Privacy Policy

At Nuento, we prioritise the protection of your personal data. This Privacy Policy explains how we process your information in accordance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU 2016/679), and the Data Protection Act 2018.

Nuento Denmark ApS is the data controller for the processing of your personal data.

Company Details:

• CVR (VAT) Number: 39000725
• Email: kontakt@nuento.dk
• Phone: +45 93 40 60 40

1. What information do we collect?

We collect and process personal data about both customers and suppliers in connection with the use of our platform.

Information we collect about Customers: We typically collect information when you:

• Place an order via our platform.
• Communicate with us via email, telephone, forms, or chat.
• Sign up for newsletters.
• Visit and use our website (cookies, IP address, etc.).

Typical data collected: Name, email address, phone number, address and event details, payment information (processed via third-party providers), IP address, and browser details.

Information we collect about Suppliers: We typically collect information when you:

• Create a supplier profile and log in.
• Communicate with us via email, telephone, or chat.
• Visit and use our website (cookies, IP address, etc.).

Typical data collected: Name, email address, phone number, company name and VAT/registration number, bank and payout details, product descriptions, images, capacity details, and communication/order history.

2. Purposes of processing

We process your personal data to provide and improve our services and to comply with our legal obligations. The primary purposes are:

• Order Processing: To confirm, manage, and complete orders made via our platform.
• Customer Service and Support: To respond to enquiries, assist with issues, and provide necessary service regarding your booking.
• Information and Updates: To send information related to your order, changes to our services, and important operational updates.
• Platform Improvement: To analyse user behaviour and gather feedback to optimise our website, features, and user experience.
• Marketing (Subject to Consent): To send newsletters and offers if you have provided explicit consent.
• Public Reviews: If you choose to review a service publicly on our platform, your full name will be displayed alongside the review to ensure transparency and authenticity. Writing a review is voluntary, and you can request its removal at any time.
• Legal Compliance: To meet accounting and retention requirements, including storing information necessary for bookkeeping and auditing.

3. Legal basis for processing

We only process your personal data when we have a valid legal basis under the UK GDPR:

• Performance of a Contract: When you make a booking, we need your data to deliver the agreed service.
• Legal Obligation: We must retain certain data to comply with legislation, such as tax and bookkeeping laws.
• Consent: In some cases, we ask for your consent (e.g., for marketing or cookies). You can withdraw your consent at any time.
• Legitimate Interests: We process data to improve our platform and understand user behaviour. This only occurs when our interests do not override your rights and freedoms.

4. Recipients and transfer of data

We share your information with the following parties:

• Hosting and Operations: We use Amazon Web Services (AWS) for database operations and Heroku as a platform to deliver parts of our service.
• Login and Identity: We use Auth0 as our identity provider. SMS codes for login are processed securely through Auth0.
• Communication: We use Gmail for email and Intercom for chat support. Intercom retains visitor data for up to 9 months after the last activity, after which it is automatically deleted.
• Payment: Stripe handles payments and receives standard customer details (name, email, card info).
• Suppliers: We share relevant details with the suppliers you have booked (e.g., food trucks, bartenders, venues).

All third-party providers are subject to Data Processing Agreements (DPA). If data is transferred outside the UK/EEA, it is done so only under adequate safeguards, such as Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA).

5. Retention period

• Order and Payment Data: Up to 5 years in accordance with applicable bookkeeping laws.
• Customer Communication (Email/Phone): Typically up to 2 years.
• Chat Messages (Intercom): Deleted automatically after 9 months of inactivity.
• Newsletter Data: Retained until you withdraw your consent.

6. Your rights

Under the UK GDPR, you have the following rights:

• The right to access your data.
• The right to rectification of incorrect data.
• The right to erasure ("the right to be forgotten").
• The right to restrict processing.
• The right to data portability.
• The right to object to processing.
• The right to withdraw consent at any time.

To exercise these rights, please contact us at kontakt@nuento.dk.

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

7. Access control and internal security

We have implemented internal procedures and technical measures to ensure that personal data is treated confidentially and protected against unauthorised access, alteration, or deletion. Access is limited to employees with a work-related need. Systems are accessed via individual accounts with two-factor authentication (2FA) where possible.

8. Changes to this policy

We reserve the right to update this policy. The latest version will always be available on our website.