Account

Language

Cart 0

Your cart is empty

Privacy policy

 

Data Protection Declaration

1) Information on the Collection of Personal Data and Controller Details

1.1 We are pleased that you are visiting our website and thank you for your interest. This notice explains how we handle your personal data when you use our website. “Personal data” means any information relating to an identified or identifiable natural person.

1.2 Controller within the meaning of the GDPR:
Camelback Beauty LLC d/b/a Nailevated
1907 West Side Canyon Trl, Phoenix, AZ 85085, USA
Phone: +1 928 241 1055
Email: info@nailevated.com

If you contact us about privacy, we will respond without undue delay.

1.3 EU and UK representatives

At this time, Camelback Beauty LLC d/b/a Nailevated has not appointed an EU or UK representative under Article 27 GDPR/UK GDPR. Until such appointment is made, EU and UK customers may direct all privacy-related inquiries to our U.S. headquarters:  

Camelback Beauty LLC d/b/a Nailevated  
Phoenix, AZ 85085, USA  
Email: info@nailevated.com  

Once an EU and/or UK representative has been appointed, their details will be published here.

 

2) Data Collected When You Visit Our Website

2.1 Server log files
When you visit our website without creating an account or otherwise submitting information, we collect the following data that your browser sends to our servers: pages visited, date and time of access, data volume, referrer URL, browser type and version, operating system, and IP address (stored in an anonymized or truncated form where possible).
Legal basis: Art. 6(1)(f) GDPR, our legitimate interest in ensuring stability, security, and proper functioning of the site. We do not disclose this data to third parties except where required for security or by law. We may review logs later if there are concrete indications of unlawful use.

2.2 TLS encryption
We use SSL/TLS to protect data in transit. You can recognize an encrypted connection by “https://” and the lock icon in your browser.

 

3) Hosting and Content Delivery

3.1 Shopify
Website hosting and storefront services are provided by:
Shopify International Limited, Victoria Buildings, 2nd floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland.
Data may also be processed by Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
We have a data processing agreement in place. The European Commission has found Canada’s PIPEDA framework adequate for certain commercial organizations. Shopify may also use Standard Contractual Clauses for other transfers.

3.2 Cloudflare
We use Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA, as a content delivery and security provider to accelerate delivery of content and protect the site.
Legal basis: Art. 6(1)(f) GDPR, our legitimate interest in performance and security. We have a data processing agreement in place. For transfers to the USA, Cloudflare participates in the EU–US Data Privacy Framework and also uses appropriate safeguards.

4) Cookies and Similar Technologies

We use cookies and similar technologies to operate the site and to measure performance. Session cookies are deleted when you close the browser. Persistent cookies remain longer and help us remember preferences. Durations are shown in your browser’s cookie settings and in our consent tool.

Legal bases:

  • Art. 6(1)(b) GDPR for cookies that are strictly necessary to provide our services;

  • Art. 6(1)(a) GDPR for analytics, marketing, and similar cookies, based on your consent;

  • Art. 6(1)(f) GDPR for certain functional cookies that improve the experience where consent is not required by law.

You can control cookies in the consent banner and your browser settings. Some features may not work if you disable certain cookies.

 

5) Contacting Us and Review Requests

5.1 Loox review reminders
Provider: Loox Online Ltd, Rehov Har Sinai 2, 6581602 Tel Aviv-Yafo, Israel.
With your consent, Art. 6(1)(a) GDPR, we may share your email and relevant order details with Loox to request a product review. You can withdraw consent at any time. Israel benefits from an EU adequacy decision for certain processing contexts.

5.2 General inquiries
If you contact us by form or email, we process the data you provide to respond and manage your request.
Legal bases: Art. 6(1)(f) GDPR for our legitimate interest in responding, and Art. 6(1)(b) GDPR if your request relates to a contract. We delete inquiry data when we no longer need it, subject to legal retention duties.

 

6) Use of Client Data for Direct Advertising

6.1 Subscribe to our e-mail newsletter

If you register for our e-mail newsletter, we will send you information about our offers. Only your e-mail address is required, other fields are optional and help us address you personally. We use a double opt-in.
Legal basis: Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link in each e-mail. We store IP address and timestamps to document consent under Art. 6(1)(c) and Art. 6(1)(f) GDPR.

6.2 Klaviyo

Our newsletters are sent through Klaviyo.
Provider: Klaviyo, Inc., 125 Summer Street, Boston, MA 02110, USA.
We share signup data with Klaviyo to send newsletters and manage audiences.
Legal bases: Art. 6(1)(f) GDPR for efficient e-mail delivery, and Art. 6(1)(a) GDPR where analytics or tracking is used.

Subject to your consent, Klaviyo measures campaign performance using web beacons or tracking pixels in e-mails, which record open and click events. Device and technical data may be collected for this purpose. You can withdraw consent to newsletter tracking at any time, for example by using the unsubscribe link or contacting us.

We have a data processing agreement with Klaviyo. For international transfers, Klaviyo participates in the EU-US Data Privacy Framework and also provides additional safeguards where appropriate. Details are in Klaviyo’s DPA and Privacy Notice. Klaviyo+2dataprivacyframework.gov+2

6.3 Back-in-stock and similar one-time notifications

If you opt in to be notified when an item is back in stock, we send a one-time message for the selected product.
Legal basis: Art. 6(1)(a) GDPR. You can opt out at any time.

