Legal Document

Privacy Policy

📅 Last updated: 19 March 2026 | 🔒 UK GDPR Compliant | 🌐 maibo.uk

Data Controller: Maibo Limited, Luton, United Kingdom
Contact: maibo@maibo.uk
ICO Registration:

This Privacy Policy explains how Maibo Limited (“Maibo”, “we”, “us”) collects, uses, stores, and shares personal data when you use maibo.uk. We are committed to protecting your privacy in compliance with the UK GDPR and the Data Protection Act 2018.

Information We Collect

Category	Examples
Identity & Contact	Name, email address, phone number
Account	Username, encrypted password, preferences
Order & Transaction	Items purchased, order history, returns, refunds
Delivery & Billing	Shipping address, billing address
Technical & Usage	IP address, device/browser info, pages viewed, timestamps
Customer Support	Messages and info provided when contacting us

💳 Payment details: Processed by Stripe and PayPal. We do not store full card details on our servers.

How We Use Your Data

🛒

Order Processing

Process orders, payments, deliveries and returns.

👤

Account Management

Create and manage your customer account.

💬

Customer Support

Respond to requests, queries and complaints.

🔒

Security & Fraud

Prevent fraud and keep the website secure.

📈

Improvement

Improve site performance and product selection.

⚖️

Legal Compliance

Meet legal obligations and enforce our terms.

Legal Bases (UK GDPR)

Legal Basis	When We Rely on It
Contract	To fulfil your order, process returns, and manage your account
Legitimate Interests	To operate and improve our business, prevent fraud, secure the website
Legal Obligation	Tax, accounting, and regulatory compliance
Consent	For optional marketing emails or non-essential cookies

Cookies & Tracking Technologies

We use cookies and similar technologies to enable core site functions, remember preferences, help prevent fraud, and understand how the website is used.

Type	Purpose	Examples
Essential	Required for the website to function	Session, cart, login
Analytics	Understand how visitors interact with the site	Google Analytics
Marketing	Show relevant ads and measure campaign effectiveness	Facebook Pixel

You can manage cookie preferences via your browser settings. Disabling non-essential cookies may affect certain website features.

Sharing Your Data

We may share personal data only where necessary. We do not sell your personal data to third parties.

💳

Payment ProvidersStripe, PayPal — to securely process your transactions.

📦

Delivery & Logistics PartnersTo ship orders and provide tracking information.

🖥️

IT & Security ProvidersTo host and protect our website and systems.

📋

Professional AdvisorsAccountants and legal advisors where required.

🏛️

AuthoritiesWhere we are legally required to disclose information.

International Transfers

Some service providers may process data outside the UK. Where international transfers occur, we take appropriate measures — such as standard contractual clauses and security controls — consistent with UK GDPR requirements.

Data Retention

Data Type	Retention Period
Order & transaction records	7 years (legal/accounting requirement)
Customer account data	Duration of account + 2 years after closure
Marketing consent records	Until consent is withdrawn
Customer support communications	3 years from resolution
Technical/analytical logs	Up to 26 months

Your Rights

👁️

Right of AccessRequest a copy of the personal data we hold about you.

✏️

Right to RectificationHave inaccurate or incomplete data corrected.

🗑️

Right to ErasureRequest deletion of your data (“right to be forgotten”).

⏸️

Right to RestrictionAsk us to restrict how we process your data in certain cases.

🚫

Right to ObjectObject to processing based on legitimate interests or for direct marketing.

📤

Right to Data PortabilityReceive your data in a structured, machine-readable format.

↩️

Right to Withdraw ConsentWithdraw consent at any time where processing is based on consent.

🏛️

Right to ComplainLodge a complaint with the ICO (ico.org.uk) if you believe your rights have been violated.

To exercise any of these rights, contact us at maibo@maibo.uk. We will respond within 30 days as required by UK GDPR.

Security

We implement appropriate technical and organisational measures to protect personal data against loss, unauthorised access, alteration, or misuse. Data transmissions are protected using SSL/TLS encryption. Access to personal data within our organisation is restricted on a need-to-know basis.

⚠️ If you believe your account or personal data has been compromised, please contact us immediately at maibo@maibo.uk.

Children’s Privacy

Our website is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that such data has been collected, we will delete it promptly.

Marketing Communications

We may send marketing emails where you have given consent or where we have a legitimate interest as an existing customer. You can opt out at any time by clicking Unsubscribe in any marketing email or by contacting maibo@maibo.uk. Opting out of marketing will not affect transactional emails related to your orders.

Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on this page with an updated date. Where changes are significant, we will notify you by email or a prominent notice on the website.

Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

📌 As a UK-registered business serving UK customers under UK GDPR, English law applies. Our supervisory authority is the Information Commissioner’s Office (ICO).

Questions or Requests?

For any privacy-related questions, data subject requests, or complaints — we aim to respond within 30 days.