Privacy Policy
Minimum Age
This website and its contents are intended exclusively for users aged 18 and over.
By using our website, please confirm that you are at least 18 years old.
We do not intentionally collect data from minors. If you suspect that minors have provided personal data, please contact us using the contact details provided below so that we can proceed with its immediate deletion.
1. What Data We Collect
When you use our NUA website, which runs on the Shopify platform, we collect the following personal data:
• Identification and contact information: name, email, phone number, shipping address, CPF (for issuing invoices)
• Payment: Payment details (collected using secure platforms such as Stripe or PayPal)
• Order history: products purchased, preferences, purchase frequency
• Order content: certain products may reveal intimate information or confidential data, which is handled based on consent and with protected confidentiality measures.
• Technical data: IP address, device type, browser, approximate location and cookies (Cookie Policy)
This data is stored on Shopify, which complies with GDPR obligations and implements specific security measures.
2. Purposes of Treatment
The personal data collected is used for the following purposes, in accordance with the GDPR:
a) Contract execution (Article 6, paragraph 1, subparagraph b)
• Process and ship orders
• Issue invoices and receipts
• Inform the customer about the order status.
• Provide customer support
b) Compliance with legal obligations (Art. 6, No. 1, letter c)
• Meet tax and accounting criteria (e.g., retaining invoices for 10 years)
• To cooperate with legal, judicial, or regulatory authorities when requested.
c) Consent of the data subject (Art. 6, paragraph 1, point a)
• Sending newsletters, promotional offers, and personalized content (only if the customer has given prior and explicit consent)
• Use of analytical or marketing cookies (Cookie Policy)
d) Legitimate interest of NUA.pt (Art. 6, no. 1, al. f)
• To improve the functionality, user experience, and security of the website.
• To prevent abuse, fraud, or misuse of the platform.
• Analyze general preferences to improve products and services.
At any time, the customer may withdraw their consent or object to processing based on legitimate interest, in accordance with point 8 of this Policy.
3. Sensitive Data
Some of the products sold by NUA may reveal information about customers' sex lives or intimate preferences. This data is considered "special categories of personal data" under Article 9 of the GDPR.
NUA is committed to:
• Do not use this information for personalized marketing purposes.
• Do not share this information with third parties, except when necessary for order processing (e.g., shipping company), and even then without revealing the exact content.
• Do not create automated profiles or make automated decisions based on this data.
• Ensure that processing is based on explicit consent, when required, or other legal grounds set out in the GDPR.
All orders are processed with discreet packaging and without explicit reference to the contents.
4. Sharing with Third Parties
NUA only shares necessary personal data with third parties, always in compliance with the GDPR and for legal purposes related to the execution of services contracted by the client.
Personal data may be shared with:
• Shopify Inc. – online store hosting and management platform
• Shipping companies (e.g., NACEX, SEUR, CORREOS EXPRESS) – for parcel delivery
• Payment platforms (e.g., Stripe, PayPal) – for secure payments.
• Email marketing services (e.g., Shopify Email, Klaviyo) – only with consent to send communications.
• Tax, judicial or regulatory authorities – when required by law
All subcontracted third parties operate in compliance with the GDPR and are subject to data processing agreements that guarantee security and confidentiality.
NUA guarantees that the data shared with third parties is always the minimum necessary for the specific purpose and is never used for commercial or promotional purposes without the client's authorization.
5. International Data Transfer
NUA uses services and platforms that may store or process personal data outside the European Economic Area (EEA), specifically in countries such as the United States and Canada. Examples include:
• Shopify Inc. – hosting the online store (servers in Canada and the USA)
• Google LLC – analytics and email services (USA)
• Stripe Inc. and PayPal Holdings Inc. – payment processing (USA)
Whenever this data is transferred outside the EEA, we ensure that appropriate safeguards are in place, in accordance with Article 46 of the GDPR, namely through:
• Standard Contractual Clauses approved by the European Commission
• Privacy policies and security practices recognized internationally
NUA guarantees that, even when transferred, customer data remains protected with a level of security equivalent to that required in the European Union.
6. Data Preservation
NUA retains personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with the principle of retention limitations set out in Art. 5(1)(e) of the GDPR.
The retention periods are as follows:
• Billing data: kept for 10 years, in accordance with Portuguese tax law (legal basis: legal obligations)
• Customer account data: kept while the account is active. After inactivity, it will be kept for up to 5 years (legal basis: legitimate interest).
• Marketing data: kept until the customer withdraws consent or requests deletion (legal basis: consent)
• Technical data (cookies, logs, IP): maintained as indicated in the Cookie Policy.
Once the applicable retention period has ended, the data will be securely deleted or anonymized.