 

7) Processing of Data for Orders and Payments

7.1 Order fulfillment
We share data with carriers and payment institutions as needed to fulfill contracts and comply with legal duties.
Legal bases: Art. 6(1)(b) and Art. 6(1)(c) GDPR. If we must provide digital product updates, we may use your contact details to inform you about those updates per Art. 6(1)(c) GDPR.

7.2 Payment service providers
Depending on what you choose at checkout, we process payments via one or more of the following, each acting as independent controllers for their own processing:

  • Apple Pay, Apple Distribution International, Ireland.

  • Google Pay, Google Ireland Limited, Ireland.

  • Klarna, Klarna Bank AB, Sweden. For invoice or installment options, Klarna may conduct credit checks. Legal bases: Art. 6(1)(b) for processing and Art. 6(1)(f) for fraud and creditworthiness checks.

  • PayPal, PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg. May perform fraud prevention and credit checks under their privacy policy.

  • Shopify Payments (Stripe), Shopify International Limited, Ireland, and Stripe affiliates as applicable.

Each provider’s privacy notice applies. Where required, we rely on Art. 6(1)(b) GDPR to process your payment and share the minimum necessary data.

 

8) Web Analytics and Tag Management

8.1 Google Analytics 4
Provider: Google Ireland Limited, Dublin, Ireland.
We use GA4 only with your consent, Art. 6(1)(a) GDPR. GA4 uses cookies and similar technologies. IP addresses are processed in a truncated or anonymized form. We configured data retention at 2 months for user-level and event-level data where supported. Demographics and interest reports are used only if you consent. Google may process data in the USA. Google participates in the EU–US Data Privacy Framework and uses additional safeguards where necessary.

You can withdraw consent in the cookie banner at any time.
Further details: Google Privacy Policy and “How Google uses information from sites and apps.”

8.2 Google Tag Manager
This orchestrates tags and does not itself place cookies or read device information beyond what is necessary to load tags. Your IP may be transmitted to Google to enable delivery.
Legal basis: Art. 6(1)(a) GDPR where tags rely on consent, otherwise Art. 6(1)(f) GDPR for essential tag loading. You can withdraw consent via the cookie banner for non-essential tags.

 

9) Retargeting, Remarketing, and Referral Ads

9.1 Meta Pixel with Advanced Matching
Provider: Meta Platforms Ireland Limited, Dublin, Ireland.
With your consent, Art. 6(1)(a) GDPR, we use the Meta Pixel to measure conversions and build Custom Audiences. We may use advanced matching, which hashes customer data collected on our site to improve attribution. Meta may process data in the USA and participates in the EU–US Data Privacy Framework. You can withdraw consent at any time in the cookie banner.

9.2 TikTok Pixel
Provider: TikTok Technology Limited, Dublin, Ireland.
With your consent, Art. 6(1)(a) GDPR, we measure ad performance and conversions after clicks or views on TikTok ads. You can withdraw consent in the cookie banner.

We have data processing agreements in place with our ad partners where required.

 

10) Site Functionalities

Google Web Fonts
Provider: Google Ireland Limited, Dublin, Ireland.
When enabled by your consent, your browser connects to Google to load fonts. Some device and IP information will be transmitted.
Legal basis: Art. 6(1)(a) GDPR. If disabled, a system font will be used. Google participates in the EU–US Data Privacy Framework.

 

11) Consent Management

We use a cookie consent tool that appears when you first visit. It records your choices and only loads non-essential cookies if you consent. The tool may set a necessary cookie to store your preferences.
Legal bases: Art. 6(1)(c) GDPR to comply with consent requirements and Art. 6(1)(f) GDPR for user-friendly consent management.

 

12) Your Rights

12.1 You have the following rights under the GDPR:

  • Access, Art. 15

  • Rectification, Art. 16

  • Erasure, Art. 17

  • Restriction, Art. 18

  • Notification, Art. 19

  • Data portability, Art. 20

  • Withdraw consent, Art. 7(3)

  • Lodge a complaint with a supervisory authority, Art. 77. You can contact any EEA authority in your habitual residence, your place of work, or the place of the alleged infringement.

12.2 Right to Object
If we process your personal data based on Art. 6(1)(f) GDPR, you may object at any time on grounds relating to your particular situation. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests or the processing is needed to establish, exercise, or defend legal claims.

If we process your data for direct marketing, you may object at any time. We will then stop processing your data for that purpose.

 

13) Retention

We keep personal data as long as necessary for the purposes listed in this notice, then delete or anonymize it unless a longer retention is required by law.

  • Based on consent, Art. 6(1)(a): until you withdraw consent.

  • Contractual matters, Art. 6(1)(b): for the duration of the relationship and customary limitation periods.

  • Legal obligations, Art. 6(1)(c): for the duration of statutory retention periods.

  • Legitimate interests, Art. 6(1)(f): until you successfully object or until the interest no longer applies.

Where specific services above specify shorter retention, those settings apply.

 

14) International Transfers

Where data is transferred outside the EEA or the UK, we use appropriate safeguards, such as adequacy decisions, the EU Standard Contractual Clauses, or the Data Privacy Framework, together with supplementary measures where needed.

You can request a copy of relevant safeguards by contacting us at info@nailevated.com.

 

15) How to Exercise Your Rights

You can contact us at info@nailevated.com to exercise your rights. If you are in the EEA or the UK and we appoint representatives, you can also contact the representative listed above.

Version: 02.10.2025

Add address