Privacy policy

PRIVACY POLICY

Last updated: April 29, 2026

This Privacy Policy describes how Be Nova Drop (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from benovadrop.com (the "Site") or otherwise communicate with us (collectively, the "Services").

⚠️ IMPORTANT: We handle all privacy requests individually. Email us first at hello@benovadrop.com for any data requests or concerns.

1. WHO WE ARE (Data Controller)

Company: Be Nova Drop Website: benovadrop.com Email: hello@benovadrop.com Address: Sydney, NSW, Australia


2. PERSONAL INFORMATION WE COLLECT

When you visit our Site and make a purchase, we collect:

Contact Information

  • Name
  • Shipping address
  • Billing address
  • Email address
  • Phone number

Order Information

  • Items purchased
  • Quantity and pricing
  • Payment method (processed securely, not stored by us)
  • Transaction history
  • Order confirmations
  • Delivery tracking

Customer Support Information

  • Messages you send us
  • Support inquiries
  • Chat conversations
  • Email exchanges
  • Information you voluntarily provide

Device & Usage Information

  • IP address
  • Browser type and version
  • Operating system
  • Time zone
  • Device type (mobile, desktop, tablet)
  • Cookie information
  • Pages you visit
  • Time spent on each page
  • Click patterns
  • Referral source (how you found us)

Marketing Information

  • Email preferences
  • SMS opt-in status
  • Communication preferences
  • Unsubscribe status
  • Purchase history (for recommendations)

Payment Information

  • Important: We do NOT store credit card numbers
  • Payment is processed securely by Shopify Payments
  • We only see: Last 4 digits, card type, expiration date (for your records)

3. LEGAL BASIS FOR COLLECTING YOUR DATA

We only collect data when we have a legal reason. Here's why we collect each type:

Contract (To Fulfill Your Order)

  • Name, address, email, phone
  • Order information
  • Payment details
  • Necessary to complete your purchase

Consent (Marketing & Tracking)

  • Marketing emails (you opt-in)
  • SMS messages (you opt-in)
  • Facebook Pixel (for ads)
  • Google Analytics (for site improvement)
  • You can opt-out anytime

Legal Obligation (Required by Law)

  • Order information (7 years for tax/accounting)
  • Communications (for dispute resolution)
  • Fraud screening information
  • Compliance with regulations

Legitimate Interest (Our Business Needs)

  • Analytics to improve website
  • Fraud prevention and security
  • Customer service improvements
  • Understanding customer behavior
  • You can object to this use

Vital Interest (Safety & Security)

  • Fraud detection
  • Account security
  • Preventing abuse or illegal activity

4. HOW WE USE YOUR PERSONAL INFORMATION

To Fulfill Your Order

  • Processing payment
  • Shipping your order
  • Sending confirmations
  • Providing tracking information
  • Contacting you about your order

For Customer Service

  • Responding to your inquiries
  • Resolving issues
  • Providing support
  • Following up on problems

For Marketing (With Your Permission)

  • Sending promotional emails
  • Product recommendations
  • Special offers
  • Seasonal sales
  • You can unsubscribe anytime

For Site Improvement

  • Analytics (how you use our site)
  • Identifying popular products
  • Improving user experience
  • A/B testing
  • Understanding traffic patterns

For Security & Fraud Prevention

  • Screening orders for fraud
  • Detecting unauthorized access
  • Protecting your account
  • Preventing abuse
  • Complying with laws

For Legal Compliance

  • Keeping records for taxes
  • Responding to legal requests
  • Complying with regulations
  • Resolving disputes

5. WHO WE SHARE YOUR DATA WITH

Service Providers (Process Data On Our Behalf)

These companies process your data following our instructions:

Shopify

  • Online store platform
  • Order management
  • Data Processing Agreement: ✅ Yes
  • See: https://www.shopify.com/legal/privacy

Payment Processors

  • Shopify Payments or similar
  • Process credit card payments securely
  • We never see full card numbers
  • Data Processing Agreement: ✅ Yes

Email Marketing (Klaviyo)

