Skip to main content

DATA TRUST

Privacy Policy

We collect only the data needed to fulfill orders, personalize calm experiences, and keep the platform safe.

Last updated: 21 November 2025

Need to exercise a right?

Email our privacy desk

privacy@nurao.com

This policy explains what we collect, how long we keep it, who processes it, and the rights you hold. We follow GDPR principles even when local law is lighter.

Controller

NURAO sh.p.k., Pristina

DPO contact

privacy@nurao.com

Data residency

EU + Kosovo cloud zones

Response time

30 days or faster

DATA WE COLLECT

Information we collect

We only request the essentials needed to deliver goods, offer support, and improve the catalog.

Identity & contact

Name, shipping address, billing address, phone number, VAT number, and company details for B2B orders.

Transaction data

Order IDs, cart contents, payment confirmations, refund logs, and delivery tracking references.

Usage data

Device type, browser version, locale, and interaction logs captured via privacy-friendly analytics.

Support content

Messages you send to our support desk, including attachments or voice notes.

WHY WE PROCESS

How we use your data

Order fulfillment

Create quotes, process payments, arrange delivery, and provide invoices.

Personalized calm

Recommend replenishment schedules, local events, or B2B assortments relevant to your preferences.

  • You can opt out of personalized email content at any time.
  • We never sell personal data to third parties.

Security & fraud prevention

Monitor anomalies, protect accounts, and defend against abusive behavior. We use IP geolocation to verify your location for payment method availability (e.g., cash on delivery is only available in Kosovo).

Legal compliance

Maintain tax-ready records and respond to lawful requests from regulators.

LEGAL BASIS

Lawful grounds & retention

Contract

Processing necessary to fulfill a purchase or respond to a quote request.

Legitimate interest

Analytics that help us improve stability while respecting privacy.

Consent

Email marketing, cookie categories beyond essential, or studying beta features.

Retention

Order records are kept for 7 years to meet accounting duties. Support tickets are kept for 24 months unless law requires longer.

TRUSTED PARTNERS

How we share information

We only share data with vetted processors following written agreements.

Fulfillment & logistics

Couriers and warehouse partners receive addresses and contact details needed for delivery.

Payments

Stripe, our banking partners, and anti-fraud tools receive necessary payment metadata.

Cloud infrastructure

We host data in EU or Kosovo data centers with encryption at rest and in transit.

Legal requests

We only disclose data when legally compelled and after verifying the request’s validity.

YOUR RIGHTS

Control over your data

Access & portability

Request a copy of the personal data we hold. We deliver it in a portable format.

Rectification & deletion

Ask us to correct inaccuracies or delete data we no longer need.

Restriction & objection

Limit processing for specific purposes or object to uses based on legitimate interest.

Marketing opt-out

Every message includes a calm unsubscribe link. Preferences update instantly.

Submit any request to privacy@nurao.com. We respond within 30 days and may verify your identity before acting.

Need a DPIA or vendor fact sheet?

Our privacy desk can provide audit-ready documentation upon request.

Request dossier

If you believe your data has been handled improperly, you may lodge a complaint with the Kosovo Agency for Information & Privacy.