Privacy policy

Last Updated: May 28, 2025

This Privacy Policy describes how Norahaven (the website, we, us, or our) collects, uses, and shares your personal information when you visit, use our services, make purchases from norahaven.shop (the Website), or otherwise communicate with us regarding the Website (collectively referred to as the Services). The use of "you/your" in this Privacy Policy refers to you as a user of the Services, whether you are a customer, website visitor, or any other individual whose information we have collected in accordance with this Privacy Policy.

We recommend that you read this Privacy Policy carefully.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect new practices or due to other operational, legal, or regulatory reasons. The revised Privacy Policy will be posted on the Website, indicated by the "Last Updated" date, and we will take any additional steps required by applicable law.

How We Collect and Use Personal Information

To provide the Services, we collect your personal information from various sources as described below. The information we collect and use varies depending on how you interact with us.

In addition to the specific purposes set out below, we may use the information we collect about you to communicate with you, provide or improve the Services, comply with applicable legal requirements, enforce applicable terms of use, and protect the Services, our rights, and the rights of our users and others.

What Personal Information We Collect

The types of personal information we collect about you depend on how you interact with our Website and use our Services. When we use the term "personal information," we mean information that identifies, relates to, describes, or can be associated with you. The sections below describe the categories and specific types of personal information we collect.

Information We Collect Directly from You

Information you provide to us through our Services may include:

  • Contact Information, such as your name, address, phone number, and email address.
  • Order Information, such as your name, billing address, shipping address, payment confirmation, email address, and phone number.
  • Account Information, such as your username, password, security questions, and other information used to secure your account.
  • Customer Support Information, such as information you choose to share when communicating with us (e.g., when you send a message through the Services).

Certain features of the Services may require you to directly provide us with specific information about yourself. You may choose not to provide such information, but this may prevent you from using or accessing these features.

Information We Collect About Your Use

We may also automatically collect certain information about your interaction with the Services ("Usage Data"). For this purpose, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Website and your account, including device information, browser information, network connection, IP address, and other details about your interaction with the Services.

Information We Obtain from Third Parties

We may also obtain information about you from third parties, including vendors and service providers that collect information on our behalf, such as:

  • Companies that support our Website and Services, such as Shopify.
  • Our payment processors, which collect payment information (e.g., bank account, credit or debit card details, billing address) to process your payment, fulfill your orders, and deliver the products or services you have requested, in order to perform our contract with you.
  • When you visit our Website, open or click on emails we send to you, or interact with our Services or advertisements, we or third parties we work with may automatically collect certain information using tracking technologies such as pixels, web beacons, software development kits (SDKs), third-party libraries, and cookies.

All information we obtain from third parties will be handled in accordance with this Privacy Policy. See also the section below, Third-Party Websites and Links.

How We Use Your Personal Information

  • Provide Products and Services. We use your personal information to provide the Services and perform our contract with you, including processing your payments, fulfilling your orders, sending communications related to your account, purchases, returns, exchanges, or other transactions, creating, maintaining, and otherwise managing your account, arranging shipping, facilitating returns and exchanges, and providing other account-related features and functionality. We may also enhance your shopping experience by enabling Shopify to connect your account to other Shopify services you choose to use. In such cases, Shopify will handle your information in accordance with its privacy policy and consumer protection policy.
  • Marketing and Advertising. We may use your personal information for marketing and advertising purposes, such as sending marketing, advertising, and campaign communications via email, SMS, or mail, and displaying advertisements for products or services. This may include using your personal information to better customize the Services and advertising on our Website and other websites. If you are based in the EEA, the legal basis for this processing of personal information is our legitimate interest in promoting our products, in accordance with Article 6(1)(f) of the GDPR.
  • Security and Fraud Prevention. We use your personal information to detect, investigate, or take action regarding potentially fraudulent, illegal, or harmful activity. If you choose to use the Services and register an account, you are responsible for keeping your login credentials secure. We strongly recommend that you do not share your username, password, or other access information with anyone else. If you believe your account has been compromised, please contact us immediately. If you are based in the EEA, the legal basis for this processing of personal information is our legitimate interest in keeping our Website secure for you and other customers, in accordance with Article 6(1)(f) of the GDPR.
  • Communicate with You and Improve the Service. We use your personal information to provide customer support and improve our Services. This is based on our legitimate interest in being responsive to you, providing effective services, and maintaining our business relationship with you, in accordance with Article 6(1)(f) of the GDPR.

Cookies

Like many others, we use cookies on our Website. For more information about the cookies we use to operate our store with Shopify, visit https://www.shopify.com/legal/cookies. We use cookies to operate and improve our Website and Services (including storing information about your activity and preferences), perform analytics, and better understand how users interact with the Services (based on our legitimate interest in administering, improving, and optimizing the Services). We may also allow third parties and service providers to use cookies on our Website to better customize the Services, products, and advertising on our Website and other websites.

Most browsers automatically accept cookies, but you can modify your browser settings to delete or reject cookies. Please note that disabling or blocking cookies may negatively impact your experience, and certain Services (such as specific features and general functionality) may not work fully or at all. Additionally, blocking cookies may not fully prevent us from sharing information with third parties, such as our advertising partners.

