**Effective Date: February 2026**
This Privacy Policy describes how **MADEVIA LTD** ("we", "us", or "our") collects, uses, and discloses your personal information when you visit, browse, or make a purchase from **https://www.madeviacare.com** (the "Site").
**MADEVIA LTD** is a company registered in England and Wales (Company No: 15392817) with its registered office at 68 Chestnut Ave, London E7 0JJ, United Kingdom.
This policy is designed to comply with:
- **General Data Protection Regulation (GDPR)** (UK-GDPR)
- **California Consumer Privacy Act (CCPA)** and California Privacy Rights Act (CPRA)
- U.S. state privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA)
---
## 1. INFORMATION WE COLLECT
We collect information that you provide directly to us and information that is automatically gathered when you interact with our Site.
### A. Personal Information You Provide
When you place an order, create an account, or contact us, we may collect:
**Order Information:**
- Full name
- Shipping address (street, city, state, ZIP code)
- Billing address (if different from shipping)
- Email address
- Phone number
- Order history and purchase records
**Account Information (if you create an account):**
- Username and password (encrypted)
- Communication preferences
- Saved addresses
**Customer Support Information:**
- Inquiry details
- Support ticket history
- Correspondence records
### B. Payment Information
All payment transactions are securely processed through **PCI-DSS Level 1 compliant third-party payment processors**, including:
- **Stripe** (primary payment gateway)
- **PayPal** (alternative payment option)
**Important:** We do **not** store, process, or have access to:
- Full credit card numbers
- CVV/CVC security codes
- Banking account details
Payment processors retain tokenized payment information according to their own privacy policies:
- Stripe Privacy Policy: https://stripe.com/privacy
- PayPal Privacy Policy: https://www.paypal.com/privacy
### C. Device & Technical Information (Automatically Collected)
When you visit our Site, we automatically collect:
**Device Information:**
- IP address (anonymized after 30 days)
- Browser type and version (e.g., Chrome, Safari, Firefox)
- Operating system (e.g., Windows, macOS, iOS, Android)
- Device identifiers (anonymized mobile advertising IDs)
- Screen resolution and display settings
**Browsing Information:**
- Pages visited and time spent on each page
- Referral source (how you arrived at our Site)
- Click patterns and navigation paths
- Search queries entered on the Site
- Date and time of visits
**Cookies & Tracking Technologies:**
- Session cookies (expire when you close your browser)
- Persistent cookies (stored for up to 12 months)
- Analytics cookies (Google Analytics, Shopify Analytics)
- Marketing cookies (Meta Pixel, Google Ads)
For detailed information on cookies, see **Section 4: Cookies & Tracking Technologies**.
---
## 2. HOW WE USE YOUR PERSONAL INFORMATION
We use the information we collect for the following purposes:
### A. Order Fulfillment & Customer Service
- Process and fulfill your orders
- Communicate order confirmations, shipping updates, and delivery notifications
- Coordinate with third-party fulfillment partners for product storage and shipment
- Respond to customer inquiries and support requests
- Manage returns, refunds, and exchanges
### B. Fraud Prevention & Security
- Screen orders for potential fraud or unauthorized transactions
- Verify billing and shipping address accuracy
- Prevent chargebacks and payment disputes
- Detect and prevent malicious activity (bots, scraping, account takeover)
### C. Legal & Regulatory Compliance
- Comply with tax reporting requirements (IRS, HMRC, state/local authorities)
- Maintain records for accounting and audit purposes
- Respond to lawful requests from law enforcement or regulatory agencies
- Enforce our Terms & Conditions and other legal agreements
### D. Marketing & Communications (With Your Consent)
- Send promotional emails about new products, sales, and special offers
- Display targeted advertisements on third-party platforms (Meta, Google)
- Conduct customer satisfaction surveys
- Share personalized product recommendations
**Note:** You can opt out of marketing communications at any time by:
- Clicking "Unsubscribe" in any promotional email
- Emailing us at info@madeviacare.com with "Unsubscribe" in the subject line
- Adjusting your account preferences (if logged in)
### E. Analytics & Website Improvement
- Analyze browsing behavior to improve website design and user experience
- Monitor website performance and troubleshoot technical issues
- Conduct A/B testing to optimize checkout flow and product pages
- Generate aggregated, anonymized reports on sales trends and customer demographics
---
## 3. SHARING YOUR PERSONAL INFORMATION
We do **not sell, rent, or trade** your personal information to third parties for their own marketing purposes.
