Legal notice

<p>Last updated: August 5, 2025</p>
<p>Malìa Lab operates this store and website, including all information, content, features, tools, products, and services, in order to provide you, as the customer, with an appropriate shopping experience (the "Services"). Malìa Lab is powered by Shopify, which enables us to provide you with the Services. This Privacy Policy describes how we collect, use, and disclose your personal data when you visit, use, make a purchase or any other transaction through the Services, or when you communicate with us. In the event of any conflict between our Terms of Service and this Privacy Policy, this Privacy Policy shall prevail with respect to the collection, processing, and disclosure of your personal data.</p>
<p>Please read this Privacy Policy carefully. By using and accessing the Services, you confirm that you have read and understood this Privacy Policy and how we collect, use, and disclose your information.</p>
<h2>Personal data we collect or process</h2>
<p>When we use the term "personal data", we refer to information that identifies or is reasonably linked to you or another individual. Personal data does not include information collected anonymously or anonymized so that it cannot identify you or be linked to you. Depending on your interaction with the Services, where you live, and as permitted or required by applicable laws, we may collect or process the following categories of personal data, including inferences derived from such data:</p>
<ul>
<li><strong>Contact details</strong> including name, address, billing address, shipping address, phone number, and email address.</li>
<li><strong>Financial data</strong> including credit card, debit card, and financial account numbers, card payment details, financial account details, transaction details, payment method, payment confirmation, and other payment-related information.</li>
<li><strong>Account data</strong> including username, password, security questions, preferences, and settings.</li>
<li><strong>Transaction data</strong> including items you view, add to cart, add to wishlist, purchase, return, exchange, or delete, as well as your past transactions.</li>
<li><strong>Communications with us</strong> including the information you include when contacting us, for example when submitting a customer support request.</li>
<li><strong>Device information</strong> including information about your device, browser, or network connection, IP address, and other unique identifiers.</li>
<li><strong>Usage information</strong> including information about your interaction with the Services, and how and when you interact with or browse the Services.</li>
</ul>
<h2>Sources of personal data</h2>
<p>We may collect personal data from the following sources:</p>
<ul>
<li><strong>Directly from you</strong> including when you create an account, visit or use the Services, communicate with us, or otherwise provide your personal data;</li>
<li><strong>Automatically through the Services</strong> including through your device when you use our products or services or visit our websites, and through cookies and similar technologies;</li>
<li><strong>From our service providers</strong> including when we engage them to implement certain technologies and when they collect or process your personal data on our behalf;</li>
<li><strong>From our partners or third parties.</strong></li>
</ul>
<h2>How we use your personal data</h2>
<p>Depending on how you interact with us or which Services you use, we may collect your personal data for the following purposes:</p>
<ul>
<li><strong>Provide, personalize, and improve the Services.</strong> We use your personal data to provide the Services, enforce our contract with you, process your payments, fulfill your orders, remember your preferences and items of interest, send account-related notifications, process purchases, returns, exchanges, or other transactions, create, maintain, and manage your account, arrange shipping, facilitate returns and exchanges, enable you to post reviews, and create a personalized shopping experience, for example through product recommendations based on your purchases. This may include using your personal data to personalize and improve the Services.</li>
<li><strong>Marketing and advertising.</strong> We use your personal data for marketing and promotional purposes, such as sending you marketing, advertising, and promotional communications via email, text message, or post, and showing you online advertisements for products and services within our Services or on other websites, including based on items you have previously purchased or added to your cart and other activity within the Services.</li>
<li><strong>Security and fraud prevention.</strong> We use your personal data to authenticate your account, provide a secure payment and shopping experience, detect, investigate, or take action against fraudulent, illegal, unsafe, or harmful activities, and protect public safety and our Services. By choosing to use the Services and register an account, you are responsible for safeguarding your credentials. We recommend that you do not share your username, password, or other access details with anyone.</li>
<li><strong>Communications with you.</strong> We use your personal data to provide customer support, respond to your inquiries, deliver effective services, and maintain our business relationship with you.</li>
<li><strong>Legal purposes.</strong> We use your personal data to comply with applicable laws or respond to valid legal processes, including requests from law enforcement or government authorities; to investigate or participate in potential or ongoing litigation or other legal proceedings; and to enforce or investigate potential violations of our terms or policies.</li>
