This Offer Expires Today — Secure Your 60% Off Before Stock Runs Out

Privacy Policy

NERVILLA — PRIVACY POLICY

Last Updated: May 2026

Your Privacy, Protected

At Nervilla, your trust is everything. We treat your personal information with the same care we put into every product we ship — securely, transparently, and only for purposes you understand and agree to.

This Privacy Policy explains exactly what information we collect, why we collect it, who we share it with, how long we keep it, and the rights you have over your data. We've written it to be as clear and readable as possible — privacy shouldn't require a law degree to understand.

Nervilla is operated by a company registered in the United Kingdom and ships to customers worldwide. We act as the data controller for personal information collected through our website.

This policy is governed primarily by the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018, with additional rights provided to customers based on their country of residence (including the EU GDPR for EEA customers, the California Consumer Privacy Act for California residents, and other applicable data protection laws).

For any privacy enquiry, contact us at contact@nervilla.com — we respond within 1 business day.

At a Glance

Topic Summary
Who we are Nervilla, a UK-registered company shipping worldwide
What we collect Contact details, order info, payment confirmation, technical/usage data
Why we collect it To process orders, support you, prevent fraud, and improve our service
Who we share it with Trusted service providers only — never sold to third parties
Your rights Access, correction, deletion, portability, opt-out, and more — depending on your jurisdiction
How to reach us contact@nervilla.com — within 1 business day
Complaint UK ICO (www.ico.org.uk) or your local data protection authority

1. Who We Are

Nervilla ("we", "us", "our") is a brand operated by a company registered in the United Kingdom, with registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

We operate this online store and all related Services, including order processing, customer support, and marketing communications. We are the data controller responsible for the personal information you provide to us.

2. Personal Information We Collect

"Personal information" means any information that identifies you or can reasonably be linked to you as an individual, as defined under the UK GDPR, EU GDPR, and other applicable data protection laws.

We collect the following categories of personal information:

Information you provide directly

  • Contact details: name, email address, phone number, shipping address, billing address
  • Order information: products purchased, order history, delivery preferences
  • Account information: username, password, account preferences (where an account is created)
  • Communications: any messages, support requests, reviews, or feedback you send us

Information collected automatically

  • Technical data: IP address, browser type, device identifiers, operating system, referral source
  • Usage data: pages visited, products viewed, links clicked, time spent on site
  • Cookies and tracking: see Section 12 below

Information from third parties

  • Payment confirmation: verification of successful payment from our payment processors — we do not store full card details on our systems
  • Marketing performance data: anonymised or aggregated advertising metrics from Meta, Google, and similar platforms (subject to their own privacy policies)
  • Service provider data: information shared by Shopify, our e-commerce platform

We do not knowingly collect sensitive personal data (race, ethnicity, political opinions, religious beliefs, health data, sexual orientation, biometric data) beyond what is strictly necessary to provide our Services.

3. How We Collect Personal Information

We collect personal information from the following sources:

  • Directly from you — when you create an account, place an order, contact our support team, submit a review, or interact with our Services
  • Automatically — through cookies, tracking pixels, and similar technologies when you browse our website
  • From service providers — including Shopify (our e-commerce platform), payment processors, and fulfilment partners
  • From third parties — including marketing partners, analytics providers, and advertising networks, where permitted by applicable law

4. How We Use Your Personal Information

We use your personal information only for purposes directly related to our activities, or where you have given us consent.

Order fulfilment and customer service

  • Process and fulfil your orders
  • Arrange shipping, delivery, returns, and exchanges
  • Send order confirmations, shipping updates, and delivery notifications
  • Provide customer support and resolve any issues

Account management

  • Create and maintain your account
  • Authenticate your identity and protect your account
  • Manage your communication preferences

Marketing and communications

  • Send promotional emails, product recommendations, and updates with your consent or where otherwise permitted by law
  • You may opt out at any time using the unsubscribe link in any marketing email or by emailing contact@nervilla.com

Personalisation

  • Tailor your shopping experience
  • Recommend products based on browsing and purchase history

Security and fraud prevention

  • Detect, investigate, and prevent fraudulent, unlawful, or harmful activity
  • Protect the integrity of our Services and the safety of our customers