We share your information only with trusted service providers who assist us in operating our business:
### A. E-Commerce Platform
**Shopify Inc.** (Canada)
- Hosts our online store and shopping cart
- Processes orders and manages inventory
- Provides analytics and reporting tools
- Shopify Privacy Policy: https://www.shopify.com/legal/privacy
### B. Payment Processors
**Stripe, Inc.** (United States)
- Processes credit card and debit card payments
- Handles payment fraud detection
- Stripe Privacy Policy: https://stripe.com/privacy
**PayPal Holdings, Inc.** (United States)
- Alternative payment processing
- PayPal Privacy Policy: https://www.paypal.com/privacy
### C. Third-Party Fulfillment & Logistics Partners
**Authorized U.S.-based fulfillment centers** (locations vary by inventory distribution)
These partners:
- Store inventory in climate-controlled warehouses
- Pick, pack, and ship orders on our behalf
- Provide tracking and delivery confirmation
- Operate under **Data Processing Agreements (DPAs)** requiring:
- Use of your data strictly for order fulfillment
- Deletion of data within 90 days after delivery (except as required by law)
- CCPA and GDPR compliance
**Important:** While we vet all fulfillment partners for security and privacy compliance, shipments originate from **third-party facilities** in the United States. Madevia remains the **merchant of record** and is legally responsible for data protection.
### D. Shipping Carriers
**USPS, UPS, FedEx** (United States)
- Receive shipping labels with your name and address
- Provide tracking and delivery services
- Retain delivery records per their standard policies
### E. Analytics & Advertising Providers
**Google LLC** (United States)
- Google Analytics (website traffic analysis)
- Google Ads (search and display advertising)
- Privacy Policy: https://policies.google.com/privacy
**Meta Platforms, Inc.** (United States)
- Meta Pixel (Facebook/Instagram ad tracking)
- Privacy Policy: https://www.facebook.com/privacy/policy
**Shopify Analytics** (Canada)
- Sales reporting and customer behavior insights
### F. Legal & Regulatory Disclosures
We may disclose your information if required by law, such as:
- Court orders, subpoenas, or legal process
- Government investigations (FTC, FDA, law enforcement)
- Tax reporting to the IRS or HMRC
- Protecting our legal rights in disputes or litigation
---
## 4. COOKIES & TRACKING TECHNOLOGIES
We use **cookies** (small text files stored on your device) to enhance your browsing experience and analyze Site performance.
### Types of Cookies We Use
**A. Essential Cookies (Required)**
- Enable core functionality (shopping cart, checkout, account login)
- Remember your language and region preferences
- Maintain session security
- **These cannot be disabled** without breaking website functionality
**B. Analytics Cookies (Performance)**
- Google Analytics: Track page views, bounce rates, and user flows
- Shopify Analytics: Monitor sales conversions and product performance
- **You can disable these** via browser settings or our cookie consent tool
**C. Marketing Cookies (Advertising)**
- Meta Pixel: Track conversions from Facebook/Instagram ads
- Google Ads: Measure ad campaign effectiveness and retargeting
- **You can disable these** via browser settings or our cookie consent tool
### Managing Cookie Preferences
**Option 1: Browser Settings**
- Chrome: Settings → Privacy & Security → Cookies
- Safari: Preferences → Privacy → Manage Website Data
- Firefox: Options → Privacy & Security → Cookies and Site Data
**Option 2: Cookie Consent Tool**
- Click the "Cookie Settings" link in the website footer
- Toggle categories on/off (except essential cookies)
