Privacy Policy

NAO COOPERATIVE is committed to protecting the privacy of our users and customers. This privacy policy explains how we collect, use, share, and protect personal information in accordance with the General Data Protection Regulation (GDPR).

Data Collection

We collect personal data when you visit our website, use our services, or interact with us. This may include:

• Preferences and user feedback — We collect feedback from surveys or product reviews that you provide to help us improve our products and services.
• Usage data and cookies — We use cookies (localStorage) to store your encrypted vault.

Purpose of Processing

Your data is processed for the following purposes:

• To provide and improve our services — We use your data to manage your account, process orders, and enhance our website features. If you sign up for an account, we use your data to personalize your shopping experience and ensure faster checkout.
• For marketing purposes, with your consent — We may send you promotional emails about new products or discounts if you have opted in to receive marketing communications. You can withdraw your consent at any time.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Your consent — If you subscribe to our newsletter, we process your email address based on your consent. You can withdraw consent at any time by unsubscribing.
• Our legitimate business interests — We may process your data to analyze customer behavior and improve our product offerings or website performance. This helps us provide you with better services and tailor our marketing efforts.

Data Transfer Outside the EU

In some cases, we may need to transfer your personal data to countries outside the European Union (EU) or the European Economic Area (EEA). These transfers may occur when our service providers or partners are located in countries outside of the EU/EEA or when we need to store or process data in global data centers.

We ensure that any such transfer of your personal data is carried out in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). To safeguard your data during these transfers, we rely on standard contractual clauses or other appropriate safeguards, ensuring that your data is protected in accordance with GDPR standards.

Use of Cookies and Other Trackers

Our website uses cookies and similar tracking technologies to improve your browsing experience, understand how you use our site. You can manage your cookie preferences through your browser settings.

Data Subject Rights

Under GDPR, you have the right to:

• Access your personal data — You can request a copy of all the personal information we hold about you, such as your account details and preferences.
• Rectify incorrect data — If you notice an error in your personal details (like a misspelled name or incorrect address), you can request that we correct it.
• Erase your data in certain circumstances — You can request the deletion of your account data if you no longer wish to use our services or if your data is no longer necessary for the purposes it was collected.
• Restrict or object to processing — If you believe your data is being processed unlawfully or if you no longer wish to receive marketing emails, you can request that we restrict or stop processing your personal data.
• Data portability — You can request a copy of your data in a machine-readable format, which can be transferred to another service provider.

Data Security

We take appropriate measures to ensure data security, protect against unauthorized access, and comply with GDPR.

• Technical Measures — We use encryption for payment transactions and secure your personal account data with multi-factor authentication.
• Organizational Measures — Our employees and contractors are trained on GDPR requirements, and access to your personal data is restricted to those who need it to perform their roles.

Data Retention

Personal data is retained as long as necessary for the purposes stated, unless a longer retention period is required or permitted by law.

Changes to this Policy

We may update this policy. We will notify you of significant changes and update the "last updated" date at the top of the policy.