Privacy Policy & Cookies

Privacy Policy

This Privacy Policy explains how Nalu ("we", "us", "our") collects, uses, and protects your personal information when you visit nalu.co.uk or purchase our products. Nalu is a trading name of Brace-Yourself Premium Sports & Orthopaedic Bracing Limited (company number 13226749), which is the data controller responsible for your personal data.

Information we collect

Information about you is used to understand how you use our site and to fulfil your orders. This can include information about your location, your IP address, and the equipment you are using. We use this information to help us improve our service, including contacting you if it seems you may have problems with our site.

When you place an order, create an account, subscribe to our newsletter, or contact us, we collect information including your name, billing and delivery address, email address, telephone number, and order history. We do not store credit card or payment card details — these are handled directly by our payment providers.

How we use your information

We use your personal data to:

  • Process and fulfil your orders, including arranging delivery
  • Provide customer service and respond to your enquiries
  • Send order confirmations, shipping updates, and transactional communications
  • Send marketing emails about our products and services, where you have consented
  • Improve our website, products, and service
  • Comply with our legal and regulatory obligations

Third parties we share your data with

We use trusted third-party providers to operate our business. These include:

  • Shopify — our e-commerce platform, which hosts our website and stores order and customer information
  • Shopify Payments and PayPal — our payment providers, which process your payment details directly. We do not see or store your full card details.
  • Klaviyo — our email marketing platform, used to send newsletters and marketing emails to customers who have opted in
  • Trustpilot — our reviews platform, which may email you after purchase to invite a review
  • Google Analytics and Lead Forensics — used to understand how visitors use our site so we can improve it
  • Meta (Facebook and Instagram) and Google Ads — we run advertising through these platforms, which use cookies and pixels to measure ad performance and show you relevant ads
  • Fulfilment partners — some of the brands we stock ship orders directly to you on our behalf. Where this is the case, we share the minimum information needed to fulfil your order (name, delivery address, contact details, and order details) with that brand.
  • Delivery couriers — we share your name, address, and contact details with couriers to deliver your order

We do not sell your personal data to any third party.

Cookies

Your browser may ask for your consent to use cookies on the website. We use essential cookies to make the site function, analytics cookies to understand usage, and marketing cookies (via Meta and Google) to measure and improve our advertising. Cookie information is stored in your web browser, and you can manage your cookie preferences through your browser settings or our cookie banner at any time.

Legal basis for processing

The legal basis for processing your data is 'contract' when you place an order or use the website — you are entering into a contract with us, and we need your data to fulfil it. For marketing communications, our legal basis is 'consent', which you give when you opt in and can withdraw at any time. For some processing, such as fraud prevention and after you are no longer an active customer, our legal basis is 'legitimate interest'.

How long we keep your data

We may periodically contact you about our products and services after you have stopped being an active customer for two years from your last order. After this, we may contact you as a prospective customer unless you ask us not to. We will store financial and order records for 6 years to comply with UK tax and accounting law.

International transfers

Some of our third-party providers (including Shopify, Klaviyo, Google, and Meta) are based outside the UK. Where data is transferred internationally, it is protected by appropriate safeguards such as the UK International Data Transfer Agreement or equivalent protections recognised under UK GDPR.

Automated decision-making

We do not use your personal data for any automated decision making or profiling that has a legal or similarly significant effect on you.

Your rights

Your rights concerning your personal data are:

  • You can ask to see the personal data we hold about you and we will provide this free of charge
  • We will update the personal data to correct errors when you tell us about them
  • We will supply you with a copy of the personal data we hold about you if you ask us to
  • You can withdraw consent to marketing emails at any time by clicking "unsubscribe" in any email or by contacting us
  • We will stop processing your personal data if you tell us to
  • We will delete your personal data if you ask us to, as long as it is no longer required to fulfil the contract between us and there is no legal requirement to hold this information

Contact us

If you wish to contact us about your personal data, or if you feel we are not being fair with you, please email team@nalu.co.uk. We would like to know.

You may also complain about the processing of your personal data to the UK regulator, the Information Commissioner's Office (www.ico.org.uk).

Last updated: 14 April 2026