€100+ ships free — treat yourself, on us
NOVS.

Privacy Policy

Last updated: May 2025

1. Who we are

NOVS ("we", "us", "our") is a Belgian e-commerce brand selling surgical-grade steel jewelry. Our registered address is in Brussels, Belgium. We are the data controller for all personal data collected through novs.be.

Contact: hello@novs.be

2. Legal basis (GDPR)

We process your personal data on the following legal grounds under Regulation (EU) 2016/679 (GDPR):

  • Contract performanceto process and fulfil your orders.
  • Legal obligationto comply with Belgian and EU accounting, tax, and consumer-protection laws.
  • Legitimate interestto improve our services, prevent fraud, and send transactional communications.
  • Consentfor marketing emails and non-essential cookies (you may withdraw at any time).

3. What data we collect

  • Order data: name, email, shipping/billing address, phone number, order history.
  • Payment data: processed exclusively by our payment provider (Stripe); we never store full card numbers.
  • Account data: email address, hashed password (if you create an account).
  • Browsing data: IP address, browser type, pages visited, referral source — collected via cookies and analytics tools.
  • Communication data: messages you send us via email or contact form.

4. How we use your data

  • Processing and shipping your orders.
  • Sending order confirmations, shipping updates, and return communications.
  • Sending marketing emails (only with your consent; unsubscribe link in every email).
  • Improving our website and product offering through anonymised analytics.
  • Complying with Belgian and EU legal obligations (invoicing, tax records).
  • Detecting and preventing fraud or abuse.

5. Who we share data with

We do not sell your personal data. We share it only with:

  • Stripe (payment processing) — subject to Stripe's own Privacy Policy.
  • Shipping carriers (Bpost, DHL, etc.) — name and delivery address only.
  • Email service providers (e.g. Mailchimp / Klaviyo) — email address and order data for transactional and marketing communications.
  • Analytics providers (Vercel Analytics) — anonymised usage data.
  • Hosting infrastructure (Vercel) — all data is processed within the EU or under Standard Contractual Clauses.

6. International transfers

Some of our service providers may process data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place (Standard Contractual Clauses or an adequacy decision by the European Commission).

7. Retention

  • Order data10 years (Belgian accounting law).
  • Account datauntil you delete your account or request erasure.
  • Marketing consentuntil you withdraw consent.
  • Analytics data26 months maximum.

8. Your rights

Under GDPR you have the right to:

  • Access— request a copy of the data we hold about you.
  • Rectification— correct inaccurate data.
  • Erasure("right to be forgotten") — request deletion, subject to legal retention obligations.
  • Restriction— ask us to limit how we process your data.
  • Portability— receive your data in a structured, machine-readable format.
  • Objection— object to processing based on legitimate interest.
  • Withdraw consent— at any time where processing is consent-based.

To exercise any of these rights, email us at hello@novs.be. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

9. Cookies

We use cookies to operate the site and (with your consent) for analytics and marketing. See our Cookie Policy for full details.

10. Changes to this policy

We may update this policy. Material changes will be communicated by email or a notice on the website. Continued use of the site after changes constitutes acceptance.