Privacy policy

Last Updated: 01/06/2026

This Privacy Policy explains how Nerulia ("Nerulia," "we," "us," or "our") collects, uses, shares, and protects your personal information when you visit nerulia.com (the "Website"), make a purchase, or interact with our content.

For the purposes of UK data protection law (the UK GDPR and the Data Protection Act 2018), Nerulia is the data controller for the personal information described in this Policy. You can contact us about privacy at support@nerulia.com.

By using the Website or providing information to us, you agree to this Policy and to our Terms & Conditions.

1. Information We Collect

A. Information you give us directly:

Name
Email address
Delivery and billing address
Phone number (if provided)
Payment information (handled securely by our payment processor — we do not store full card numbers)
Account login details
Product and order preferences
Customer-support messages
Reviews and any content you submit

B. Information we collect automatically. When you use the Website, we collect certain information through cookies, pixels, and similar technologies, including:

Device information, IP address, browser type and language
Pages visited, time spent, scroll and click behaviour
Basket and checkout activity
Referring and exit URLs
Approximate (non-precise) location
Interactions with pop-ups, videos, and forms

C. Information from third parties. We may receive information from our payment processor, advertising partners (such as Meta, Google, and TikTok), and fraud-prevention providers, to verify transactions, improve your experience, and prevent abuse.

We do not collect personal information from visitors unless they provide it voluntarily.

2. How We Use Your Information & Our Lawful Bases

We use your information to:

Fulfil your order — take payment, ship Products, and provide customer service. Lawful basis: performance of our contract with you.
Operate and improve the Website — security, troubleshooting, personalisation, and analytics. Lawful basis: our legitimate interests in running and improving our business.
Send marketing — email or SMS about our products and offers. Lawful basis: your consent, or our legitimate interests where permitted. You can opt out at any time.
Prevent fraud and protect our business — verify identity, monitor suspicious activity, and defend against chargebacks. Lawful basis: our legitimate interests and legal obligations.
Meet legal and accounting obligations — tax, accounting, and recordkeeping. Lawful basis: compliance with a legal obligation.

We may use automated tools (including AI) to help with customer-service responses, analytics, recommendations, and fraud detection, with human oversight where required.

3. Cookies & Tracking

We use first- and third-party cookies and similar technologies for essential website functions, analytics (e.g., Google Analytics), advertising (e.g., Meta Pixel, TikTok Pixel), conversion tracking, and basket persistence. In line with UK PECR rules, we ask for your consent for non-essential cookies via our cookie banner, and you can change your preferences or disable cookies in your browser at any time — though some features may not work properly if you do.

We may also use session-replay and chat tools that record clicks and scrolls for troubleshooting, customer experience, and fraud prevention. These providers act as our processors and may only use the data on our behalf.

4. Advertising

We may share limited information (such as a hashed email or device identifier) with advertising platforms for retargeting, frequency capping, conversion tracking, and lookalike audiences. We do not sell your personal information. You can opt out of interest-based advertising through your Meta and Google ad settings and via the "unsubscribe" link in our emails.

5. Who We Share Your Information With

We may share your information with:

Service providers (processors) — our payment processor, delivery carriers, fulfilment partners, analytics vendors, and customer-service tools.
Marketing partners — advertising and email/SMS platforms.
Fraud-prevention providers.
Authorities — where required by law, to comply with a legal obligation, or to protect our rights or the safety of others.
In a business transfer — if we sell, merge, or reorganise, your information may form part of the transferred assets.

All processors are contractually required to use your data only for our purposes and to keep it secure. We do not rent or sell your information.

6. International Transfers

To run our business and fulfil your orders, some of your information may be processed or stored outside the UK by our service providers. Where it is, we put appropriate safeguards in place (such as the UK International Data Transfer Agreement or equivalent contractual protections) so your information continues to be protected to UK standards.

7. How Long We Keep Your Information

We keep your information for as long as your account is active or as needed to provide our services, and afterwards as necessary to fulfil orders, comply with legal, tax, and accounting obligations, prevent fraud, and resolve disputes. Payment data is tokenised and held by PCI-compliant processors.

8. Your Rights

Under UK data protection law, you have the right to:

Access the personal information we hold about you
Have inaccurate information corrected
Have your information erased in certain circumstances
Restrict or object to certain processing
Receive your information in a portable format
Withdraw consent at any time (where we rely on consent)

To exercise any of these, email support@nerulia.com. We may need to verify your identity first, and we'll respond within the timeframes required by law. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk, though we'd appreciate the chance to help first.

You can opt out of marketing at any time using the "unsubscribe" link in any marketing email or by replying STOP to marketing texts. You cannot opt out of transactional messages about your order or account.

9. Children

Our Website and Products are intended for adults. We do not knowingly collect personal information from children under 18. If you are under 18, please do not provide us with personal information. If you believe a child has given us information, contact support@nerulia.com and we will delete it.

10. Data Security

We take reasonable technical and organisational measures to protect your information, including SSL encryption, tokenised payments, access controls, and monitoring. No system is completely secure, and email is not always secure, so please take care over what you send us. By using our services, you acknowledge these inherent risks.

11. Third-Party Links

Our Website may link to third-party sites. We are not responsible for their privacy practices or content — please review their policies before sharing your information.

12. Changes to This Policy

This Policy is effective from the date at the top. We may update it from time to time, and changes will be posted on the Website. If we make material changes, we'll notify you by email before they take effect.