Privacy Policy

Updated 4 weeks ago

At Nuento, we prioritise the protection of your personal data. This Privacy Policy explains how we process your information in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU 2016/679), and the Data Protection Act 2018.

Nuento Denmark ApS is the data controller for the processing of your personal data.

Company Details:

  1. What information do we collect?

We collect and process personal data about both customers and suppliers in connection with the use of our platform.

Information we collect about Customers: We typically collect information when you:

  • Place an order via our platform.
  • Communicate with us via email, telephone, forms, or chat.
  • Sign up for newsletters.
  • Visit and use our website (cookies, IP address, etc.).

Typical data collected: Name, email address, phone number, address and event details, payment information (processed via third-party providers), IP address, and browser details.

Information we collect about Suppliers: We typically collect information when you:

  • Create a supplier profile and log in.
  • Communicate with us via email, telephone, or chat.
  • Visit and use our website (cookies, IP address, etc.).

Typical data collected: Name, email address, phone number, company name and VAT/registration number, bank and payout details, product descriptions, images, capacity details, and communication/order history.

  1. Purposes of processing

We process your personal data to provide and improve our services and to comply with our legal obligations. The primary purposes are:

  • Order Processing: To confirm, manage, and complete orders made via our platform.
  • Customer Service and Support: To respond to enquiries, assist with issues, and provide necessary service regarding your booking.
  • Information and Updates: To send information related to your order, changes to our services, and important operational updates.
  • Platform Improvement: To analyse user behaviour and gather feedback to optimise our website, features, and user experience.
  • Marketing (Subject to Consent): To send newsletters and offers if you have provided explicit consent.
  • Public Reviews: If you choose to review a service publicly on our platform, your full name will be displayed alongside the review to ensure transparency and authenticity. Writing a review is voluntary, and you can request its removal at any time.
  • Legal Compliance: To meet accounting and retention requirements, including storing information necessary for bookkeeping and auditing.
  • AI and message analysis: To help keep the platform safe, provide support, and improve our services, conversations on the platform may be reviewed both by automated tools, including artificial intelligence, and by authorised Nuento staff. We also use AI to give suppliers aggregated insights into common questions and topics from enquiries. Access by staff is limited to those with a work-related need (see section 7). This analysis does not involve automated decisions that produce legal or similarly significant effects concerning you.

We only process your personal data when we have a valid legal basis under the UK GDPR:

  • Performance of a Contract: When you make a booking, we need your data to deliver the agreed service.
  • Legal Obligation: We must retain certain data to comply with legislation, such as tax and bookkeeping laws.
  • Consent: In some cases, we ask for your consent (e.g., for marketing or cookies). You can withdraw your consent at any time.
  • Legitimate Interests: We process data to improve our platform and understand user behaviour. This only occurs when our interests do not override your rights and freedoms. We rely on our legitimate interest in keeping the platform safe, supporting users, and improving our services as the basis for the AI analysis described above. You can object to this processing at any time.

  1. Recipients and transfer of data

We share your information with the following parties:

  • Hosting and Operations: We use Amazon Web Services (AWS) for database operations and Heroku as a platform to deliver parts of our service.
  • Login and Identity: We use Auth0 as our identity provider. SMS codes for login are processed securely through Auth0.
  • Communication: We use Gmail for email and Intercom for chat support. Intercom retains visitor data for up to 9 months after the last activity, after which it is automatically deleted.
  • Payment: Stripe handles payments and receives standard customer details (name, email, card info).
  • Suppliers: We share relevant details with the suppliers you have booked (e.g., food trucks, bartenders, venues).
  • AI processing: We use Anthropic to perform automated analysis of conversation content. The provider acts as our data processor under a Data Processing Agreement, and any transfer outside the UK/EEA is covered by Standard Contractual Clauses.

All third-party providers are subject to Data Processing Agreements (DPA). If data is transferred outside the UK/EEA, it is done so only under adequate safeguards, such as Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).

  1. Retention period

  • Order and Payment Data: Up to 5 years in accordance with applicable bookkeeping laws.
  • Customer Communication (Email/Phone): Typically up to 2 years.
  • Chat Messages (Intercom): Deleted automatically after 9 months of inactivity.
  • Newsletter Data: Retained until you withdraw your consent.
  • Platform messages (between customers and suppliers): retained for the duration of the account and order relationship, and thereafter in line with the order and communication periods above.

  1. Your rights

Under the UK GDPR, you have the following rights:

  • The right to access your data.
  • The right to rectification of incorrect data.
  • The right to erasure ("the right to be forgotten").
  • The right to restrict processing.
  • The right to data portability.
  • The right to object to processing.
  • The right to withdraw consent at any time.

To exercise these rights, please contact us at kontakt@nuento.dk.

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

  1. Access control and internal security

We have implemented internal procedures and technical measures to ensure that personal data is treated confidentially and protected against unauthorised access, alteration, or deletion. Access is limited to employees with a work-related need. Systems are accessed via individual accounts with two-factor authentication (2FA) where possible.

  1. Changes to this policy

We reserve the right to update this policy. The latest version will always be available on our website.