Legal compliance

  • Comply with applicable legal obligations
  • Respond to lawful requests from regulatory or law enforcement authorities
  • Enforce our Terms of Service and other policies

Service improvement

  • Analyse how our Services are used
  • Improve our website, products, and customer experience

Lawful bases for processing (UK GDPR and EU GDPR)

Where you are located in the United Kingdom or the European Economic Area, we process your personal data on the following lawful bases under Article 6 of the UK GDPR / EU GDPR:

  • Contract performance (Article 6(1)(b)) — to fulfil your order and provide our Services
  • Consent (Article 6(1)(a)) — for marketing communications and non-essential cookies
  • Legitimate interests (Article 6(1)(f)) — for fraud prevention, service improvement, and security — only where these interests are not overridden by your fundamental rights
  • Legal obligation (Article 6(1)(c)) — for tax, accounting, and regulatory compliance

5. How We Disclose Your Personal Information

We do not sell or rent your personal information to third parties. We disclose your personal information only in the following circumstances:

Service providers

We share information with trusted third-party vendors who perform functions on our behalf, including:

  • Payment processing (PayPal, Shopify Payments, and similar)
  • Order fulfilment and shipping (our fulfilment partners and international carriers)
  • E-commerce platform (Shopify Inc.)
  • Email and marketing automation (our communications platform providers)
  • Analytics and advertising (Meta, Google, and similar — where permitted)
  • Customer service tools (helpdesk and chat platforms)
  • Cloud storage and IT infrastructure

These parties are contractually required to handle your information securely and only for the purposes we specify.

Shopify

Our Services are hosted on the Shopify platform. Shopify processes personal information as part of providing the technical infrastructure for our store. For full details, see Shopify's Privacy Policy at www.shopify.com/legal/privacy.

Marketing and advertising partners

Where you have consented or where permitted by applicable law, we may share certain information with advertising and analytics partners to deliver relevant advertising and measure campaign performance. You may opt out of targeted advertising at any time by contacting us.

Corporate transactions

In connection with a merger, acquisition, restructuring, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in accordance with applicable law.

Legal and regulatory obligations

Where required to comply with a legal obligation, court order, or lawful request from a government or regulatory authority — or to protect the rights, property, or safety of Nervilla, our customers, or others.

With your consent

In any other circumstance where you have given us your express consent.

6. International Transfers of Personal Information

Nervilla is operated by a UK-registered company shipping worldwide. Your personal information may be transferred to, stored in, or processed in countries other than your country of residence — including the United Kingdom, the European Economic Area, the United States, and other jurisdictions where Shopify's infrastructure and our service providers operate.

Where personal information is transferred internationally, we apply appropriate safeguards in accordance with applicable data protection law, including:

  • Adequacy decisions by the UK government, the European Commission, or relevant authorities, where applicable
  • Standard Contractual Clauses (SCCs) approved by the UK ICO or the European Commission for transfers to countries without an adequacy decision
  • Binding Corporate Rules of service providers, where in place
  • Your explicit consent, where required

7. Your Rights

The rights you have over your personal information depend on the data protection law that applies to you. We honour all applicable rights under the law of your country of residence.

Rights under UK GDPR and EU GDPR (UK / EEA customers)

If you are located in the United Kingdom or the European Economic Area, you have the following rights:

  • Right of access (Article 15) — request access to the personal information we hold about you
  • Right to rectification (Article 16) — request correction of inaccurate or incomplete information
  • Right to erasure / "right to be forgotten" (Article 17) — request deletion of your personal information
  • Right to restrict processing (Article 18) — request that we limit how we use your information
  • Right to data portability (Article 20) — request a copy of your information in a structured, machine-readable format
  • Right to object (Article 21) — object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent (Article 7) — where we rely on consent, you may withdraw it at any time
  • Rights regarding automated decision-making (Article 22) — to not be subject to decisions based solely on automated processing

We will respond to requests within 30 days, extendable by 60 additional days for complex requests.

Rights under California Consumer Privacy Act / CCPA (California residents)

If you are a California resident, you have additional rights under the CCPA:

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information, subject to legal exceptions
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information — we do not sell your personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your privacy rights

Rights under PIPEDA (Canada — non-Quebec)

If you are located in Canada (outside Quebec), you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including:

  • Right to access your personal information
  • Right to challenge the accuracy of your information
  • Right to withdraw consent

Quebec residents have additional rights under Loi 25 — see our Quebec-specific Privacy Policy.

