Privacy Policy

Privacy Policy

Last updated: [2026/06/01]

This Privacy Policy explains how Nepspice under LekaliNursery („we“, „us“, „our“) collects, uses, and protects your personal data when you visit and shop at nepspice.com. We process personal data in accordance with the EU General Data Protection Regulation (GDPR / DSGVO).

1. Controller

The data controller responsible for processing your personal data is:

Lekali Nursery Kirshi Farm
Salyan, Nepal
lekalinursery@gmail.com

2. What data we collect

Depending on how you use our website, we may collect:

  • Account and order data: name, billing and shipping address, email address, phone number, and order history.
  • Payment data: payment is processed by our payment provider (Stripe). We do not store full card details on our servers.
  • Technical data: IP address, browser type, device information, and pages visited, collected automatically when you use the site.
  • Communication data: any information you provide when you contact us by email or contact form.

3. Why we process your data and the legal basis

  • To fulfil your order (process payment, ship goods, send order confirmations) — legal basis: performance of a contract (Art. 6(1)(b) GDPR).
  • To comply with legal obligations such as tax and accounting record-keeping — legal basis: legal obligation (Art. 6(1)(c) GDPR).
  • To operate and secure our website — legal basis: our legitimate interest (Art. 6(1)(f) GDPR).
  • To send marketing emails, only if you have given consent — legal basis: consent (Art. 6(1)(a) GDPR), which you may withdraw at any time.

4. Sharing your data

We share data only with parties necessary to run our shop, including:

  • Payment processor (Stripe) to process your payment.
  • Shipping and logistics providers to deliver your order.
  • Tax authorities and accountants where legally required.

We do not sell your personal data. Where a provider is located outside the EU/EEA, we ensure appropriate safeguards (such as EU Standard Contractual Clauses) are in place.

5. Cookies

Our website uses cookies that are necessary for the shop to function (for example, to keep items in your cart and to keep you logged in). With your consent, we may also use analytics or marketing cookies. You can manage your cookie preferences through the cookie banner and your browser settings.

6. How long we keep your data

We keep order and invoice data for as long as required by law (in Germany, generally up to 10 years for accounting records). Other data is deleted once it is no longer needed for the purpose it was collected.

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data („right to be forgotten“);
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time; and
  • lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at lekalinursery@gmail.com.

You also have the right to complain to your local data protection authority. In Germany, this is the data protection authority of your federal state (Landesdatenschutzbehörde).

8. Data security

We use appropriate technical and organisational measures, including SSL/TLS encryption, to protect your personal data against unauthorised access, loss, or misuse.

9. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always available on this page, with the „last updated“ date shown above.

This template is provided for general guidance during site setup and is not legal advice. Before going live and processing real customer data, have your privacy policy reviewed or generated by a qualified service (e.g. eRecht24, IT-Recht Kanzlei) to ensure full GDPR and German-law compliance.