PRIVACY POLICY
-
INTRODUCTION
Noctue (“Company” or “We”) places a high priority on the security and confidentiality of your personal data. This Privacy Policy explains how we process your personal data when selling and delivering products to customers in the European Union (EU), European Economic Area (EEA), the United Kingdom (UK), and the United States (US). It also details the purposes for which we use such data, the lawful basis of processing, and the rights you have under relevant data protection laws, including but not limited to the EU’s General Data Protection Regulation (GDPR), the UK’s data protection regime (UK GDPR), and applicable US state and federal laws. -
APPLICABLE LEGAL FRAMEWORK
- EU and EEA Countries: We process personal data in compliance with the GDPR.
- United Kingdom: We comply with UK GDPR, which mirrors most GDPR principles post-Brexit.
- United States: We adhere to applicable US federal and state laws, such as the California Consumer Privacy Act (CCPA), where relevant.
Additionally, we comply with the Turkish Personal Data Protection Law No. 6698 (KVKK) and other applicable regulations.
-
PERSONAL DATA WE COLLECT
We may process the following categories of personal data:- Identity Data: Name, surname, username, account information.
- Contact Data: Email address, postal address, telephone number.
- Payment and Financial Data: Credit/debit card details (handled through payment service providers), billing information.
- Demographic Data: Country of residence, language preferences.
- Technical Data: IP address, cookies, browser information, device type, IP-based location data, access dates and times, pages visited.
- Customer Transaction Data: Order history, product reviews, customer support communications.
-
PURPOSES AND LEGAL BASES FOR DATA PROCESSING
We process personal data for the following purposes:- Contractual Necessity: To process orders, handle payments, deliver products and services, and manage returns and exchanges (GDPR Art. 6(1)(b), UK GDPR, and other applicable regulations).
- Legal Obligations: To comply with tax, trade, consumer protection, and other legal requirements (GDPR Art. 6(1)(c)).
- Legitimate Interests: To improve customer satisfaction, enhance service quality, detect and prevent fraud, and ensure website security (GDPR Art. 6(1)(f)).
- Consent-Based Processing: We may seek your consent for certain marketing communications (newsletters, promotions) and for certain cookie usages (GDPR Art. 6(1)(a)).
In the US, we may request your opt-in or opt-out consent in accordance with applicable state laws like the CCPA before using your personal data for certain activities.
-
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
- Service Providers: We may share personal data with logistic companies, payment service providers, hosting and analytics services, and other business partners.
- Legal Compliance: We may disclose data to tax authorities, regulators, courts, or other official bodies when required by law.
- International Transfers: When transferring personal data from the EU, EEA, or UK to countries outside these regions (including the US), we apply appropriate safeguards (e.g., Standard Contractual Clauses, adequacy decisions) in compliance with GDPR and UK GDPR.
DATA RETENTION PERIODS
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with applicable laws and regulations. At the end of these periods, we will securely delete, destroy, or anonymize your personal data. Commercial and financial records and data necessary for resolving disputes or complying with legal obligations may be retained for longer periods as required by law.-
SECURITY MEASURES
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction. These measures may include SSL encryption, access controls, regular security assessments, and timely security updates. -
COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies to analyze traffic, personalize your experience, and improve our marketing efforts. For more information on our cookie practices and how to manage your preferences, please consult our Cookie Policy. -
YOUR DATA PROTECTION RIGHTS
- EU/EEA and UK Users (GDPR / UK GDPR): You have the right to request access, rectification, erasure, restriction of processing, data portability, and to object to processing. You may also withdraw your consent at any time for processing activities that rely on consent.
- US Users (CCPA and Other State Laws): Depending on state law, you may have the right to access personal data, request deletion, and opt out of the sale or sharing of personal information.
- Turkey and Other Jurisdictions: Under KVKK and applicable laws, you may have similar rights such as access, correction, deletion, objection, and restriction.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request as required by applicable law.
-
CHILDREN’S PRIVACY
We do not knowingly collect personal data from children under 16. If we become aware that we have processed personal data of a child under this age, we will take steps to delete the data as soon as possible. If you are a parent or guardian and believe we have collected data about a child, please contact us. -
THIRD-PARTY LINKS
Our website may contain links to third-party websites. We are not responsible for their privacy practices, and we encourage you to review their respective privacy policies. -
UPDATES TO THIS POLICY
We may update this Privacy Policy in response to changes in legal, technical, or business developments. The latest version will always be posted on our website. If we make significant changes, we may notify you via email or through a notice on our site. -
CONTACT US
If you have any questions or concerns regarding this Privacy Policy or the processing of your personal data, please contact us at:
[email protected]
Effective Date: December 12, 2024