Privacy Policy

Noa Wellness
KVK: 91517060
BTW: NL004896756B55
Address: Keizersgracht 634G, 1017ER, Amsterdam, Netherlands
Email: hello@noa.earth

This Privacy Policy explains how Noa Wellness (“Company”, “we”, “us”) collects, uses, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch law.

1. Data Controller

Noa Wellness is the data controller responsible for processing personal data collected through noa.earth.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Name
  • Email address
  • Shipping and billing address
  • Order details
  • Payment-related information (processed by payment provider)
  • Contact form submissions
  • Waitlist submissions

The NOA mobile application stores user data locally on the user’s device and does not transmit personal data to the Company.

3. Legal Bases for Processing

We process personal data based on:

  • Performance of a contract (Article 6(1)(b) GDPR)
  • Compliance with legal obligations (Article 6(1)(c) GDPR)
  • Consent, where applicable (Article 6(1)(a) GDPR)
  • Legitimate interests (Article 6(1)(f) GDPR)

4. Purpose of Processing

  • Processing and fulfilling orders
  • Providing customer support
  • Complying with tax and accounting obligations
  • Managing waitlist communications (with consent)

5. Payment Processing

Payments are processed via CardGate. Payment data is processed directly by CardGate in accordance with their privacy policy. We do not store full payment details.

6. Hosting

Our website is hosted by Kinsta, with servers located in the Netherlands. Hosting providers may process technical data necessary for website functionality.

7. Email & Waitlist Provider

Waitlist submissions are processed through Kit (ConvertKit). Data may be stored on servers outside the EU under appropriate safeguards such as Standard Contractual Clauses.

8. Data Retention

  • Order data: retained for 7 years in accordance with Dutch tax law
  • Waitlist/marketing data: until withdrawal of consent
  • Contact requests: retained for up to 12 months

9. Data Sharing

We only share personal data with third-party service providers necessary for fulfilling orders, including payment processors and hosting providers. We do not sell personal data.

10. International Transfers

If personal data is transferred outside the European Economic Area (EEA), appropriate safeguards such as Standard Contractual Clauses are applied.

11. Your Rights

Under GDPR, you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Request deletion
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time

You may exercise these rights by contacting hello@noa.earth.

12. Supervisory Authority

If you believe your data is processed unlawfully, you may file a complaint with the Dutch supervisory authority: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

13. Security Measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.

14. Cookies

This website currently uses only essential cookies necessary for website functionality. No analytics or marketing cookies are used without prior consent.

15. Amendments

We reserve the right to update this Privacy Policy. The version in force at the time of data collection applies.