Rights under Australian Privacy Act

If you are located in Australia, you have rights under the Privacy Act 1988 and the Australian Privacy Principles, including the right to access, correct, and complain about the handling of your personal information.

Rights in other jurisdictions

If you are located in another country, your rights are determined by local data protection law. We honour all applicable rights and respond within the timeframes required by your jurisdiction.

Marketing opt-out

You may unsubscribe from marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Emailing contact@nervilla.com

How to exercise your rights

Contact us at contact@nervilla.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law. We will never penalise you for exercising your privacy rights.

8. Children's Privacy

Our Services are not directed at children under the age of 18. We do not knowingly collect personal information from minors.

If you believe a minor has provided us with their personal information without appropriate consent, please contact us at contact@nervilla.com and we will promptly delete it.

9. Security of Your Personal Information

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. These include:

  • Industry-standard encryption for data transmission (SSL/TLS)
  • Secure payment processing through PCI-compliant providers
  • Access controls limiting employee access to personal information on a need-to-know basis
  • Regular security reviews of our systems and service providers

However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security and recommend that you do not transmit sensitive information through unsecured channels.

Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, in accordance with Article 33 UK GDPR
  • Notify you without undue delay where the risk to your rights is high
  • Maintain a record of all personal data breaches in accordance with applicable law

10. Retention of Personal Information

We retain your personal information only for as long as necessary to fulfil the purposes set out in this Privacy Policy, unless a longer retention period is required by applicable law (including tax, accounting, and consumer protection obligations).

Typical retention periods:

Type of information Retention period
Order and transaction records 7 years (UK tax and accounting compliance)
Customer support communications 3 years from last contact
Marketing data Until you unsubscribe, plus a short retention period
Account information While your account is active, plus 2 years
Cookies and tracking See Section 12

When personal information is no longer required, we securely delete or anonymise it.

11. Automated Decision-Making and Profiling

In accordance with Article 22 UK GDPR / EU GDPR, we inform you that:

  • We may use automated analysis to detect fraudulent transactions and personalise product recommendations
  • No legal or similarly significant decisions are made about you based solely on automated processing without human intervention
  • If an automated decision affects you, you have the right to be informed and to request human review

To exercise this right, contact contact@nervilla.com.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Operate and secure our Services
  • Remember your preferences and cart contents
  • Analyse how our Services are used
  • Deliver relevant advertising (with your consent)

In accordance with the UK Privacy and Electronic Communications Regulations (PECR), the EU ePrivacy Directive, and similar laws in other jurisdictions, we will request your consent before placing non-essential cookies on your device.

You can manage your cookie preferences through:

  • The cookie banner displayed on your first visit
  • Your browser settings (most browsers allow you to refuse, accept, or delete cookies)
  • The opt-out tools provided by individual advertising networks

For full details, see our Cookie Policy on the website.

13. Third-Party Links

Our Services may contain links to third-party websites or platforms. We are not responsible for the privacy practices or content of those websites.

We recommend reviewing the privacy policies of any third-party site you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you by email or prominent notice on our website where required by law

Your continued use of our Services following any update constitutes your acceptance of the revised policy.

15. Contact Us and Complaints

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or wish to make a complaint about how we have handled your personal information, please contact us:

Email: contact@nervilla.com Response Time: Within 1 business day Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

For the purposes of applicable data protection legislation, Nervilla is the data controller of your personal information.

If you are not satisfied with our response, you may escalate your concern to the supervisory authority in your country:

  • United Kingdom: Information Commissioner's Office (ICO) — www.ico.org.uk
  • European Economic Area: your national data protection authority (find yours at edpb.europa.eu)
  • United States (California): California Privacy Protection Agency — www.cppa.ca.gov
  • Canada: Office of the Privacy Commissioner of Canada — www.priv.gc.ca
  • Australia: Office of the Australian Information Commissioner — www.oaic.gov.au
  • Other countries: your national data protection or privacy authority

This Privacy Policy was last updated in May 2026 and applies to all customers accessing our Services from the date of publication.