NIMBUS

GDPR

Privacy Policy

NIMBUS Skincare ApS (CVR DK-41 22 87 65, Copenhagen) is the data controller for personal data processed through this store. We collect the minimum necessary — nothing more.

What we collect and why

Order data (name, address, email) to fulfil your purchase — legal basis: contract performance. Payment data is processed directly by Stripe Payments Europe Ltd.; we never see or store card numbers. Newsletter email addresses are processed only with your explicit consent, which you may withdraw at any time via the unsubscribe link.

Retention & sharing

Order records are retained for 5 years as required by Danish bookkeeping law, then deleted. We share data only with processors essential to operations: Stripe (payments), our EU-based fulfilment and email providers — all under GDPR-compliant data processing agreements. We never sell personal data.

Cookies

We use strictly necessary cookies for cart functionality and, only with consent, privacy-focused analytics hosted in the EU. No advertising trackers, no cross-site profiling.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your data, and to object to processing. Contact privacy@nimbus.eu — we respond within 30 days. You may also lodge a complaint with Datatilsynet, the Danish Data Protection Authority.

Last updated: January 2025 · Questions? care@nimbus.eu