Privacy policy

PRIVACY POLICY

This privacy statement describes how NEFRA LTD., operating under the brand Nefra (“we,” “our,” or “us”), is committed to protecting the security and privacy of all personal information collected from you. We conduct our business in compliance with applicable data privacy and data security laws. This privacy statement outlines what to expect when we collect and process your personal information.

1. Data Controller Information

The data controller responsible for handling your personal information is:

  • NEFRA LTD. (Company Number: 15032793)
  • Address: 128 City Road, London, EC1V 2NX
  • Contact Email: support@nefra.co

If you have any questions regarding our privacy practices, please reach out to us.

2. Information We Collect

We collect personal information in two main categories:

A. Customers and Prospective Customers

When you interact with us through our website, social media, or purchase our products, we may collect:

  • Identity Information: Name, contact details, shipping information
  • Transaction Details: Information on products/services you purchase
  • Financial Information: Billing address and payment method
  • Profile Information: Usernames, passwords, preferences, transaction history
  • Website Interaction Data: Traffic data, location data, and usage patterns

B. Suppliers and Professional Advisers

For those providing services or advice to us, we may collect:

  • Contact Information: Name, work address, phone number, job title
  • Transaction Details: Details about services provided
  • Financial Information: Payment details

3. How We Use Your Data

We process your data to:

  • Manage records of your use of our services
  • Communicate with you regarding transactions
  • Suggest products or services you may like
  • Facilitate payments and comply with legal obligations
  • Verify credit and identity (if applicable)

Legal Basis under GDPR:

  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate business interests

4. Sensitive Data

We do not collect sensitive data such as racial/ethnic origin, political opinions, religious beliefs, genetic or biometric data, health information, or sexual orientation. If needed, we will seek your explicit consent.

5. Retention of Personal Information

We retain personal data only as long as necessary or required by law. For example, accounting records must be retained for six years after the relevant financial year ends.

For specific inquiries about retention, contact support@nefra.co.

6. Sharing Your Information

We do not sell your personal information. However, we may share your data with:

  • Service Providers: IT, web hosting, marketing (including Shopify)
  • Third-Party Logistics Providers: DPD, DHL, Royal Mail for order fulfillment
  • Regulatory Authorities: When required by law
  • Professional Advisers: Legal, accounting, banking, insurance
  • Debt Collection Agencies: If necessary for unpaid balances
  • Business Transferees: In case of business sale or merger

All third parties must comply with GDPR and handle your data securely.

Microsoft Clarity & Microsoft Advertising

We partner with Microsoft Clarity and Microsoft Advertising to analyze website usage through:

  • Behavioral metrics
  • Heatmaps & session replay
  • First & third-party cookies and tracking technologies

This helps us improve our services, optimize the website, prevent fraud, and enhance advertising. Learn more by visiting the Microsoft Privacy Statement.

7. IP Addresses & Cookies

We collect device information automatically, including:

  • IP address, browser details, time zone
  • Website activity (pages viewed, referring sites, etc.)

Technologies Used:

  • Cookies: Data files stored on your device (Learn more)
  • Log Files: Tracks actions, IP addresses, and timestamps
  • Web Beacons, Tags, Pixels: Monitor browsing behavior

8. Marketing Communications

We may send product updates via:

  • Email, SMS, social media

You will receive marketing if:

  • You requested it
  • You previously purchased similar products
  • You consented to communications

Opt-Out: Click “unsubscribe” in emails or contact support@nefra.co.

9. Data Security

We use robust security measures to protect your data, including:

  • Encryption & secure data storage
  • Access control measures
  • Staff training in data protection

If a data breach occurs, we will notify affected individuals and relevant authorities.

10. Overseas Data Transfers

If we transfer data outside the European Economic Area (EEA), we ensure:

  • The country provides adequate protection (EU Commission-approved)
  • Binding contracts or EU-US Privacy Shield are in place
  • If no safeguards exist, we will seek explicit consent

11. Your GDPR Rights

Under GDPR, you have the right to:

  • Restrict processing of your data
  • Correct or update your data
  • Object to processing
  • Request erasure (right to be forgotten)
  • Request data portability
  • Withdraw consent at any time
  • Access your data

For more details, visit ICO Website or email support@nefra.co.

12. Accessing Your Personal Information

To request access to your data, contact us at support@nefra.co. We will provide:

  • A description of the data we hold
  • Why we hold it
  • Who has access to it
  • Retention period details

Response Time: 30 days (may extend for complex requests)

13. Complaints

If you have concerns about how we process your data, you can:

14. Changes to This Privacy Statement

We review our privacy policy regularly. Last Updated: 07-02-2025.

For any further questions, feel free to reach out to support@nefra.co.