MADEVIA

— Luxury Botanical Wellness —

Privacy Policy

At Madevia, your privacy is of paramount importance to us. This Privacy Policy explains how we collect, use, share, and protect your personal information when you visit our website or make a purchase.

Madevia Ltd is the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered office is located at [INSERT ADDRESS], London, United Kingdom.

 

Information You Provide

When you place an order or contact us, we collect:

•       Full name

•       Email address

•       Billing and shipping address

•       Phone number (if provided)

•       Payment information — processed securely by our payment provider; we do not store card details

 

Information Collected Automatically

When you browse our website, we may automatically collect:

•       IP address and browser type

•       Pages visited and time spent on site

•       Referring URLs

•       Device and operating system information

This information is collected via cookies and similar tracking technologies. Please see Section 4 for more detail.

 

As a UK-registered company subject to UK GDPR, we are required to identify a lawful basis for processing your personal data. We process your information under the following legal bases:

•       Performance of a contract: To process and fulfill your order and handle related customer service communications.

•       Legal obligation: To comply with applicable laws, including tax, accounting, and consumer protection requirements.

•       Legitimate interests: To improve our website, products, and services, and to prevent fraud — where these interests are not overridden by your rights.

•       Consent: For marketing communications, where you have explicitly opted in. You may withdraw consent at any time.

 

We use the information we collect to:

•       Process and fulfill your orders

•       Send order confirmations, shipping updates, and customer service communications

•       Respond to your enquiries

•       Improve our website and product offerings

•       Send marketing communications, where you have opted in to receive them

•       Comply with our legal and regulatory obligations

•       Detect, prevent, and investigate fraudulent or unauthorized activity

 

We do not sell, rent, or trade your personal information to any third party. We may share your data with the following trusted service providers solely to operate our business:

•       Supliful (U.S.-based fulfillment partner): To process and ship your order.

•       Payment processors (e.g., Stripe): To handle secure payment transactions.

•       Email and marketing service providers: To deliver order communications and, where applicable, marketing content.

•       Analytics providers (e.g., Google Analytics): To understand how our website is used.

All third-party service providers are contractually required to process your data securely, only for the purposes we specify, and in accordance with applicable data protection laws.

 

We take steps to ensure that all international transfers of personal data comply with applicable data protection law. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards approved under UK GDPR to protect your data during such transfers.

By using our website and placing an order, you acknowledge that your data may be transferred to, stored in, and processed in the United States.

 

Our website uses cookies and similar technologies to enhance your browsing experience, remember your preferences, and gather analytics data.

We use the following types of cookies:

•       Essential cookies: Required for the website to function correctly.

•       Analytics cookies: Help us understand how visitors interact with our site (e.g., Google Analytics).

•       Marketing cookies: Used to deliver relevant advertisements where applicable.

You may manage or disable cookies through your browser settings at any time; however, doing so may affect the functionality of our store.

Do Not Track: Our website does not currently respond to 'Do Not Track' (DNT) browser signals. However, you may manage your cookie preferences directly through your browser settings, as described above.

 

Depending on your jurisdiction, you may have the following rights regarding your personal data:

•       Right to access: Request a copy of the personal data we hold about you.

•       Right to rectification: Request correction of inaccurate or incomplete data.

•       Right to erasure: Request deletion of your data, subject to our legal obligations.

•       Right to restrict processing: Request that we limit how we use your data in certain circumstances.

•       Right to data portability: Request your data in a portable, machine-readable format.

•       Right to object: Object to processing based on legitimate interests.

•       Right to withdraw consent: For marketing communications, you may opt out at any time via the unsubscribe link in our emails or by contacting us directly.

 

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected about you, and the right to opt out of the sale of your personal information. Please note: Madevia does not sell personal data.

 

To exercise any of your rights, please contact us at privacy@madevia.com. We will respond to verified requests within 30 days.

 

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements.

Order-related data is typically retained for a minimum of 6 years in accordance with UK company law requirements. Marketing data is retained until you withdraw your consent.

 

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All payment transactions are encrypted using SSL/TLS technology. Access to personal data within our organization is restricted on a need-to-know basis.

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify the relevant supervisory authority and affected individuals as required by applicable law.

 

Our website is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information without parental consent, please contact us immediately at privacy@madevia.com and we will take steps to delete such information.

 

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

 

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with a supervisory authority.

•       UK residents: The Information Commissioner's Office (ICO) — ico.org.uk

•       U.S. residents: The Federal Trade Commission (FTC) or your state's Attorney General office.

We would, however, appreciate the opportunity to address your concerns directly before you approach a regulatory body. Please contact us at privacy@madevia.com in the first instance.

 

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The revised version will be posted on this page with an updated Effective Date. We encourage you to review this policy periodically. Where changes are material, we will endeavor to notify you by email or prominent notice on our website.

 

For any privacy-related questions, requests, or concerns, please contact our Privacy team:

 

Email: privacy@madevia.com

Address: Madevia Ltd  |  [INSERT ADDRESS]  |  London, United Kingdom