1. INTRODUCTION

This Privacy Policy (together with our terms and conditions and any other documents referred to in it) describes the type of information that we collect from you ("you/your") through the use of our services ("Services"), or the use of our website www.nibrocool.com ("Website"), or the use of the website and its trading platform Shopify, or the Nibrocool app and how that information may be used or disclosed by us and the safeguards we use to protect it.

Our Website and Services may contain links to third party websites that are not covered by this Privacy Policy. We therefore ask you to review the privacy statements of other websites and applications to understand their information practices.

We have drafted this Privacy Policy to be as clear and concise as possible. Please read it carefully to understand our policies regarding your information and how we will treat it. By using or accessing our Website or the Services, you agree to the collection, use and disclosure of information in accordance with this Privacy Policy. This Privacy Policy may change from time to time and your continued use of the Website or the Services is deemed to be acceptance of such changes, so please check periodically for updates.

Please check back regularly to keep informed of updates to this Privacy Policy. Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of our Privacy Policy is deemed to occur upon your first use of our Website. If you do not accept and agree with this Privacy Policy, you must stop using our Website immediately.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you have any comments on this Privacy Policy, please email them to Support@nibrocool.com

2. WHO WE ARE

2.1 Here are our details:

- Our Website address is www.nibrocool.com

- Our company name is Nibrotech Limited 

- Our or brand name is NibroCool

- Our registered address is Nibrotech, Unit 27 Buckley Drive, Matlock, DE4 5PN

- Our trading address is Nibrotech, Unit 27 Buckley Drive, Matlock, DE4 5PN

- Our Data Protection Officer is Richard Corbin and they can be contacted at rich@nibrotech.com.

2.2 We respect your right to privacy and will only process personal information about you or provided by you in accordance with the Data Protection Legislation which for the purposes of this Privacy Policy shall mean: (i) the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR), (ii) the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the UK GDPR or the Data Protection Act 2018 and other applicable privacy laws.

3. WHAT WE MAY COLLECT

3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

3.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes first name, last name, username or similar identifier. When you email, phone, live chat or otherwise, we may collect information such as your first name, last name, email address and phone number.
• Contact Data includes billing address, invoicing address, email address and telephone numbers.
• Financial Data includes bank account and payment card details.
• Transaction Data includes details about payments and other details of our Services you have purchased from us.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website.
• Profile Data includes your username and password, reservations made by you, your interests, preferences, feedback and survey responses.
• Usage Data includes information about how you use our Website and Services.
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
• Interaction Data includes any information that you might provide to any discussion forums on the Website.
• Cookies Data like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our websites. Please refer to the "Do we use 'cookies'?" section below for information about cookies and how we use them and what kind.
• Third Parties and Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or through the Services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on our Website. We are also working closely with third parties (including, for example, business partners, suppliers, sub-contractors, advertising networks, analytics providers, and search information providers) and may receive information about you from them.
• Analytics includes third-party analytics services (such as Google Analytics) to evaluate your use of the Website, compile reports on activity, collect demographic data, analyse performance metrics, and collect and evaluate other information relating to our Website and internet usage. These third parties use cookies and other technologies to help analyse and provide us the data. By accessing and using the Website, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy.

3.3 We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

3.4 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

3.5 Under UK GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:

a) You have given consent to the processing of your personal data for one or more specific purposes;

b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;

c) processing is necessary for compliance with a legal obligation to which we are subject;

d) processing is necessary to protect the vital interests of you or of another natural person;

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or

f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our financial payments, except where such interests are overridden by the fundamental rights and freedoms of the data subject, in particular where the data subject is a child.

3.6 If you provide personal information to us about another data subject, you are responsible for ensuring that you have their consent to provide that data for the uses set out in this Privacy Policy and for bringing this Privacy Policy to their attention. 

4. HOW WE MAY USE AND COLLECT YOUR DATA

4.1 We (or third party data processors, agents and sub-contractors acting on our behalf) may collect, store and use your personal information by way of different methods to collect data from and about you include through:

Direct interactions. You may give us your information by filling in forms via our Website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

a) present Website content;

b) use any of our Services;

c) create an account on our Website;

d) subscribe to our Services or publications;

e) request marketing to be sent to you;

f) enter a competition, promotion or survey; or

g) give us some feedback.

4.2 In addition to the above, we may use the information in the following ways:

a) To personalise your Website experience and to allow us to deliver the type of content and product offerings in which you are most interested.

b) To administer a contest, promotion, survey or other site feature.

c) If you have consented to receive our e-mail newsletter, we may send you periodic e-mails. If you would no longer like to receive promotional e-mail from us, please refer to the "How can you opt-out, remove or modify information you have provided to us?" section below. If you have not opted-in to receive e-mail newsletters, you will not receive these e-mails. Visitors who register or participate in other site features such as marketing programs and 'members-only' content will be given a choice whether they would like to be on our e-mail list and receive e-mail communications from us.

d) Present Website content effectively to you.

e) Provide information, and services that you request, or (with your consent) which we think may interest you.

f) Carry out our contracts with you.

g) Provide the relevant Services to you

h) Tell you our charges.