They may be suspended for a longer period only in the event of litigation, suspected fraud, or a specific legal obligation.
Some data may remain temporarily stored in scientifically secure backups, with restricted access and strict controls.
7. Data Subject Rights
Under the General Data Protection Regulation (GDPR), as the data subject, the customer has the right to:
• Access the data that concerns you.
• Correct incorrect or outdated data
• Request the deletion of your data (“right to be forgotten”)
• Limit data processing under certain circumstances
• Object to the processing of your data when it is based on legitimate interest.
• Withdraw your subscription at any time, when it was the legal basis for the processing.
• Request data transfer to another service provider
• Submit your consent to the National Data Protection Commission (CNPD) via the website: www.cnpd.pt
These rights can be exercised at any time by sending an email to: info@nua.pt
NUA commits to responding to requests within a maximum of 30 days.
Exercising these rights is free of charge, except in manifestly unfounded or excessive cases, in which an administrative fee may be charged.
In certain cases, the exercise of some rights may be limited by legal obligations, particularly with regard to the retention of invoices and tax obligations.
8. Data Security
NUA adopts appropriate technical and organizational measures to protect customers' personal data against loss, unauthorized access, disclosure, alteration, or destruction, in accordance with Article 32 of the GDPR.
The measures adopted include:
• Encrypted SSL (Secure Socket Layer) connections throughout the website.
• Secure storage on the Shopify platform, with restricted access and robust security policies.
• Continuous monitoring and regular data backups
• Access control: only authorized individuals have access to personal data.
• Internal privacy policies and staff training on data protection.
Shopify, which hosts our website, meets international security standards, including PCI DSS certification for payment processing.
NUA applies the principle of privacy by design, ensuring that data protection is integrated into all processes from the start of operations.
9. Personal Data Breach
In the event of a personal data breach — such as unauthorized access, loss, destruction, improper alteration, or unauthorized disclosure of data — NUA undertakes to:
• Notify the National Data Protection Commission (CNPD) within a maximum of 72 hours whenever the violation may pose a risk to the rights and freedoms of data subjects, in accordance with Article 33 of the GDPR.
• Inform affected users whenever the risk is considered high (e.g., exposure of sensitive data), in accordance with Article 34 of the GDPR.
• Implement immediate corrective measures to minimize damage and prevent future incidents.
• Maintain detailed internal records of all incidents revealed or related to personal data.
NUA provides regularly tested incident response policies and procedures in compliance with applicable legal obligations.
10. Retention in Cases of Misuse or Litigation
In situations of suspected misuse of the site, fraud, disputes or requests made with third-party data without authorization, NUA reserves the right to temporarily retain certain personal data, based on the company's legitimate interest, in accordance with Art. 6(1)(f) of the GDPR.
This retention may include, among other things:
• Name and contact details provided
• Delivery and billing address
• Order content
• IP address and technical browsing data
• Order registration and payment method (without direct access to bank details)
The purpose of this retention is:
• To protect the legitimate interests of the company and the legitimate data subject.
• Investigate potential abuse, fraud, or unauthorized use of identity.
• Cooperate with legal, judicial, or tax authorities when requested.
The retained data will not be used for commercial or promotional purposes.
After the case is resolved, and in the absence of an official request from the authorities, the data will be securely deleted after the necessary restriction period, defined according to internal risk criteria and legal responsibility.
11. Changes to this Policy
NUA reserves the right to modify or update this Privacy Policy at any time due to legal, technical, or operational changes. All changes will be published on this page, indicating the update date and, where applicable, the effective date. Whenever significant changes affect your rights, you will be notified visibly, for example through a message on the website or by email (if you have a registered account).
We recommend that you consult this policy periodically to stay informed about how we protect your personal data.
12. Cookies
NUA uses cookies and similar technologies to ensure the proper functioning of the website, analyze traffic, and present personalized content.
The cookies used are classified as:
• Essential cookies: necessary for the basic functioning of the website (e.g., shopping cart, login)
• Analytical and performance cookies: these help us improve the user experience.
• Marketing cookies: used to display relevant ads
The user can manage or cancel their subscription at any time through the cookie bar visible when accessing the website.
No non-essential cookies will be activated without explicit registration.
13. Changes to this Policy
For any questions related to this Privacy Policy or the processing of your personal data, you can contact us through:
Email: info@nua.pt
Controller: NUA – Online Commerce
P.O. Box: [insert tax address or mention "available upon request"]
This contact is also intended for the exercise of the rights provided for in the GDPR, namely access, rectification, erasure, objection or portability of personal data.
14. Data Controller
NUA – Online Commerce
CPF: 213358697
P.O. Box: [your tax or company address]
Email: info@nua.pt
Last updated on January 1, 2026