Legal

Privacy Policy

Last updated: 20 March 2026 · UK GDPR Compliant · maibo.uk

Data Controller

Maibo Limited, Luton, United Kingdom

ICO Registration

ZC108331

Contact

This Privacy Policy explains how Maibo Limited (“Maibo”, “we”, “us”) collects, uses, stores, and shares personal data when you use maibo.uk. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Information We Collect

We may collect the following categories of personal data depending on how you interact with our website:

Identity & Contact

Name, email address, phone number.

Account

Username, password (encrypted), account preferences.

Order & Transaction

Items purchased, order history, returns, exchanges, refunds.

Delivery & Billing

Shipping address, billing address.

Technical & Usage

IP address, device and browser information, pages viewed, timestamps, approximate location (derived from IP).

Customer Support

Messages, emails, and information you provide when contacting us.

Payment details: Payments are processed by third-party payment service providers (Stripe, PayPal). We do not store full card details on our servers.

How We Use Your Data

We use personal data to:

✓
Create and manage customer accounts

✓
Process orders, payments, deliveries, and returns/refunds

✓
Provide customer support and respond to requests or complaints

✓
Improve website performance, usability, and product selection

✓
Prevent fraud, protect our customers, and keep the website secure

✓
Comply with legal obligations and enforce our terms

Legal Bases (UK GDPR)

Where applicable, we process personal data under one or more of the following legal bases:

Contract

To fulfil your order and deliver products you have purchased.

Legitimate Interests

To operate and improve our business, prevent fraud, and secure the website.

Legal Obligation

Tax, accounting, and compliance with applicable UK law.

Consent

For optional cookies or marketing where your consent is required.

Cookies & Analytics

We use cookies and similar technologies to enable core site functions, remember preferences, help prevent fraud, and understand how the website is used. You can manage cookie preferences via your browser settings or our cookie consent tool. Disabling cookies may affect certain website features. For full details, please see our Cookie Policy.

Sharing Your Data

We may share personal data only where necessary, including with:

Payment providers

Stripe and PayPal to securely process transactions.

Delivery and logistics partners

Royal Mail, Evri, DPD/DHL to ship orders and provide tracking.

IT and security providers

To host and protect our website and systems.

Professional advisors

Accountants and legal advisors where required.

Authorities

Where we are legally required to do so under UK law.

International Transfers

Some service providers may process data outside the UK. Where international transfers occur, we take appropriate measures to protect personal data — such as contractual safeguards and security controls — consistent with UK GDPR requirements.

Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy, including order fulfilment, customer support, security, and legal/accounting requirements.

Data Type

Retention Period

Order and transaction records

7 years (UK tax law)

Customer account data

Duration of account + 2 years

Customer support communications

3 years

Technical & analytics data

Up to 2 years

When data is no longer needed, we delete or anonymise it securely.

Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your data in certain circumstances.

Right to Restriction

Restrict or object to certain processing of your data.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at maibo@maibo.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Security

We implement appropriate technical and organisational measures to protect personal data against loss, unauthorised access, alteration, or misuse. Data transmissions are protected using SSL encryption where supported by your browser. Passwords are stored in encrypted form and payment data is handled exclusively by certified third-party processors.

Children’s Privacy

Our website is not intended for children under 13. We do not knowingly collect personal data from children under 13. If we become aware that such data has been collected, we will delete it promptly. If you believe we have inadvertently collected data from a child, please contact us at maibo@maibo.uk.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our practices. The latest version will always be posted on this page with an updated date. Continued use of our website after changes are posted constitutes acceptance of the updated policy.

Governing Law

This Privacy Policy is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk if you believe your data has been processed unlawfully.

Privacy Questions?

We’re here to help.

If you have any questions about this Privacy Policy or how we handle your data, please get in touch.

Email Us
Cookie Policy