4.3 If you are already our customer, we will only contact you electronically about things similar to what was previously sold to you.

4.4 If you are a new customer, you will only be contacted if you agree to it.

4.5 We may keep a record of those links which are used the most to enable us to provide the most helpful information but we agree to keep such information confidential and you will not be identified from this information.

4.6 In addition, if you don't want us to use your personal data for any of the other reasons set out in this section in 4, you can let us know at any time by contacting us at support@nibrocool.com, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide the best possible products [and services] to you.

4.7 In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the products [and services] we can provide you if you don't provide your personal data in these cases.

4.8 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

a) Where we need to perform the contract we are about to enter into or have entered into with you.

b) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

c) Where we need to comply with a legal or regulatory obligation, for example compliance with health and safety, tax or other statutory obligations.

4.9 Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to our marketing communications or sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at support@nibrocool.com, and we will either delete your data from our systems or move your data to our "unsubscribe list". However, you acknowledge this will limit our ability to provide the best possible services to you.

4.10 As already indicated above, with your permission and/or where permitted by law, we may also use your data for marketing purposes which may lead to us contacting you by email and/or telephone with information, news and offers on our Services. We agree that we will not do anything that we have not agreed to under this Privacy Policy, and we will not send you any unsolicited marketing or spam. We will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended. 

5.0  PRIVACY POLICY SPECIFIC TO SHOPIFY.NIBROCOOL.COM

· We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy

5.1 BEHAVIORAL ADVERTISING

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

· We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics https://tools.google.com/dlpage/gaoptout.

· We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (‘NAI’) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

· FACEBOOK - https://www.facebook.com/settings/?tab=ads

· GOOGLE - https://www.google.com/settings/ads/anonymous

· BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal http://optout.aboutads.info/.

5.2 USING PERSONAL INFORMATION

We use your personal Information to provide our services to you, which includes offering products for sale, processing payments, shipping and fulfilment of your order, and keeping you up to date on new products, services, and offers.

5.3 RETENTION

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

5.4 AUTOMATIC DECISION MAKING

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We do not engage in fully automated decision-making that has a legal or

otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

· Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.

· Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.

5.5 YOUR RIGHTS

GDPR

Data protection legislation controls how your personal information is used by

organisations, including businesses and government departments.

In the UK, data protection is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For more information on how data transfers comply with the GDPR, see Shopify’s GDPR

Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

5.6 COOKIES

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimise your experience on our Site and to provide our services.

Cookies necessary for the functioning of the Store

5.7 NAME & FUNCTION

_ab -  Used in connection with access to admin.

_secure_session_id -  Used in connection with navigation through a storefront.

cart -  Used in connection with shopping cart.

cart_sig -  Used in connection with checkout.

cart_ts -  Used in connection with checkout.

checkout_token -  Used in connection with checkout.

secret -  Used in connection with checkout.

secure_customer_sig -  Used in connection with customer login.

storefront_digest  -  Used in connection with customer login.

_shopify_u -  Used to facilitate updating customer account information.

5.8 REPORTING AND ANALYSIS

NAME & FUNCTION

_tracking_consent -  Tracking preferences

_landing_page -  Track landing pages

_orig_referrer -  Track landing pages

_s -  Shopify analytics.

_shopify_fs -  Shopify analytics.

_shopify_s -  Shopify analytics.

_shopify_sa_p -  Shopify analytics relating to marketing & referrals.

_shopify_sa_t -  Shopify analytics relating to marketing & referrals.

_shopify_y -  Shopify analytics.

_y -  Shopify analytics.

The length of time that a cookie remains on your computer or mobile device depends on whether it is a ‘persistent’ or ‘session’ cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s ‘Tools’ or ‘Preferences’ menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the ‘Behavioural Advertising’ section above.

5.9 DO NOT TRACK

Please note that because there is no consistent industry understanding of how to respond to ‘Do Not Track’ signals, we do not alter our data collection and usage practices

when we detect such a signal from your browser.

6.0  Privacy policy specific to the Nibrocool App (‘The App’) 

6.1. Introduction

This Privacy Policy describes how Nibrotech Ltd (“we”, “us”, or “our”) handles user data in relation to the Nibrocool App (the “App”), which connects to the Nibrocool hardware device and is made available via the Google Play Store and Apple App Store.

We are committed to protecting your privacy and complying with:

• The General Data Protection Regulation (GDPR)
• Google Play User Data Policy and Health Apps Policy
• Apple App Store Review Guidelines

6.2. Developer Identity

This App is published by:

Nibrotech Ltd

27 Buckley Drive, Matlock, DE4 5PN, United Kingdom

Support@nibrocool.com

This entity is the data controller for the purposes of applicable data protection laws.