  • Sends marketing emails
  • Manages email preferences
  • Tracks email opens (with consent)
  • Data Processing Agreement: ✅ Yes
  • See: https://www.klaviyo.com/privacy

Fulfillment & Logistics Partners

  • Ships your orders
  • Tracks packages
  • May be international suppliers
  • Data Processing Agreement: ✅ Yes

Analytics Providers (Process Data For Their Purposes)

These companies use your data to provide analytics services:

Google Analytics

  • Analyzes website traffic
  • Tracks which pages you visit
  • Understands user behavior
  • See: https://policies.google.com/privacy
  • You can opt-out: https://tools.google.com/dlpage/gaoptout

Facebook Pixel

  • Tracks conversions on our ads
  • Shows you relevant ads on Facebook/Instagram
  • See: https://www.facebook.com/privacy/explanation
  • You can opt-out: https://www.facebook.com/ads/preferences

Legal Requirements

  • Law enforcement (with legal order)
  • Tax authorities (for tax compliance)
  • Courts (for legal proceedings)
  • Regulators (for compliance)

We only share data when legally required and with proper authorization.

6. YOUR DATA RIGHTS BY COUNTRY

🇺🇸 USA (CCPA & FTC)

If you're in California, you have specific rights:

Right to Know:

  • You can request what personal data we collect
  • What we use it for
  • Who we share it with

Right to Delete:

  • You can request deletion of your data
  • Exception: Data we must keep by law (7 years for taxes)

Right to Opt-Out:

  • You can opt-out of data sales
  • We do NOT sell your data
  • But you can opt-out of analytics tracking

Right to Non-Discrimination:

  • We will not treat you differently
  • Same price, service, quality
  • Even if you exercise these rights

How to Exercise:

  • Email: hello@benovadrop.com
  • Subject: "CCPA Privacy Request"
  • Response time: 45 days

🇬🇧 UK (UK GDPR & Data Protection Act 2018)

You have 8 data protection rights:

1. Right to Access

  • You can request all your data
  • We provide in portable format (CSV)

2. Right to Rectification

  • You can correct inaccurate data
  • Example: Wrong address, typo in name

3. Right to Erasure ("Right to be Forgotten")

  • You can request deletion
  • Exceptions: Tax records (7 years), legal obligations

4. Right to Restrict Processing

  • You can limit how we use your data
  • Example: During a dispute

5. Right to Data Portability

  • You can get your data in portable format
  • To move to another service

6. Right to Object

  • You can object to specific processing
  • Example: Marketing emails, analytics

7. Right to Withdraw Consent

  • You can unsubscribe from marketing
  • Anytime, no questions asked

8. Right Against Automated Decision-Making

  • We don't use AI to make decisions about you
  • Not applicable to Be Nova Drop

How to Exercise:

  • Email: hello@benovadrop.com
  • Subject: "Data Subject Access Request"
  • Response time: 30 days

Complaint:

  • If we don't help, contact:
  • Information Commissioner's Office (ICO)
  • Website: ico.org.uk

🇮🇪 IRELAND (Same as UK GDPR)

All 8 UK rights apply in Ireland.

How to Exercise:

  • Email: hello@benovadrop.com
  • Response time: 30 days

Complaint:

  • Data Protection Commission (DPC)

🇪🇺 EU (GDPR)

All 8 data protection rights apply in all EU countries.

How to Exercise:

  • Email: hello@benovadrop.com
  • Response time: 30 days

Complaint:

  • Your local Data Protection Authority
  • Varies by country

🇦🇺 AUSTRALIA (Privacy Act 1988 & APPs)

You have privacy rights under Australian law:

Right to Access

  • You can request your personal data
  • We provide it within 30 days

Right to Correct

  • You can fix inaccurate information

Right to Complain

  • If we mishandle your data
  • Contact: Office of the Australian Information Commissioner (OAIC)

How to Exercise:

  • Email: hello@benovadrop.com
  • Response time: 30 days

🇳🇿 NEW ZEALAND (Privacy Act 2020)

You have privacy principles (similar to EU):

Right to Access

  • Request your personal data
  • Response time: Within reasonable timeframe

Right to Correct

  • Fix inaccurate information

Right to Complaint

  • Contact: Privacy Commissioner
  • Website: privacy.org.nz

How to Exercise:

