Legal

Privacy Policy

Last updated: May 2026

1. Who We Are

NORDCTRL is a Nordic streetwear brand based in Aabenraa, Denmark. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or purchase our products.

Data controller: NORDCTRL, Jørgensgård 30, 6200 Aabenraa, Denmark

For data protection enquiries, contact us at: privacy@nordctrl.co

2. Data We Collect

We collect the following categories of personal data:

• Identity data: name, username, or similar identifier
• Contact data: email address, phone number, billing and shipping address
• Transaction data: order details, payment records
• Technical data: IP address, browser type, device, operating system, pages visited
• Usage data: how you interact with our website
• Marketing preferences: your choices regarding receiving communications from us
• Country/region preference: stored locally in your browser to personalise language and currency

3. How We Use Your Data

We use your personal data only for legitimate business purposes, including:

• Processing and delivering your orders
• Communicating about your orders and providing customer support
• Sending marketing communications (only with your explicit consent)
• Improving our website and services through analytics
• Complying with legal obligations

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:

• Contract performance: to fulfil orders and process payments
• Legitimate interests: for website analytics and fraud prevention
• Consent: for marketing emails and non-essential cookies
• Legal obligation: for tax and accounting records

5. Cookies

We use cookies and similar technologies to improve your experience. Essential cookies (required for the site to function) are placed automatically. Analytics and marketing cookies require your consent.

Your country/language preference is stored in your browser's localStorage — this is not transmitted to our servers.

You can withdraw cookie consent at any time by clearing your browser's local storage or contacting us.

6. Data Sharing

We do not sell your personal data. We share data only with trusted third-party service providers necessary to operate our business, including:

• Payment processors (encrypted, PCI-DSS compliant)
• Shipping and logistics partners
• Email service providers
• Website analytics providers

All third parties are contractually bound to protect your data and use it only for the purposes we specify.

7. International Transfers

If we transfer your data outside the European Economic Area (EEA), we ensure adequate protections are in place, including Standard Contractual Clauses where required.

8. Data Retention

We retain your personal data only as long as necessary for the purposes it was collected, or as required by law. Order and transaction data is typically retained for 7 years for accounting purposes. Marketing data is retained until you unsubscribe.

9. Your Rights

Under GDPR, you have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests or for direct marketing
• Withdraw consent — at any time, where processing is consent-based

To exercise any right, email privacy@nordctrl.co. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Denmark, this is Datatilsynet — datatilsynet.dk.

10. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. All payment data is handled via PCI-DSS certified processors — we never store raw card details.

11. Children

Our website and products are intended for users aged 16 and over. We do not knowingly collect data from children under 16. If you believe a minor has provided us data, contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our website after changes constitutes acceptance of the revised policy.

13. Contact

For any privacy-related questions:
Email: privacy@nordctrl.co
Address: NORDCTRL, Jørgensgård 30, 6200 Aabenraa, Denmark