Mahé Ltd. is committed to protecting your privacy and handling your personal data transparently and securely in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Mahé Ltd. is the data controller responsible for your personal data.

1. Information We Collect

When you interact with our website, place an order, or contact us, we may collect:

  • Full name

  • Billing and shipping address

  • Email address

  • Telephone number (if provided)

  • Order details

  • Payment confirmation details (we do not store full card numbers)

  • Website usage data (such as IP address, browser type, and pages visited)

Payment information is processed securely by our payment providers. We do not store complete payment card details on our servers.

2. How We Use Your Information

We process your personal data for the following purposes:

  • To process and fulfil orders (contractual necessity)

  • To provide customer support (legitimate interest)

  • To comply with legal obligations (e.g., accounting and tax requirements)

  • To send marketing communications where you have opted in (consent)

  • To improve website functionality and user experience (legitimate interest)

3. Payments & Third-Party Services

Payments are processed securely via our authorised payment providers, which may include:

  • Squarespace Payments

  • Clearpay

  • Klarna

  • Card networks and digital wallet providers

We may share necessary personal data with trusted third parties, including:

  • Payment processors

  • Delivery and courier providers

  • Website hosting and analytics providers

These parties process data only as required to provide their services and in accordance with applicable data protection laws.

4. Marketing Communications

You will only receive marketing emails if you have explicitly opted in or where permitted under applicable law.

You may withdraw consent or unsubscribe at any time using the link provided in our emails or by contacting us directly.

5. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil orders and provide services

  • Comply with legal, tax, and accounting obligations

  • Resolve disputes

Financial records may be retained for up to 6 years to comply with UK legal requirements.

6. International Data Transfers

Some of our service providers (including website hosting and payment processors) may store or process data outside the United Kingdom.

Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent protections in accordance with UK GDPR.

7. Data Security

We use industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or disclosure.

However, no online transmission can be guaranteed to be completely secure.

8. Your Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data

  • Request correction of inaccurate data

  • Request erasure of your data (where applicable)

  • Object to or restrict processing

  • Withdraw consent for marketing communications

  • Request data portability

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

The ICO can be contacted at: www.ico.org.uk

9. Cookies

Our website uses cookies to ensure functionality, performance, and security.

Non-essential cookies (such as analytics or marketing cookies) are used only where you have provided consent via our cookie banner.

You may manage or withdraw your cookie preferences at any time through your browser settings.

10. Contact

If you have any questions regarding this Privacy Policy or wish to exercise your data rights, please contact us using the details provided on our website.

Privacy Policy

Last updated: 14th February 2026