses, discloses, and protects your personal data when you visit or make a purchase from www.nuboca.com (the “Website”).

We value your privacy and are committed to handling your data responsibly, transparently, and in accordance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and applicable national laws.

By using our Website, you consent to the practices described in this Privacy Policy.

2. Company Information

Data Controller:
Nuboca OÜ
Tartu mnt 67/1-13b, Kesklinna linnaosa,
10115 Tallinn, Harju maakond, Estonia

Business Registration Number: 17350709
VAT Number: EE102913574

Parent Company: Trusterya Group OÜ (Estonia)
Parent Company Registration Number: 17350394

Email: info@nuboca.com

If you have any questions or concerns about how we process your data, please contact us using the details above.

3. Data We Collect

We collect and process the following categories of personal data:

(a) Information you provide directly

  • Name, billing address, shipping address

  • Email address and phone number

  • Payment information (processed securely via Shopify and third-party payment providers such as Mollie or PayPal)

  • Account login details (if you create an account)

  • Messages or feedback submitted via forms or email

(b) Information we collect automatically

When you visit our Website, we automatically collect:

  • IP address and device identifiers

  • Browser type and version

  • Pages visited and browsing behavior

  • Referring URLs and timestamps

This information helps us improve website performance, security, and the customer experience.

(c) Cookies and Tracking

We use cookies and similar technologies to:

  • Enable essential website functions (cart, checkout, account login)

  • Analyze website traffic and usage

  • Personalize content and ads

You can manage or disable cookies in your browser settings. For more information, see Section 10 (Cookies).

4. How We Use Your Data

We process your personal data for the following purposes:

Purpose Legal Basis
To process and deliver your orders Performance of a contract
To manage payments and refunds Performance of a contract
To communicate about your order, account, or support requests Legitimate interest
To send marketing communications (with your consent) Consent
To personalize your shopping experience Legitimate interest
To comply with tax and accounting obligations Legal obligation
To improve our Website and customer experience Legitimate interest

We do not sell or rent your personal data to third parties.

5. How We Share Your Data

We share your data only when necessary to provide our services:

(a) Service Providers

We use trusted third-party providers who process data on our behalf, including:

  • Shopify (e-commerce platform & hosting)

  • Mollie, PayPal, Apple Pay, Google Pay (payment processing)

  • Logistics & shipping partners (order delivery)

  • Email and marketing tools (for newsletters and service updates)

All third parties are GDPR-compliant and process data under contractual agreements ensuring confidentiality and data protection.

(b) Legal Requirements

We may disclose your information if required by law, regulation, or court order.

6. International Data Transfers

Because we use Shopify and other service providers, your data may be transferred to and processed in countries outside the European Economic Area (EEA), including Canada and the United States.

Shopify is certified under the EU Standard Contractual Clauses (SCCs), ensuring that your data remains protected according to EU law.

7. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy:

  • Order and billing data: 7 years (as required by EU accounting law)

  • Customer accounts: until deleted by the user

  • Marketing data: until you withdraw consent

  • Technical logs: up to 12 months for security and analytics

When data is no longer needed, it is securely deleted or anonymized.

8. Your Rights (Under GDPR)

As a data subject, you have the following rights:

  • Right of access – to know what personal data we hold about you

  • Right to rectification – to correct inaccurate data

  • Right to erasure (“right to be forgotten”) – to request deletion of your data

  • Right to restriction of processing – to limit how we use your data

  • Right to data portability – to receive your data in a machine-readable format

  • Right to object – to processing based on legitimate interests or direct marketing

  • Right to withdraw consent – at any time, for example, for newsletters

To exercise any of these rights, contact us at info@nuboca.com.
We will respond within 30 days in accordance with GDPR requirements.

9. Marketing Communications

If you opt in to receive our newsletter or promotional emails, we’ll send updates about new products, offers, and lifestyle content.

You can unsubscribe at any time by clicking the “Unsubscribe” link in any email or contacting us directly.

We use GDPR-compliant email services (such as Shopify Email or Klaviyo) for this purpose.

10. Cookies

Cookies are small files placed on your device to enable essential functionality and analytics.

We use:

  • Essential cookies: to enable the shopping cart and checkout

  • Performance cookies: to understand visitor behavior

  • Marketing cookies: to show relevant ads on Google, Meta, and TikTok

You can control or delete cookies in your browser settings.
For detailed cookie information, please visit our Cookie Policy (if available).

11. Data Security

We take appropriate technical and organizational measures to protect your personal data, including encryption (SSL), secure servers, and access controls.
While no system is 100% secure, we continuously monitor and improve our safeguards to minimize risk.

12. Third-Party Links

Our Website may include links to third-party sites (such as Instagram, Facebook, or TikTok).
We are not responsible for their privacy practices and encourage you to review their policies before providing any personal data.

13. Children’s Privacy

Our Website and products are intended for adults.
We do not knowingly collect personal data from individuals under 16 years of age.
If you believe a minor has provided us with personal data, please contact us immediately to delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes.
The updated version will always be posted on this page with the “Last updated” date at the top.
Material changes will be communicated via email or website notice.

15. Contact

For any privacy-related questions, data access requests, or complaints, please contact:

Nuboca OÜ
Tartu mnt 67/1-13b, Kesklinna linnaosa,
10115 Tallinn, Harju maakond, Estonia

Email: info@nuboca.com
Telephone: +372 5936 3341
Website: www.nuboca.com

If you are unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority or with the Estonian Data Protection Inspectorate (AKI):
https://www.aki.ee

Nuboca OÜ
Business Registration Number: 17350709
VAT Number: EE102913574

Parent Company: Trusterya Group OÜ (Estonia)
Parent Company Registration Number: 17350394