  • Email: hello@benovadrop.com

🇨🇦 CANADA (PIPEDA & PECA)

You have privacy rights under federal law:

Right to Access

  • Request personal information we hold

Right to Correct

  • Fix inaccurate data

Right to Opt-Out

  • Unsubscribe from marketing emails
  • (Unsubscribe link in every email)

Right to Complain

  • Contact: Office of the Privacy Commissioner of Canada
  • Website: priv.gc.ca

How to Exercise:

  • Email: hello@benovadrop.com
  • Response time: 30 days

🌍 REST OF WORLD

Your local privacy laws apply.

Email us: hello@benovadrop.com

We will:

  • Research your country's laws
  • Explain your specific rights
  • Fulfill your requests fairly

7. EXERCISE YOUR PRIVACY RIGHTS

How to Make a Request

Email: hello@benovadrop.com

Include:

  • Your name
  • Order number (if customer)
  • Specific right you're exercising (access, delete, correct, etc.)
  • Proof of identity (we may ask)

Our Response

We respond within:

  • 30 days (standard — most countries)
  • 45 days (if complex — CCPA)

We'll provide:

  • Your data in portable format (if access request)
  • Explanation if we can't fulfill
  • Next steps and timeline

No Cost

Privacy requests are free. We don't charge for:

  • Accessing your data
  • Correcting information
  • Deleting information
  • Providing portable copies

8. COOKIES & TRACKING TECHNOLOGIES

What Are Cookies?

Small text files stored on your device that remember information about you.

Cookies We Use

Essential Cookies (Always On)

  • Your shopping cart
  • Login information
  • Payment processing
  • Site functionality

Analytics Cookies (Opt-In)

  • Google Analytics (understand user behavior)
  • Understand which pages are popular
  • Improve website performance
  • Help us see how you found us

Marketing Cookies (Opt-In)

  • Facebook Pixel (track conversions)
  • Show you relevant ads on Facebook/Instagram
  • Personalized recommendations
  • Google Ads Pixel (remarketing)

Preference Cookies

  • Your language choice
  • Your theme preference
  • Remember your settings

How to Control Cookies

Browser Settings:

  • Manage or delete cookies in your browser
  • Settings vary by browser (Chrome, Safari, Firefox, Edge)
  • Note: Blocking essential cookies may break the site

Opt-Out of Tracking:

  • Facebook: https://www.facebook.com/ads/preferences
  • Google: https://myaccount.google.com/privacy
  • General opt-out: https://optout.aboutads.info/

Consent Banner:

  • On first visit, we ask for cookie consent
  • You can change preferences anytime

9. DATA RETENTION (How Long We Keep Your Data)

We keep different data for different periods:

Order Information

  • Kept for: 7 years (Australian tax law requirement)
  • Why: Tax records, accounting, legal disputes
  • Can be deleted: After 7 years OR upon request

Customer Communications

  • Kept for: 2 years
  • Why: Customer service, dispute resolution
  • Can be deleted: Upon request

Marketing Data

  • Kept for: Until you unsubscribe
  • Why: Send marketing emails (with consent)
  • Can be deleted: Unsubscribe from email OR request deletion

Analytics Data

  • Kept for: 26 months (Google Analytics default)
  • Why: Understand site usage patterns
  • Can be deleted: Upon request (we ask Google)

Payment Information

  • Kept for: Not by us (Shopify handles)
  • Stored: Last 4 digits only (for your records)
  • Never: Full credit card numbers

To Request Deletion

  • Email: hello@benovadrop.com
  • Subject: "Data Deletion Request"
  • We'll process within 30 days
  • Exception: Data required by law (tax records)

10. SECURITY & DATA PROTECTION

How We Protect Your Data

Encryption:

  • All data in transit uses SSL/TLS encryption
  • Your browser shows a padlock (🔒) when connected securely
  • Payment info encrypted with industry-standard protocols

Secure Storage:

  • Servers behind firewalls
  • Limited employee access
  • Regular security audits
  • No storage of full credit card numbers

