Home Privacy Terms About Us
Privacy & Data Protection
Your trust is the foundation of our atelier — we safeguard your personal data with the same care we apply to every handcrafted object.
Last revised: June 12, 2026 · Version 3.1

1. Who We Are & Our Commitment

Nalcomania ("we", "us", "our", "the Atelier") is a slow-living homeware brand founded on principles of transparency, craft, and respect for nature. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our website, make a purchase, subscribe to our journal, or interact with our studio.

We are committed to complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy frameworks. By using Nalcomania's services, you entrust us with your data — we honor that trust with minimal collection, maximal protection, and never selling your information.

Our promise: We only collect data that helps us serve you better — from order fulfillment to artisan stories. No hidden tracking, no unethical sharing.

2. What Information We Collect

To provide you with a seamless experience — from browsing handcrafted vessels to receiving your package — we collect the following categories of data:

Identity Data

Name, billing/shipping address, email, phone number, and account credentials.

Transaction Data

Order history, payment method details (securely processed via PCI-compliant gateways), delivery preferences.

Usage & Device Data

IP address, browser type, pages visited, referral source, and interactions with our platform (via anonymized analytics).

Marketing Preferences

Newsletter subscriptions, survey responses, and product interest signals.

We never intentionally collect sensitive data (e.g., health, political beliefs, biometrics). If you share such information voluntarily in customer service inquiries, it will be treated with strict confidentiality.

3. How We Collect Your Information

  • Direct interactions: When you create an account, place an order, sign up for newsletters, request a repair, or contact our studio.
  • Automated technologies: Cookies and similar trackers help us remember cart contents, analyze site traffic, and improve navigation. You can manage cookie preferences via browser settings.
  • Third-party sources: Payment processors (Stripe, PayPal) share transaction confirmation but never full card numbers with us. Social media widgets (Instagram, Pinterest) may collect data according to their own policies.
Cookie Notice: We use only essential and functional cookies (e.g., cart, authentication). Optional analytics cookies (Plausible, privacy-first) are anonymized. No tracking across third-party sites.

4. Why We Process Your Data

Under GDPR and similar laws, Nalcomania relies on the following lawful bases for data processing:

  • Contract performance: To fulfill orders, process payments, arrange shipping, and manage returns/exchanges.
  • Legitimate interests: To improve our website, prevent fraud, send service emails (e.g., order confirmations), and personalize recommendations without selling your data.
  • Consent: For marketing communications (you can unsubscribe anytime), optional surveys, or location-based services.
  • Legal compliance: To comply with tax, accounting, or consumer protection laws.

We do not engage in automated decision-making or profiling that has legal or significant effects on you.

5. When We Share Your Information

Nalcomania never sells your personal data. However, we work with trusted partners to operate our atelier:

  • Shipping carriers: DHL, UPS, PostNord (to deliver your order).
  • Payment processors: Stripe, Klarna, PayPal (they handle payment data directly — we only receive confirmation).
  • IT & analytics providers: Secure cloud hosting, email delivery services (e.g., ConvertKit), and privacy-focused analytics (Plausible).
  • Legal obligations: If required by law, court order, or to protect our rights or the safety of our community.

All third-party partners are bound by data processing agreements and only access information necessary for their services.

6. International Data Transfers

Nalcomania operates from Sweden (EU) and serves customers worldwide. If you are located outside the European Economic Area (EEA), your data may be transferred to and processed in countries with different data protection laws. We ensure adequate safeguards (e.g., Standard Contractual Clauses, EU-US Data Privacy Framework compliance) to protect your information.

7. How Long We Keep Your Data

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy:

  • Account & order data: 7 years (to comply with tax and warranty obligations).
  • Marketing data: Until you unsubscribe or request deletion.
  • Analytics & session data: 12 months (anonymized after 30 days).

After retention periods expire, we securely delete or anonymize your data.

8. Your Privacy Rights

Depending on your location (EEA, UK, California, Brazil, etc.), you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate or incomplete information.
  • Erasure ("Right to be forgotten"): Request deletion of your data, subject to legal retention obligations.
  • Restriction & Objection: Limit how we process your data or object to direct marketing.
  • Data portability: Receive your data in a structured, machine-readable format.
  • Withdraw consent: For marketing communications, via unsubscribe link or email request.
Exercise your rights: Contact our Data Protection Officer at privacy@lumora-studio.com. We respond within 30 days — never any fee for legitimate requests.

9. Children's Data

Nalcomania does not knowingly collect personal information from individuals under the age of 16. If you believe a child has provided us with data, please contact us immediately so we can delete it.

10. How We Protect Your Data

We implement industry-standard security measures including SSL encryption, role-based access controls, regular vulnerability scans, and secure data centers (ISO 27001 certified). Payment information is tokenized and never stored on our servers. While no system is 100% impenetrable, we continuously update our safeguards.

11. External Links & Social Features

Our website may contain links to independent artisans' portfolios, payment gateways, or social media platforms. This Privacy Policy does not apply to those third-party sites. We encourage you to review their privacy notices before interacting.

12. Updates to Our Privacy Practices

We may revise this Privacy Policy occasionally to reflect legal changes, new features, or operational improvements. The "Last revised" date at the top indicates the latest version. Material changes will be notified via email (if you have an account) or via a banner on our website.

13. Contact Us & Complaints

For privacy inquiries, data requests, or concerns, please reach out to our dedicated Privacy Team:

privacy@lumora-studio.com
Nalcomania Atelier — Data Protection Office, Hornstulls Strand 13, 117 39 Stockholm, Sweden
+46 (0)8 121 234 50

If you are unsatisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) or your local supervisory authority.

Transparency is not just compliance — it's our ethos. Thank you for being part of the Nalcomania community.
Return to Nalcomania Homepage