6.3. System Overview and Hardware Requirements

The App functions in conjunction with external hardware:

• The App connects via Bluetooth to the Nibrocool hardware device
• The Nibrocool device connects to user-supplied body-worn sensors (e.g. heart rate, core temperature, cycling power sensors) via ANT+
• Users select and control which sensors are connected via the App interface

Important:

The App requires the Nibrocool hardware device and compatible sensors to function and cannot operate independently without this hardware.

6.4. Health and Sensor Data

6.4.1 What Data is Accessed

The system accesses health-related data from body-worn sensors, which may include:

• Heart rate
• Core body temperature
• Cycling power
• Other physiological metrics depending on connected sensors

Users are responsible for:

• Supplying their own sensors
• Selecting which sensors to connect

6.4.2 Purpose of Access

Health and sensor data is accessed solely to enable the App and Nibrocool device’s core functionality, including:

• Real-time monitoring and processing
• Immediate device control and response
• Delivery of user-facing features

We only access the minimum data necessary for these functions.

6.4.3 Data Handling Clarification (Google Play Compliance)

To ensure full transparency:

• Access:
  
  Health and sensor data is accessed in real time.
• Collection:
  
  The App and device do not collect or retain health data.
• Use:
  
  Data is used transiently during active processing only.
• Storage:
  
  Health data is not stored on:
• The App
• The mobile device
• The Nibrocool hardware device
• Any servers or cloud systems
• Sharing:
  
  Health data is not shared with any third parties

6.4.4 Device-Level Data (Sensor ID Storage)

The Nibrocool hardware device stores sensor identifiers (IDs only) for the purpose of:

• Automatically reconnecting to previously paired sensors on power-on

Important:

• Sensor IDs are not health data
• No physiological or sensor measurement data is stored
• Sensor data is processed transiently and discarded immediately

6.4.5 Data Retention and Deletion

• Health and sensor data exists only in volatile memory during active processing
• Data is immediately discarded after use
• No logs, history, or records are created

Retention period: 0 seconds beyond active processing

6.5. Personal and Device Data

We may process limited non-sensitive data necessary for operation:

• Device type and operating system
• App diagnostics (e.g. crash logs)

This data:

• Does not identify you directly
• Is not linked to health data
• Is used only to maintain and improve functionality

6.6. Legal Basis for Processing (GDPR)

Where applicable, our legal bases include:

• Legitimate Interests:
  
  To operate and improve the App and connected hardware
• Consent:
  
  For accessing sensor and Bluetooth-related data via device permissions

You may withdraw consent at any time via your device settings.

6.7. Data Sharing

We do not:

• Sell data
• Share data with advertisers
• Transfer data to third parties

Data is processed locally and transiently only.

We may disclose limited information if required by law.

6.8. Data Safety and Google Play Compliance

This Privacy Policy is consistent with the App’s declarations in the Google Play Data Safety section and Health Apps declaration, including:

• No collection or storage of health data
• No data sharing
• Real-time, transient processing only

6.9. In-App Disclosure and Permissions

Before accessing health or sensor data:

• The App provides a clear and prominent in-app disclosure
• Users must grant explicit permission
• Access is limited strictly to what is required for functionality

6.10. International Data Transfers

Health data is not stored or transmitted; therefore:

• No cross-border transfer of such data occurs

Any limited technical data is handled with appropriate safeguards.

6.11. Your Rights (GDPR)

If you are located in the UK or EEA, you have the right to:

• Access your personal data
• Request correction or deletion
• Restrict or object to processing
• Data portability (where applicable)
• Lodge a complaint with a supervisory authority

Because health data is not retained, such rights may not apply to sensor data.

6.12. Data Security

We implement appropriate technical and organisational measures to protect data.

As health data is not stored, risks associated with storage or breach are minimised.

6.13. Medical Disclaimer

The App and Nibrocool hardware device are not medical devices and are not intended for the diagnosis, treatment, monitoring, or prevention of any disease or medical condition.

The system provides general wellness and performance-related functionality only.

6.14. Children’s Privacy

The App is not intended for children under the age of 13 (or applicable age in your jurisdiction).

We do not knowingly collect personal data from children.

6.15. Apple App Store Compliance

We comply with Apple’s requirements by:

• Clearly disclosing health data access
• Using data only for core functionality
• Not storing or sharing health data
• Requesting user permission prior to access

6.16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Changes will be posted with an updated “Last Updated” date.

6.18. Summary of Key Points

• The App requires the Nibrocool hardware device and user-supplied sensors
• Health data is accessed via sensors but processed in real time only
• No health data is collected, stored, or shared
• Sensor IDs (not health data) are stored on the hardware for reconnection only
• Data is immediately discarded after use
• The system is not a medical device
• Fully aligned with GDPR, Google Play, and Apple App Store requirements