Payment Security:

  • Shopify Payments handles credit cards
  • PCI-DSS compliant (highest standard)
  • We never see full card numbers

What We Don't Do:

  • ❌ Store full credit card numbers
  • ❌ Store passwords
  • ❌ Share data with advertisers (unless you consent)
  • ❌ Sell your data

International Data Transfers

Your data may be transferred to:

  • Canada (Shopify servers)
  • USA (Shopify AWS, Google servers)
  • Australia (our backups)
  • Europe (Klaviyo servers)
  • Asia (fulfillment partners)

Safeguards:

  • Standard Contractual Clauses (SCCs) with processors
  • Encryption in transit
  • Secure data centers
  • Compliance with GDPR/CCPA standards

11. THIRD-PARTY LINKS

Our Site contains links to external websites.

Important:

  • This Privacy Policy does NOT apply to third-party sites
  • We are NOT responsible for their privacy practices
  • Review their privacy policies before providing data
  • Examples: Facebook, Google, Shopify

12. CHILDREN'S PRIVACY

Our Site is NOT intended for anyone under 18.

We do NOT:

  • Knowingly collect data from minors
  • Market to children
  • Allow underage accounts

If you think we have data on a minor:

  • Email: hello@benovadrop.com immediately
  • We will delete it right away

13. DATA BREACHES

If your data is breached:

We will:

  1. Investigate immediately
  2. Notify you without unreasonable delay (max 72 hours)
  3. Notify authorities (if required by law)
  4. Take steps to prevent future breaches
  5. Provide guidance on protecting yourself

We keep a breach log for regulatory compliance.

14. CHANGES TO THIS POLICY

We update this policy periodically as laws change or our practices evolve.

Material changes:

  • We'll email you
  • We'll update the "Last updated" date
  • Continued use = you accept changes

Non-material changes:

  • We'll just update the date
  • You can check anytime

15. CONTACT US FOR PRIVACY MATTERS

Data Access/Deletion Requests

📧 Email: hello@benovadrop.com Subject: "Privacy Request" or "Data Subject Access Request" Response time: 30 days

Privacy Questions

📧 Email: hello@benovadrop.com Subject: "Privacy Question" Response time: Within 24 hours

Complaints

If you're not satisfied with how we handle your data:

UK/EU Customers:

  • File complaint with your local Data Protection Authority
  • UK: Information Commissioner's Office (ico.org.uk)
  • EU: Your country's DPA

Australian Customers:

  • Office of the Australian Information Commissioner (OAIC)
  • Website: oaic.gov.au

NZ Customers:

  • Privacy Commissioner
  • Website: privacy.org.nz

Canadian Customers:

  • Office of the Privacy Commissioner of Canada
  • Website: priv.gc.ca

USA/California Customers:

  • California Attorney General (for CCPA)
  • FTC (for FTC violations)

Mailing Address

Be Nova Drop Sydney, NSW, Australia benovadrop.com

16. DATA PROTECTION OFFICER

For data protection inquiries:

Email: hello@benovadrop.com Subject: "Data Protection Officer"

We take your data privacy seriously and are committed to being transparent.

17. JURISDICTION-SPECIFIC RIGHTS

For California (CCPA) Residents

You have specific CCPA rights listed in Section 6.

You also have the right to:

  • Know if we sell your data (we don't)
  • Opt-out of data sales
  • Not be discriminated against

For UK Residents

All 8 GDPR rights apply (Section 6).

Your rights cannot be waived.

For EU Residents

All GDPR rights apply (Section 6).

Your rights cannot be waived.

For Australian Residents

Australian Privacy Principles apply (Section 6).

Your privacy protections are automatic.

For NZ Residents

Privacy Act 2020 applies (Section 6).

Your rights are automatic.

FINAL COMMITMENT

We collect only the personal information we need.

We use it only for the reasons we've told you.

We protect it with industry-standard security.

We respect your rights in every country.

If you have questions: Email hello@benovadrop.com

We care about your privacy.

Last Updated: April 29, 2026 Next Review: Every 3 months (quarterly) Effective for: All Be Nova Drop customers worldwide