Last updated:28/08/2025

At NÓNE, transparency isn’t just about what goes into our supplements — it also applies to your personal data. This Privacy Policy explains how we collect, use, store, and protect your information in full compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

This version applies to customers outside of Germany and the Netherlands. Local versions apply to those countries.

1. Who We Are

NÓNE is owned and operated by:
Pand Apparel B.V.
Hogelanden WZ 94bs
3552AD Utrecht
The Netherlands
Chamber of Commerce: 75089602
Email: care@nonesupplements.com

We are the “data controller” for all personal data collected via our website and related services.

2. What Personal Data We Collect

We only collect what’s necessary for a smooth experience and safe transaction. Depending on your interaction with us, we may process:

• Identification data: Name, email address, shipping and billing address
  
  
• Transaction data: Order history, payment method (never stored by us), timestamps
  
  
• Communication data: Emails, customer service chats or messages
  
  
• Technical data: IP address, browser type, device ID, pages visited, time on site
  
  
• Marketing data: Your preferences if you opted into email marketing
  
  
• Health-related data (optional): Only if voluntarily shared (e.g. in a support message)
  
  

We do not process any sensitive personal data unless you choose to share it (e.g. telling us you’re pregnant when asking for advice).

3. How We Collect Your Data

• When you place an order
  
  
• When you create an account or sign up for our newsletter
  
  
• When you contact our support team
  
  
• When you browse our website (via cookies and tracking tools)
  
  

4. Why We Use Your Data

We use your data to:

• Fulfill and ship your orders
  
  
• Communicate with you about your order or questions
  
  
• Send relevant product updates or marketing (only if you’ve opted in)
  
  
• Improve our website and user experience
  
  
• Detect fraud or misuse
  
  

Legal grounds for processing:
Under GDPR, we rely on:

• Contractual necessity (e.g. to deliver your order)
  
  
• Legal obligation (e.g. for tax records)
  
  
• Legitimate interest (e.g. analytics, improving performance)
  
  
• Consent (e.g. for email marketing or optional cookies)
  
  

5. How We Store & Protect Your Data

Your data is stored securely using GDPR-compliant platforms.
We use strong encryption (SSL/TLS), access controls, and limited retention windows.

Hosting & platforms we use include:

• Shopify (e-commerce platform, hosted in the EU and/or US)
  
  
• Klaviyo (email marketing, hosted in the US under standard contractual clauses)
  
  
• Google Analytics (anonymized tracking)
  
  

We enter into Data Processing Agreements with each provider to ensure your data stays protected.

6. Data Retention

We retain your data only as long as needed to fulfill our obligations or legal requirements:

• Order and payment data: 7 years (for tax and accounting)
  
  
• Support conversations: 1 year
  
  
• Marketing emails: until you unsubscribe
  
  
• Analytics/cookie data: see our [Cookie Policy]
  
  

Once no longer needed, data is securely deleted or anonymized.

7. Who We Share Your Data With

We only share your data when strictly necessary, and only with trusted partners:

• Payment providers (e.g. Stripe, PayPal)
  
  
• Shipping partners (e.g. postal and courier services)
  
  
• IT service providers (e.g. hosting, backup)
  
  
• Analytics & email providers (e.g. Google, Klaviyo)
  
  

All partners are GDPR-compliant, and data transfers outside the EU are covered by Standard Contractual Clauses or equivalent safeguards.

We never sell or rent your data to third parties. Ever.

8. Your Rights Under GDPR

You have the right to:

• Access the data we hold about you
  
  
• Correct inaccurate or incomplete data
  
  
• Delete your data (“right to be forgotten”)
  
  
• Restrict processing under certain conditions
  
  
• Object to processing (e.g. direct marketing)
  
  
• Port your data to another provider
  
  
• Withdraw consent at any time (without affecting past processing)
  
  

To exercise your rights, email care@nonesupplements.com.
We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands, that is the Autoriteit Persoonsgegevens.

9. Cookies & Tracking

We use cookies and similar tools to:

• Keep the site running smoothly
  
  
• Understand how people interact with our website
  
  
• Show you relevant ads and content (if you consent)
  
  

You can manage your cookie preferences anytime via our cookie banner or your browser settings. For full details, see our [Cookie Policy].

10. International Transfers

Because some of our service providers are based outside the EU, your data may be transferred internationally. Where this happens, we:

• Use providers certified under the EU–US Data Privacy Framework, or
  
  
• Sign Standard Contractual Clauses (SCCs) approved by the European Commission
  
  

This ensures your data is treated securely and in line with EU standards.

11. Children’s Privacy

Our site and products are not intended for anyone under 18 years old.
We do not knowingly collect data from children.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in law or how we operate. The latest version will always be available on our site. Major changes will be announced via email if you’re subscribed.

13. Questions?

Need help or have a concern?
Email us directly at care@nonesupplements.com

We're real humans. We’ll always try to respond within 48 hours.