- Save preferences
**Option 3: Third-Party Opt-Out**
- Google Ads: https://adssettings.google.com
- Meta Ads: https://www.facebook.com/settings?tab=ads
- Network Advertising Initiative: https://optout.networkadvertising.org
**Note:** Disabling cookies may limit website functionality (e.g., items not staying in cart, login issues).
---
## 5. INTERNATIONAL DATA TRANSFERS
### Where Your Data Is Processed
Your personal information may be transferred to, stored, and processed in:
**United Kingdom** (Primary Data Controller)
- Madevia LTD registered office and business operations
- Wise business banking (UK-based accounts)
**United States** (Fulfillment & Payment Processing)
- Shopify servers (Canada/USA data centers)
- Stripe payment processing (USA-based servers)
- Third-party fulfillment centers (USA warehouses)
- USPS/UPS/FedEx shipping carriers
### Data Protection Safeguards
For transfers from the UK/EU to the USA, we rely on:
**1. Standard Contractual Clauses (SCCs)**
- Pre-approved data transfer agreements recognized by the UK Information Commissioner's Office (ICO) and EU Commission
- Legally binding contracts requiring U.S. partners to uphold GDPR-equivalent protections
**2. Adequacy Decisions**
- EU-U.S. Data Privacy Framework (for certified U.S. companies like Stripe)
- UK Extension to the EU-U.S. Data Privacy Framework
**3. Service Provider Agreements**
- All U.S.-based fulfillment partners sign **Data Processing Agreements (DPAs)** committing to:
- CCPA and GDPR compliance
- Encryption of data in transit and at rest
- Limited data retention (90 days post-delivery)
- Prohibition on selling or sharing customer data
For more information, contact us at **info@madeviacare.com**.
---
## 6. YOUR PRIVACY RIGHTS
Depending on your location, you may have the following rights regarding your personal information:
### A. Rights Under UK-GDPR (UK & EU Residents)
**1. Right to Access**
- Request a copy of all personal data we hold about you
- Receive information about how we process your data
**2. Right to Rectification**
- Correct inaccurate or incomplete personal information
**3. Right to Erasure ("Right to Be Forgotten")**
- Request deletion of your personal data (subject to legal retention requirements)
**4. Right to Restrict Processing**
- Limit how we use your data in certain circumstances
**5. Right to Data Portability**
- Receive your data in a machine-readable format (e.g., CSV, JSON)
- Transfer your data to another service provider
**6. Right to Object**
- Object to processing for direct marketing purposes (opt-out anytime)
- Object to automated decision-making or profiling
**How to Exercise Your Rights:**
Email **info@madeviacare.com** with the subject line **"GDPR Data Request"** and include:
- Your full name and order number (if applicable)
- Specific right you wish to exercise
- Proof of identity (e.g., copy of ID or recent order confirmation)
**Response Time:** We will respond within **30 days** of verification.
---
### B. Rights Under CCPA/CPRA (California Residents)
California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
**1. Right to Know**
- What personal information we collect
- How we use and share your information
- Categories of third parties who receive your data
**2. Right to Delete**
- Request deletion of personal information (subject to exceptions)
**3. Right to Opt-Out of Sale/Sharing**
- **Note:** Madevia does **not sell** personal information. We share data only with service providers for business operations.
**4. Right to Correct**
- Request correction of inaccurate personal information
**5. Right to Limit Use of Sensitive Personal Information**
- We do not collect "sensitive personal information" as defined by CPRA
**6. Right to Non-Discrimination**
- We will not discriminate against you for exercising your privacy rights
**How to Exercise Your Rights:**
Submit a request via:
- **Email:** info@madeviacare.com (Subject: "CCPA Data Request")
- **Verification Required:** Provide your name, email, and order number
**Response Time:** We will respond within **45 days** (may extend to 90 days for complex requests).
**Authorized Agent Requests:**
If submitting a request through an authorized agent, provide:
- Signed authorization letter
- Proof of agent's identity
- Your own identity verification
---
### C. Rights Under Other U.S. State Privacy Laws
Residents of **Virginia (VCDPA)**, **Colorado (CPA)**, and **Connecticut (CTDPA)** have similar rights to CCPA, including:
- Right to access, correct, and delete personal data
- Right to opt-out of targeted advertising
- Right to appeal denied requests
To exercise these rights, email **info@madeviacare.com** with **"State Privacy Request"** in the subject line.
---
## 7. DATA RETENTION
We retain your personal information only as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.
### Retention Periods
**Order & Transaction Data:**
- **7 years** (required for tax compliance with IRS, HMRC, and state revenue authorities)
- Includes invoices, receipts, payment records, and shipping confirmations
**Account Information:**
- **Active accounts:** Retained until you request deletion or account closure
- **Inactive accounts:** Deleted after **3 years** of no login activity (email notification sent 30 days prior)
**Marketing & Analytics Data:**
- **2 years** from last interaction (email open, click, or purchase)
- Automatically purged from mailing lists after this period
**Customer Support Correspondence:**
- **3 years** for quality assurance and dispute resolution
**Cookies & Device Data:**
- **Session cookies:** Deleted when you close your browser
- **Persistent cookies:** Expire after **12 months**
- **IP addresses:** Anonymized after **30 days**
### Secure Deletion
When data is deleted:
- Erased from active databases and backup servers
- Aggregated analytics data (anonymized) may be retained indefinitely
- Paper records (if any) are shredded or securely destroyed
---
## 8. DATA SECURITY
We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.
