Privacy policy

PRIVACY POLICY

This Privacy Policy explains how Nolibu Ltd ("we", "us", "our"),
operating as Iberian Direct (iberiandirect.com), collects, uses,
and protects your personal information when you visit or make
purchases from our store.

This policy applies to all personal information we collect about
visitors, customers, and users of our Services. By using our
Services, you consent to the practices described in this policy.

We are committed to handling your personal information in
accordance with the EU General Data Protection Regulation (GDPR),
the UK Data Protection Act 2018, and the California Consumer
Privacy Act (CCPA), where applicable.

WHO WE ARE (DATA CONTROLLER)

The data controller for personal information processed through
our Services is:

  Nolibu Ltd
  Companies House registration: 16033166
  Registered office: F04 1st Floor Knightrider House,
                     Knightrider Street, Maidstone,
                     ME15 6LU, United Kingdom
  Email: info@iberiandirect.com

INFORMATION WE COLLECT

We collect the following types of personal information:

1. Information you provide directly:
   - Name (billing and shipping)
   - Email address
   - Shipping and billing address
   - Phone number (optional)
   - Payment information (processed securely by payment
     providers; we do not store full card details)
   - Account credentials, if you create an account
   - Order history and product preferences
   - Communications with customer service

2. Information collected automatically:
   - Device information (IP address, browser type, operating
     system)
   - Browsing behavior on our site (pages viewed, items added
     to cart, time spent, referring URL)
   - Cookies and similar tracking technologies (see Cookies
     section below)

3. Information from third parties:
   - Payment confirmation from payment providers (PayPal,
     Stripe, Shopify Payments)
   - Shipping status from carriers
   - Authentication data if you sign in through a third-party
     service (such as Shop, Google, or Facebook)

HOW WE USE YOUR INFORMATION

We process personal information for the following purposes:

  - To fulfill your orders (processing, shipping, customs
    declarations, delivery)
  - To communicate with you about your orders (confirmation,
    shipping updates, customer service)
  - To process payments and prevent fraud
  - To maintain your account and order history
  - To improve our Services (analytics, site optimization)
  - To send marketing emails about new products, offers, and
    content — only if you opt in (you can unsubscribe at any
    time)
  - To comply with legal obligations (tax reporting, customs,
    fraud prevention, court orders)
  - To enforce our Terms of Service and protect our rights

LEGAL BASIS FOR PROCESSING (GDPR)

We rely on the following legal bases:
  - Contract: to fulfill our agreement with you (processing
    orders, providing customer service)
  - Legal obligation: to comply with tax, customs, and other
    laws
  - Legitimate interest: to operate, secure, and improve our
    Services
  - Consent: for marketing communications and non-essential
    cookies (you can withdraw consent at any time)

SHARING YOUR INFORMATION

We share personal information with the following third parties:

  - Shopify: our e-commerce platform provider. Shopify processes
    payments, hosts our website, and provides customer data
    services. Their privacy policy is at https://www.shopify.com/legal/privacy
  - Payment providers: PayPal, Stripe, Shopify Payments, or
    similar to process transactions securely
  - Shipping carriers: Correos, MRW, GLS, DHL, and local
    delivery services to deliver your orders
  - Customs and tax authorities: where required by law for
    international shipments
  - Email service providers: to send order confirmations,
    shipping updates, and (with your consent) marketing emails
  - Analytics providers: such as Google Analytics, in
    anonymized form
  - Legal and regulatory authorities: where required by
    applicable law, court order, or to protect our rights

We do NOT sell your personal information to third parties for
their independent marketing purposes.

INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in
countries outside the European Economic Area (EEA) or the
United Kingdom, including the United States. When we transfer
data internationally, we use appropriate safeguards, such as
Standard Contractual Clauses approved by the European
Commission, to ensure your data is protected.

COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to:
  - Maintain your shopping cart and session
  - Remember your preferences (language, currency)
  - Analyze site usage and performance
  - Deliver personalized content and (with your consent)
    advertising

You can control cookies through your browser settings.
Disabling cookies may affect site functionality (especially
the shopping cart).

For visitors in the EU, UK, and California, we display a
cookie consent banner allowing you to accept or reject
non-essential cookies.

DATA RETENTION

We retain personal information only as long as necessary to
fulfill the purposes described in this policy and to comply
with legal, accounting, or reporting requirements:

  - Order and customer data: 7 years (for tax and accounting
    purposes, as required by UK and EU law)
  - Account data: until you delete your account, plus 30 days
  - Marketing data: until you unsubscribe, plus 30 days
  - Web analytics: typically 14 months, in aggregated form

YOUR RIGHTS

Depending on your country of residence, you have the following
rights regarding your personal information:

  - Access: to know what data we hold about you and receive a
    copy
  - Rectification: to correct inaccurate or incomplete data
  - Erasure ("right to be forgotten"): to delete your data,
    subject to legal retention requirements
  - Restriction: to limit how we process your data
  - Portability: to receive your data in a structured,
    machine-readable format
  - Objection: to object to processing based on legitimate
    interests or for marketing
  - Withdraw consent: at any time, for processing based on
    consent
  - Lodge a complaint: with your local data protection
    authority

To exercise any of these rights, email us at
info@iberiandirect.com. We will respond within 30 days.

DO NOT TRACK SIGNALS

Our site does not currently respond to "Do Not Track" signals
from browsers, as no universal standard exists.

CHILDREN'S PRIVACY

Our Services are not directed to children under 16. We do not
knowingly collect personal information from children. If you
become aware that a child has provided us with personal
information without parental consent, contact us at
info@iberiandirect.com and we will delete it.

DATA SECURITY

We implement appropriate technical and organizational measures
to protect your personal information against unauthorized
access, alteration, disclosure, or destruction. However, no
internet transmission or electronic storage is 100% secure.
We cannot guarantee absolute security but commit to notifying
affected users promptly in the event of a data breach.

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Material
changes will be communicated by email (where we have your
email) and by posting a notice on our website. Continued use
of our Services after changes constitutes acceptance of the
revised policy.

CONTACT US

For questions about this Privacy Policy or to exercise your
rights, contact us at:

  Email: info@iberiandirect.com
  Mail: Nolibu Ltd
        F04 1st Floor Knightrider House
        Knightrider Street
        Maidstone, ME15 6LU
        United Kingdom

For data protection complaints in the UK, you can contact:
  Information Commissioner's Office (ICO)
  https://ico.org.uk

For complaints in the EU, contact your national data
protection authority.

Last updated: May 2026