Privacy policy
Privacy Policy
Last updated: 13 May 2026
This Privacy Policy explains how Norwella ("we", "us", "our") collects, uses, and protects your personal information when you visit norwella.com (the "Site"), make a purchase, or interact with our services.
We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). If you have any questions, contact us at support@norwella.com.
1. Who we are
Data controller: ABN GLOBAL SALES LLC, trading as Norwella (EIN: 32-0827383)
Registered address: 6407 Magnolia St, Milton, FL 32570, United States
Contact for privacy matters: support@norwella.com
UK GDPR Article 27 representative: As a US-incorporated company offering goods to UK residents, we are in the process of appointing a UK representative under Article 27 of the UK GDPR. Until appointed, you may exercise your data rights directly with us at support@norwella.com — we respond within one calendar month as required by law.
2. What information we collect
We collect the following categories of personal information:
Identity and contact information
- Full name
- Email address
- Postal address (billing and shipping)
- Telephone number (if provided)
Order and transaction information
- Items purchased and order history
- Payment method (we do not store full card details — these are handled directly by our payment processor)
- Billing and shipping addresses
- Order value and currency
Membership information (if applicable)
- Subscription status (active, paused, cancelled)
- Trial start and end dates
- Member benefits used (credit balance, restricted-content access, drop-access logs)
Technical information
- IP address
- Browser type and version
- Device type, operating system, and screen size
- Pages visited, time spent, and referring URL
- Cookies and similar technologies (see Section 7)
Communications
- Email correspondence and support tickets
- Survey responses or product feedback
- Marketing preferences
3. How we use your information (lawful basis)
We process your personal information for the following purposes, with the lawful basis indicated under UK GDPR Article 6:
| Purpose | Lawful basis |
|---|---|
| Process your order and deliver products | Performance of contract (Art. 6(1)(b)) |
| Manage your account, membership, and subscription billing | Performance of contract (Art. 6(1)(b)) |
| Provide customer support and respond to enquiries | Performance of contract / legitimate interest (Art. 6(1)(b)/(f)) |
| Send transactional emails (order confirmations, shipping updates, renewal reminders) | Performance of contract (Art. 6(1)(b)) |
| Send marketing emails (newsletters, product updates, promotions) | Consent (Art. 6(1)(a)) — you can withdraw at any time |
| Prevent fraud and protect our service | Legitimate interest (Art. 6(1)(f)) |
| Comply with legal and regulatory obligations | Legal obligation (Art. 6(1)(c)) |
| Improve our site, products, and service | Legitimate interest (Art. 6(1)(f)) |
4. Who we share your information with
We share your data only with the third parties listed below, each of whom processes data on our behalf under a Data Processing Agreement:
| Recipient | Purpose | Country |
|---|---|---|
| Shopify Inc. | E-commerce platform hosting and order management | Canada / Ireland |
| Conjured | Membership management and subscription billing | USA |
| Klaviyo | Email marketing and transactional emails | USA / Ireland |
| Shopify Payments / Stripe | Payment processing | USA / Ireland |
| Royal Mail / Evri | Order fulfillment and delivery | UK |
| Tidio / Gorgias (chosen support tool) | Customer support inbox | EU / USA |
| CookieYes / Cookiebot | Cookie consent management | EU |
| Google Analytics (anonymised) | Site analytics | USA |
| Meta / TikTok pixels | Advertising attribution (if you consent) | USA / Ireland |
We do not sell your personal information to third parties. We do not share data for the purposes of third-party advertising beyond the standard pixel attribution above.
5. International transfers
Some of our service providers are based outside the United Kingdom. When we transfer your data internationally, we rely on one of the following safeguards:
- UK-EU adequacy decision for transfers to the European Economic Area
- UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) for transfers to other countries
- UK-US Data Privacy Framework for transfers to participating US providers, where applicable
You may request a copy of the safeguards in place by emailing support@norwella.com.
6. How long we keep your data
We keep your data only for as long as necessary:
- Order records: 7 years (HMRC requirement for tax records)
- Account and membership data: for the duration of your account, plus 3 years after closure
- Marketing preferences: until you withdraw consent or 3 years of inactivity, whichever is earlier
- Customer support records: 3 years from the date of the last interaction
- Technical/cookie data: as set out in our cookie banner (most session cookies expire on browser close; some persistent cookies last up to 13 months)
After these periods we either delete your data securely or anonymise it for analytics purposes.
7. Cookies and similar technologies
We use cookies for the following purposes:
| Type | Purpose | Consent needed |
|---|---|---|
| Strictly necessary | Cart, checkout, login | No (legitimate interest) |
| Functional | Save preferences, language | Yes |
| Analytics | Understand how visitors use the Site (anonymised where possible) | Yes |
| Marketing | Show you relevant ads on Meta, TikTok, Google | Yes |
You can manage your cookie preferences at any time via the cookie banner that appears on first visit, or via the "Cookie settings" link in the footer. You can also clear cookies via your browser settings.
We honour Global Privacy Control (GPC) signals where your browser sends them.
8. Your rights under UK GDPR
You have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — correct inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — request deletion in certain circumstances
- Right to restrict processing — limit how we use your data
- Right to data portability — receive your data in a portable, machine-readable format
- Right to object — to processing based on legitimate interest or direct marketing
- Right to withdraw consent — for processing based on consent (e.g., marketing emails)
- Right not to be subject to automated decision-making — we do not currently use automated decision-making that produces legal effects on you
To exercise any of these rights, email support@norwella.com. We will respond within one calendar month.
Right to complain: if you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
9. Children's data
Our Site and products are not directed at children under the age of 18. We do not knowingly collect data from anyone under 18. If you believe we have collected data from a child, please contact us at support@norwella.com and we will delete it.
10. Security
We take appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our hosting, payment, and email partners use industry-standard encryption (TLS in transit, AES at rest where applicable).
No method of transmission over the internet is 100% secure. If a data breach occurs that is likely to result in a high risk to your rights, we will notify both the ICO and you within 72 hours of becoming aware of the breach, as required by UK GDPR.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by prominent notice on the Site at least 30 days before the changes take effect. The "Last updated" date at the top of this policy reflects the most recent revision.
12. Contact us
For any privacy-related questions, concerns, or requests:
Email: support@norwella.com
Postal address: ABN GLOBAL SALES LLC · 6407 Magnolia St, Milton, FL 32570, USA
Response time: within 1 calendar month for formal data subject requests; within 24 hours weekdays for general enquiries.