### Technical Safeguards
**Encryption:**
- **SSL/TLS encryption** (256-bit) for all data transmitted between your browser and our servers
- **Encrypted storage** for sensitive data at rest (e.g., passwords hashed with bcrypt)
**Access Controls:**
- **Role-based access** (employees access only data necessary for their job functions)
- **Multi-factor authentication (MFA)** for admin accounts
- **Regular access audits** to detect unauthorized access
**Infrastructure Security:**
- **PCI-DSS Level 1 compliance** for payment processing (Stripe-certified)
- **Shopify's SOC 2 Type II certification** for platform security
- **DDoS protection** and web application firewalls (WAF)
### Organizational Safeguards
- **Employee training** on data privacy and security best practices
- **Confidentiality agreements** for all staff and contractors
- **Regular security audits** and vulnerability assessments
### Limitation of Liability
**Important:** While we use reasonable security measures, **no internet transmission or electronic storage is 100% secure**. We cannot guarantee absolute security of your data.
In the event of a data breach:
- We will notify affected users within **72 hours** (as required by GDPR/CCPA)
- We will provide details on the breach, affected data, and remediation steps
- We will cooperate with regulatory authorities (ICO, California Attorney General)
---
## 9. CHILDREN'S PRIVACY
Our Site and products are **not intended for individuals under the age of 18**.
We do **not knowingly collect** personal information from minors. If we discover that a user under 18 has provided personal information, we will:
- Delete the information immediately
- Close any associated account
- Notify the parent/guardian (if contact information is available)
**Parental Notice:** If you believe your child has provided us with personal information, contact us at **info@madeviacare.com** with "Minor Data Deletion Request" in the subject line.
---
## 10. THIRD-PARTY LINKS
Our Site may contain links to third-party websites, including:
- Social media platforms (Facebook, Instagram)
- Payment processors (Stripe, PayPal)
- Shipping carriers (USPS, UPS tracking pages)
**Important:** We are **not responsible** for the privacy practices of third-party sites. We encourage you to review their privacy policies before providing any personal information.
---
## 11. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically to reflect:
- Changes in business operations or fulfillment partners
- New legal requirements (e.g., updated privacy laws)
- Improvements in data security practices
**Notification of Changes:**
- **Material changes:** We will notify you via email or a prominent notice on the Site at least **30 days** before the changes take effect
- **Minor updates:** Posted directly to this page with an updated "Effective Date"
**Your Continued Use:** By continuing to use the Site after changes take effect, you accept the updated Privacy Policy.
---
## 12. CONTACT INFORMATION
### Data Controller
**MADEVIA LTD**
Company No: 15392817 (England & Wales)
Registered Office: 68 Chestnut Ave, London E7 0JJ, United Kingdom
### Privacy Inquiries
**Email:** info@madeviacare.com
**Subject Line Formatting:**
- GDPR requests: "GDPR Data Request"
- CCPA requests: "CCPA Data Request"
- General privacy questions: "Privacy Inquiry"
**Response Time:** We respond to privacy requests within **30 days** (GDPR) or **45 days** (CCPA).
### Regulatory Complaints
If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with:
**UK Residents:**
- **Information Commissioner's Office (ICO)**
- Website: https://ico.org.uk/make-a-complaint
- Phone: 0303 123 1113
**California Residents:**
- **California Attorney General's Office**
- Website: https://oag.ca.gov/privacy
- Privacy Enforcement Hotline: (916) 210-6276
---
## 13. CONSENT & ACKNOWLEDGMENT
By using our Site, placing an order, or providing your personal information, you acknowledge that you have read, understood, and agree to this Privacy Policy.
**For Marketing Communications:** You can opt-in to receive promotional emails during checkout or by creating an account. You can opt-out at any time by clicking "Unsubscribe" in any email or contacting us at info@madeviacare.com.
---
**Last Updated:** February 2026
**Effective Date:** Applies to all data collected from this date forward.
For questions or concerns, contact **info@madeviacare.com**.
---
*Your privacy matters to us. Thank you for trusting Madevia with your personal information.*
