PRIVACY POLICY

Mary & Martin (“we,” “our,” or “us”) is committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, store, and protect information through our website maryandmartin.com. We act in compliance with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant data privacy frameworks. By using maryandmartin.com, you consent to the practices described herein.

1. Commitment to Your Privacy

Your privacy is of paramount importance to us. We adhere to principles of transparency, responsibility, and accountability in processing personal information. We aim to ensure that your data is handled securely, fairly, and in accordance with your rights.

2. Scope of This Policy and Our Role as Data Controller

This Privacy Policy applies to all personal data collected through maryandmartin.com and related digital platforms. Mary & Martin is the Data Controller responsible for determining the purposes and means of processing your personal data under applicable legislation. If you have questions regarding this policy, you may contact us at [email protected].

3. Categories of Personal Data We Process

We collect and process various types of information, either directly from you or automatically through your use of our services:

a. Usage Data
Includes information about your interaction with our website, such as IP address, browser type, operating system, browsing duration, page views, and URL clickstreams.

b. Account Data
Consists of personal identifiers you may provide when creating an account, including full name, email address, phone number, mailing address, and login credentials.

c. Profile Data
Covers information related to your preferences, wishlists, behavioral trends, product viewing history, and purchasing activities.

d. Communication Data
Includes records of your interactions with us such as support requests, feedback submissions, responses to surveys, and other correspondence.

e. Technical Data
Encompasses details about your device, hardware specifications, system settings, connection data, and performance diagnostics.

f. Transaction Data
Relates to purchases you make on maryandmartin.com, including billing details, payment method, delivery address, and order history. We do not store full payment card data; it is processed securely by our authorized payment facilitators.

g. Preference Data
Captures your choices related to marketing communications, newsletters, product recommendations, and interest-based advertising.

4. Legal Bases for Processing Personal Data

We rely on several legal grounds under GDPR and comparable frameworks to lawfully process your data:

– Consent: When you have given us explicit permission to process your data, such as subscribing to newsletters or accepting non-essential cookies.
– Performance of a Contract: When processing is necessary for the execution of our contractual obligations (e.g., fulfilling an order).
– Legitimate Interests: Where we process data to pursue our commercial interests, such as improving our services, fraud prevention, or securing our platform—without infringing your rights.
– Legal Obligation: Where processing is required for compliance with legal or regulatory obligations.

5. Your Rights

You have rights under data protection laws regarding your personal data. Subject to verification of your identity, these rights include:

– Right of Access: Obtain confirmation on whether your data is processed and request a copy.
– Right to Rectification: Request correction of inaccurate or incomplete information.
– Right to Erasure: Request deletion of your data (often referred to as the “right to be forgotten”).
– Right to Restriction: Request limiting the processing of your data under certain conditions.
– Right to Data Portability: Request that we provide your data in a structured, commonly used, machine-readable format or transmit it to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right to Withdraw Consent: Withdraw consent at any time where processing is based on your consent.

Residents of California may also exercise rights under the CCPA, including the right to know categories of personal information collected, sold, and disclosed, as well as the right to opt out of the sale of data and the right not to be discriminated against for exercising protections.

Requests to exercise these rights can be made by contacting us at [email protected].

6. Security Measures

We implement organizational, technical, and physical safeguards to protect your personal information. These include but are not limited to:

– Data encryption in transit and at rest
– Secure access to systems and data using role-based access controls
– Firewall-protected storage environments
– Regular vulnerability assessments and penetration testing
– Ongoing staff privacy training and awareness programs

While no system is entirely immune from risk, we work diligently to mitigate and respond to threats and breaches in a timely and responsible manner.

7. International Data Transfers

Your information may be transferred to and stored in countries outside of the European Economic Area (EEA) or California. To protect your data in such instances:

– We utilize standard contractual clauses approved by the European Commission and other legally appropriate safeguards.
– Where required, we ensure data recipients are located in jurisdictions with adequate levels of protection or are contractually bound by data processing agreements.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected and in compliance with our legal obligations. Specifically:

– Usage and Technical Data: Retained up to 12 months for analytics
– Account and Transaction Data: Retained for 7 years for legal and taxation purposes
– Communication Data: Retained for 3 years from the last interaction
– Marketing Preferences: Retained unless and until consent is withdrawn or the account is deleted

Thereafter, data is either anonymized or securely erased.

9. Cookie Policy

Our website uses cookies to enhance your user experience. Cookies are small text files placed on your device to collect standard internet log and visitor behavior information.

Types of cookies used on maryandmartin.com include:

– Essential Cookies: Necessary for website functionality (e.g., shopping cart use, secure login)
– Functional Cookies: Enable enhanced functionality, such as language preferences or saved settings
– Analytics Cookies: Help us understand how users interact with the website (e.g., Google Analytics)
– Performance Cookies: Improve site speed, loading time, and responsiveness

These cookies may be set by us or third-party providers whose services we use.

10. Cookie Management and Legal Compliance

You can manage your cookie preferences at any time via our cookie banner or browser settings. For GDPR and CCPA compliance:

– We obtain user consent before deploying non-essential cookies
– You may opt out of analytics and advertising cookies without affecting core website functionality
– Californian residents may use the “Do Not Sell or Share My Personal Information” feature where applicable

11. Children’s Privacy

We do not knowingly collect or process personal data from children under the age of 13. If we become aware that a child has provided personal data without appropriate parental consent, we will take steps to delete that information without undue delay. If you are a parent or guardian and believe your child has submitted data to us, please contact [email protected].

12. Policy Updates and Notification

We may update this Privacy Policy from time to time due to operational changes, new legal requirements, or changes in our data practices. Material changes will be communicated to users through prominent notice on our website or via direct communications, as appropriate. We recommend reviewing this policy periodically to stay informed about our data handling practices.

13. Contact Us

For any inquiries, questions about your data, or to exercise your data subject rights, please contact:

Mary & Martin
Email: [email protected]
Website: www.maryandmartin.com

We are committed to ensuring your privacy rights are upheld and that your personal data is managed securely, lawfully, and respectfully at all times.

—
Mary & Martin operates in full compliance with applicable privacy regulations, including GDPR and CCPA. Should you have any concerns or wish to exercise your privacy rights, we welcome you to reach out to us at [email protected].