How We Share Personal Information

Under certain circumstances, we may share your personal information with third parties to perform contracts, for legitimate purposes, and for other reasons covered by this Privacy Policy. Examples of such circumstances include:

  • Information may be shared with vendors or other third parties that perform services on our behalf (e.g., IT management, payment processing, data analytics, customer support, cloud storage, fulfillment, and delivery).
  • Information may be shared with business and marketing partners to deliver services and advertising to you. Our business and marketing partners will use your information in accordance with their privacy notices.
  • When you request or otherwise consent to us sharing certain information with third parties (e.g., to deliver products to you or when you use social media tools or login-based integrations), we may also share your information.
  • Information may be shared with our subsidiaries or within our corporate group as part of our legitimate interest in operating a successful business.
  • Information may be shared in connection with a business transaction (such as a merger or bankruptcy), to comply with applicable legal obligations (e.g., in response to lawsuits or search warrants), enforce applicable terms of use, and protect and defend the Services, our rights, and the rights of our users and others.

We share personal information from the following categories and sensitive information about users for the purposes described above in How We Collect and Use Your Personal Information and How We Share Personal Information:

Category Recipient Categories
  • Identifiers, such as basic contact information and certain order and account information
  • Commercial information, such as order, shopping, and customer support information
  • Internet or other similar network activity, such as usage data
  • Geolocation data, such as locations determined via IP address or other technical methods
  • Vendors and third parties that perform services on our behalf (e.g., internet service providers, payment processors, fulfillment partners, customer support partners, and data analytics providers)
  • Business and marketing partners
  • Subsidiary partners

We do not use or share sensitive personal information without your consent or to draw conclusions about your characteristics.

With your consent, we share personal information for advertising and marketing activities as described below.

Third-Party Websites and Links

Our Website may contain links to websites or other online platforms operated by third parties. If you follow links to websites that are not connected to or controlled by us, you should review their privacy and security policies and other terms. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or reliability of information on those websites. Information you provide on public or semi-public platforms (including information you share on third-party social networking platforms) may also be visible to other users of the Services and/or users of these third-party platforms, without restriction on its use by us or third parties. The inclusion of such links does not constitute our endorsement of the content on these platforms, their owners, or their operations, except as expressly stated in the Services.

Children's Information

The Services are not intended for use by children, and we do not knowingly collect personal information about children. If a child for whom you are a guardian has provided us with personal information, you may contact us using the contact details below to request its deletion.

As of the effective date of this Privacy Policy, we are not aware of having "shared" or "sold" (as defined by applicable law) personal information about individuals under 16 years of age.

Security and Storage of Your Information

Please note that no security measures are perfect or impenetrable, and we cannot guarantee absolute security. Any information you send to us may also be unprotected during transmission. We recommend that you do not use insecure methods to send sensitive or confidential information to us.

How long we store your personal information depends on various factors, such as whether we need it to manage your account, provide the Services, comply with legal obligations, resolve disputes, or maintain other applicable contracts and policies.

Your Rights

Depending on where you live, you may have some or all of the following rights regarding your personal information. These rights are not absolute, may only apply under certain circumstances, and the law may allow us to deny your request.

  • Right to Access/Know: You may have the right to request access to the personal information we hold about you, including details about how we use and share your information.
  • Right to Erasure: You may have the right to request that we delete the personal information we hold about you.
  • Right to Correction: You may have the right to request that we correct inaccurate personal information we hold about you.
  • Right to Portability: Under certain circumstances and with certain exceptions, you may have the right to obtain a copy of the personal information we hold about you and request that we transfer it to a third party.
  • Right to Opt Out of Sale, Sharing, or Targeted Advertising: You may have the right to instruct us not to "sell" or "share" your personal information or to opt out of the use of your personal information for purposes considered "targeted advertising" under applicable data protection laws. If you visit our Website with the Global Privacy Control (GPC) signal enabled (depending on your location), we will automatically interpret this as a request to opt out of "sale" or "sharing" of information for the device and browser you use to visit the Website.
  • Restrict Processing: You may have the right to request that we stop processing or restrict the processing of your personal information.
  • Withdraw Consent: Where we rely on consent to process your personal information, you may have the right to withdraw your consent.
  • Appeal: If we deny your request, you may have the right to appeal our decision. You can do this by replying to our denial message.
  • Manage Communication Preferences: We may send promotional emails, and you can opt out of receiving such emails by using the unsubscribe function included in all our communications to you. If you opt out of receiving such emails, we may still send non-promotional communications (e.g., information about your account or orders).

You may exercise these rights where indicated on our Website or by contacting us using the contact details below.

Exercising your rights will not affect your status with us. We may need to collect information from you to verify your identity (e.g., your email address or account information) before providing a substantive response to your request. Under applicable law, you may appoint a representative to submit requests on your behalf to exercise your rights. Before accepting such a request from a representative, we will require proof that you have authorized them to act on your behalf, and you may also need to verify your identity directly with us. We will respond to your request within the timeframe specified by applicable law.

Complaints

If you have complaints about how we process your personal information, please contact us using the contact details below. If you are not satisfied with how we have handled your complaint, depending on your location, you may have the right to appeal our decision by contacting us using the contact details below. You may also choose to submit your complaint to the Swedish Data Protection Authority (Integritetsskyddsmyndigheten, IMY). Within the EEA, you can find a list of competent data protection authorities here.

International Users

Please note that we may transfer, store, and process your personal information outside the country where you live. Your personal information is also processed by staff and third-party vendors and partners in these countries.

If we transfer your personal information outside Europe, we will rely on recognized transfer mechanisms, such as the European Commission’s Standard Contractual Clauses or equivalent agreements issued by the relevant authority in the United Kingdom (where applicable), unless the data transfer is to a country deemed to provide an adequate level of protection.

Contact

If you have questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of your rights, please email us at info@norahaven.shop.

For the purposes of applicable data protection laws, and unless otherwise expressly stated, we are the data controller of your personal information.