Privacy policy

Effective Date: April 2026

At Niddy Noddy, we respect your privacy and are committed to protecting your personal data. This policy explains how we handle your information when you visit our store or make a purchase.

1. Data Controller

Niddy Noddy is the "Data Controller" for your information.

Business Name: BYTESLOCAL LDA (trading as Niddy Noddy)
NIF: 519099435
Address: Rua Sá da Bandeira 331, 3º Andar - A3, 4000-435 Porto, Portugal
Email: contact@niddynoddy.com

2. What Data We Collect & Why

We only collect the minimum data necessary to serve you (Data Minimization principle, Art. 5(1)(c) GDPR):

Order Information: Name, shipping address, email, and phone number. Used to fulfil your contract (Art. 6(1)(b) GDPR).
Payment Information: Processed securely by Mollie B.V., our PCI-DSS compliant EU payment provider. We do not store your credit card or banking details.
Marketing Data: If you subscribe to our newsletter, we process your email address based on your consent (Art. 6(1)(a) GDPR) to send updates about new arrivals and our makers. You can withdraw consent at any time via the "unsubscribe" link in any email.
Technical Data: IP address and cookies, used for site functionality and basic analytics (see Section 7).


3. Third-Party Sharing

To deliver your "Measured Craft" items, we share specific data with trusted partners.

Fulfilment Partners: We share your name and shipping address with our European artisan workshops (such as Terrafina Stoneware in Alcobaça and Casa dos Linhos in Porto) solely for the purpose of shipping your order. Legal basis: performance of a contract (Art. 6(1)(b) GDPR). Partners are required to use this data only for the purpose of fulfilling your order, in compliance with GDPR.
Payment Processor: Payment data is shared with Mollie B.V. (Keizersgracht 313, 1016 EE Amsterdam, Netherlands), an EU-based payment institution. Mollie operates under its own privacy policy, available at mollie.com/privacy.
E-commerce Platform: Our store runs on Shopify, which hosts and processes your data securely on our behalf.

4. Your Rights

Under the GDPR, you have the following rights, which you can exercise at any time by contacting us at contact@niddynoddy.com:

Right to Access: Request a copy of the data we hold about you.
Right to Rectification: Request correction of inaccurate data.
Right to Erasure ("Right to be Forgotten"): Request that we delete your personal data, subject to legal retention obligations.
Right to Data Portability: Request your data in a machine-readable format.
Right to Object: Object to certain processing activities.
Right to Withdraw Consent: Change your cookie or marketing preferences at any time.
Response Time: We will respond to any Data Subject Request within 30 days.

5. Right to Lodge a Complaint

You have the right to lodge a complaint with the Comissão Nacional de Proteção de Dados (CNPD), the Portuguese supervisory authority for data protection. Website: www.cnpd.pt

6. Data Retention

We do not keep your data forever.

Order Data: Kept for 7 years to comply with Portuguese tax and accounting laws.
Marketing Data: Kept until you unsubscribe.
Abandoned Carts: Data is deleted automatically after 60 days if no purchase is made.
Cookies: Retention varies by cookie type, as set out in our cookie banner.

7. Cookies

We use cookies for the following purposes:

Essential Cookies: Required for the website to function (cart, checkout, login). These do not require your consent.
Analytics Cookies: Help us understand how visitors use our site, only set if you accept the cookie banner.
Marketing Cookies: Used only with your explicit consent and may be set by partners listed in the cookie banner.

You can change your preferences at any time via the cookie settings on our site.

8. International Transfers

Your data is stored on Shopify's secure servers. While Shopify is a Canadian company, all transfers outside the EU are protected by Standard Contractual Clauses (SCCs), ensuring your data receives the same level of protection as within the EU.