GDPR

General Data Protection Regulation

At Mahéquline ApS, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, process, and store your information when you visit our website, make a purchase, or engage with us in other ways.

 

Who Are We?

Mahéquline ApS

CVR: 43610821

Midtager 29, Brøndby

+45 20895639

 

Why Do We Collect Your Information?

We collect and process personal data for the following purposes:

• To manage customer relationships, including processing orders, payments, and product deliveries.

• To fulfill legal obligations, such as storing accounting data and complying with consumer protection laws.

• To provide customer service, including handling inquiries, complaints, and warranty claims.

• To send relevant marketing materials with your consent, informing you about new products, offers, and promotions.

• To improve your user experience through analysis of purchase history and preferences.

 

Who Do We Collect Information About?

We collect information from:

• Customers: Individuals who make purchases through our online store.

• Potential Customers: Individuals who have signed up for our newsletter or given consent to receive marketing materials.

• Suppliers and Partners: Contact persons from companies we collaborate with.

 

What Information Do We Collect?

Shopify

• Personal Information: Name, address, phone number, and email address.

• Payment Information: Payment method (we do not store full credit card details).

• Order Information: Items purchased, purchase date, amount, delivery status, and any complaints.

 

Klaviyo

• Contact Information: Name, email address, and phone number (if provided).

• Marketing Data: Newsletter subscription, email open and click statistics, and purchase history if integrated with Shopify.

 

Who Do We Share Your Information With?

We may share your data with the following partners:

• Parcel Feeder (warehouse and logistics partner): Name, address, phone number, email address, and order details.

• Carriers (PostNord, GLS, or other shipping companies): Name, address, phone number, and email address for tracking information.

 

Do We Transfer Data to Third Countries?

Yes, we transfer data to our team in San Diego, USA. This includes access to:

• Social media and marketing platforms: Instagram, TikTok, and Pinterest.

• Email system for customer inquiries related to orders and customer service.

 

Transfers are based on Standard Contractual Clauses (SCC) approved by the EU Commission to ensure your data is adequately protected.

 

When Do We Delete Your Data?

We retain your data for the following periods:

• Active Customers: Data is stored as long as there is an active relationship or consent for marketing.

• Inactive Customers: Data is deleted after 3 years of inactivity, unless required by law to be kept longer.

• Accounting Purposes: Invoice and payment details are kept for 5 years from the end of the financial year, as per the Danish Bookkeeping Act.

• Legal Claims and Complaints: Complaints are kept for up to 2 years to comply with consumer protection laws.

• Newsletter Consent: Data is deleted upon withdrawal of consent, unless retained for other legitimate purposes.

 

What Security Measures Do We Implement?

We take data security seriously and have implemented the following measures:

• Access Control and Authorization: Only relevant employees and partners have access to personal data.

• Authentication: Systems require two- or three-factor authentication via Microsoft and Shopify.

• Data Protection: Data is stored in secure, encrypted systems like Shopify, Klaviyo, and email platforms.

• Data Transfers: Data transfers are secured using SSL/TLS encryption.

• Internal Guidelines: We have strict internal guidelines regulating access, data usage, and security updates.

• Data Processing Agreements: We have signed data processing agreements with all relevant partners to ensure proper and legal data handling.

 

Your Rights

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data:

• Right of Access: You can request access to the personal data we hold about you.

• Right to Rectification: You can request corrections to inaccurate or incomplete personal data.

• Right to Erasure: You can request the deletion of your personal data, subject to certain conditions.

• Right to Restriction of Processing: You can request limited processing of your data under specific circumstances.

• Right to Object: You have the right to object to the processing of your personal data.

• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.

 

If you wish to exercise any of these rights, please contact us.

 

You also have the right to file a complaint with the Danish Data Protection Agency (Datatilsynet) if you are dissatisfied with how your personal data is being processed. You can find their contact details at www.datatilsynet.dk.

 

For any questions or concerns regarding our Privacy Policy, feel free to reach out to us at any time.