PRIVACY POLICY

This information describes the methods of processing the personal data of users who consult the site nuleworld.com  (hereinafter, the “Site”) and make online purchases, in accordance with the EU Regulation 2016/679 (GDPR) , the Italian Privacy Code and applicable European legislation.

1. Data controller

The Data Controller is Nule Srl,with registered office at Via Tommaso Grossi 6, 20063 Cernusco sul Naviglio (MI), Italy. VAT number 14386290960 - Email : info@nuleworld.com

(hereinafter, the “Owner”)

The Data Controller determines the purposes and means of processing personal data and is responsible for them pursuant to applicable legislation.

2. E-commerce platform used  

The Site is hosted on an e-commerce platform provided by Shopify Inc., which allows the Owner to sell its products online. Shopify processes personal data as a Data Processor pursuant to Art. 28 GDPR, based on a specific Data Processing Agreement (DPA) , acting exclusively on behalf of the Data Controller and according to its instructions. Shopify manages exclusively:

  • hosting and technical infrastructure of the site;  
  • checkout management and transactional data;  
  • IT security and backup;  
  • technical support for order management.  

Payment data is processed exclusively by certified payment service providers; Nule does not store complete card data.  

3. Type of data processed

The Data Controller processes the following categories of data:  

  1. Identification and contact details:  name, surname, billing and shipping address, email , phone number.  

  1. Order data:  products purchased, order status, returns, information required for shipping.  

  1. Payment data: Payments are processed by certified payment service providers; Nule does not store complete card details.  

  1. Browsing and device data:  IP address, browser type, operating system, pages visited, technical logs.  

  1. Communication data:  requests sent to Customer Service, feedback and complaints.  

  1. Marketing data:  consent to newsletters, preferences, and interactions with promotional communications.  

4. Purpose of processing and legal basis

Personal data are processed for:  

Purpose  

Legal basis  

Order management and sales  

Performance of the contract (Article 6.1.b GDPR)  

Shipping and delivery of products  

Execution of the contract  

Tax and accounting obligations  

Legal obligation (Article 6.1.c GDPR)  

Fraud prevention and security  

Legitimate interest (art. 6.1.f GDPR)  

Customer Service  

Legitimate interest  

Any marketing/newsletter  

Consent of the interested party (Article 6.1.a GDPR)  

 

5. Methods of processing

The processing is carried out using secure IT tools and logic strictly related to the purposes indicated , with technical and organizational measures suitable for:

  • prevent unauthorized access, loss or misuse;  
  • manage backups and security protocols;  
  • encrypt sensitive information.  

The data will not be disclosed to external parties except for purposes strictly related to the service or for legal obligations.

6. Data recipients  

The data may be communicated to entities acting as Data Processors, including:

  • Shopify Inc. (e-commerce platform and hosting);  
  • payment service providers;  
  • couriers and logistics operators;  
  • IT providers and cloud services;  
  • tax and administrative consultants;  
  • commercial and marketing partners, only with prior consent;  
  • competent authorities in case of legal obligations or legal proceedings.

These entities process the data exclusively for the purposes of the service. The data They are not publicly released .

7. Transfer of data to non-EU countries  

Any transfers of data to countries outside the European Economic Area take place exclusively using legitimate instruments, such as:  

  • European Commission Standard Contractual Clauses;
  • additional security measures in compliance with current legislation.

8. Data retention

Personal data is retained for the time strictly necessary to achieve the following purposes:  

  • order and billing data: up to 10 years for tax and accounting obligations;  
  • marketing data: until consent is revoked;  
  • browsing data and technical logs: up to 24 months;  
  • customer account: until deleted at the request of the interested party.  

At the end of the retention period, the data will be deleted or anonymized .  

9. Rights of the interested party

The user may exercise the rights provided for in Articles 15–22 of the GDPR at any time:  

  • access to personal data;  
  • rectification or update;  
  • erasure (“right to be forgotten”);  
  • limitation of processing;  
  • opposition to processing;  
  • data portability;
  • revoke consent to marketing.  

    Requests should be sent to: info@nuleworld.com

    The interested party has the right to lodge a complaint with the Personal Data Protection Authority.

    10. Nature of the data provision

    Providing the data required for the purchase is mandatory. Failure to provide this information will make it impossible to complete the order.  Providing your data for marketing purposes is optional.

    11. Cookies and tracking tools

    The Site uses technical cookies and, with your consent, analytical or profiling cookies. 
    The methods of use are described in the Cookie Policy published on the site.

    12. Transaction security

    Online transactions are processed through payment systems that comply with international security standards (e.g., PCI-DSS). The Owner does not access or store complete payment card data.  

    13. Marketing communications

    With the user's explicit consent, the Data Controller may send promotional and informative communications via email . Processing for marketing purposes is based on Art. 6.1.a GDPR (consent). The user may withdraw consent at any time via the link provided in each communication or by contacting the Data Controller. Data used for marketing purposes is retained until consent is revoked and in any case no longer than 24 months from the last interaction.

    14. Minors  

    The Site is not intended for children under 16 years of age. Nule does not knowingly collect data from minors. If data from minors is provided, it will be deleted immediately upon request from parents or guardians.  

    15. Changes to this policy

    The Data Controller may update this information to reflect regulatory or technical changes. 
    The updated version will always be available on the Site.