</ul>
<h2>How we disclose personal data</h2>
<p>In certain circumstances, we may disclose your personal data to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:</p>
<ul>
<li>With Shopify, vendors, and other third parties that perform services on our behalf (for example IT management, payment processing, data analytics, customer support, storage, fulfillment, and shipping).</li>
<li>With business and marketing partners to provide services and marketing communications. For example, we use Shopify to deliver personalized advertising services through third-party services based on your online activity across different merchants and websites. Our business and marketing partners will use your data in accordance with their own privacy policies. Depending on where you reside, you may have the right to request that we do not share your data for targeted advertising purposes based on your activity across different merchants and websites. You can exercise this right to opt out <a href="https://malialab.com/pages/data-sharing-opt-out">here</a>.</li>
<li>When you request or authorize us to disclose certain information to third parties, for example to ship your products, or when you use social media widgets or login integrations.</li>
<li>With our affiliates or within our corporate group.</li>
<li>In connection with a business transaction such as a merger or bankruptcy; to comply with legal obligations (including responding to subpoenas, search warrants, and similar requests); to enforce our terms and policies; and to protect or defend the Services, our rights, and the rights of our users or others.</li>
</ul>
<h2>Relationship with Shopify</h2>
<p>The Services are powered by Shopify, which collects and processes personal data relating to your access and use of the Services in order to provide and improve the Services for you. Data you submit through the Services will be transmitted to and shared with Shopify and third parties that may be located in countries outside your own. In addition, to help protect, grow, and improve your business, we use certain enhanced Shopify features that incorporate data and information obtained from your interactions with our store, as well as with other merchants and Shopify. To provide these enhanced features, Shopify may use personal data collected from your interactions with our store, other merchants, and Shopify itself. In such cases, Shopify is responsible for processing your personal data, including responding to requests to exercise your rights regarding the use of your personal data for these purposes. For more information on how Shopify uses your personal data and your rights, please see the <a href="https://www.shopify.com/legal/privacy/app-users">Shopify Consumer Privacy Policy</a>. Depending on where you reside, you may exercise certain rights regarding your personal data here: <a href="https://privacy.shopify.com/en">Shopify Privacy Portal</a>.</p>
<h2>Third-party websites and links</h2>
<p>The Services may contain links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, nor for the accuracy, completeness, or reliability of the information they contain. Information you provide in public or semi-public settings, including information you share on third-party social platforms, may be visible to other users of the Services and/or users of those third-party platforms without restriction as to its use by us or by third parties. Our inclusion of such links does not imply endorsement of the content on such platforms or of their owners or operators, except as disclosed in the Services.</p>
<h2>Children’s data</h2>
<p>The Services are not intended for use by children, and we do not knowingly collect personal data from children below the age of majority in your jurisdiction. If you are a parent or guardian of a child who has provided us with their personal data, you may contact us using the details below to request deletion. As of the effective date of this Privacy Policy, we are not aware of any "sale" or "sharing" (as defined under applicable laws) of personal data of individuals under 16 years of age.</p>
<h2>Data security and retention</h2>
<p>Please note that no security measures are perfect or impenetrable, and we cannot guarantee "absolute security". In addition, data you send to us may not be secure in transit. We recommend using secure channels when communicating sensitive or confidential information.</p>
<p>The retention period for personal data depends on various factors, such as whether we need the data to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or enforce other agreements and policies.</p>
<h2>Your rights and choices</h2>
<p>Depending on where you reside, you may have one or more of the following rights regarding your personal data. However, these rights are not absolute and may apply only in certain circumstances, and we may decline your request as permitted by law.</p>
<ul>
<li><strong>Right of access.</strong> You may have the right to request access to the personal data we hold about you.</li>
<li><strong>Right to deletion.</strong> You may have the right to request deletion of your personal data.</li>
<li><strong>Right to correction.</strong> You may have the right to request correction of your personal data.</li>
<li><strong>Right to portability.</strong> You may have the right to receive a copy of your personal data and request that we transfer it to a third party, in certain circumstances.</li>
<li><strong>Right to opt out of sale or sharing for targeted advertising.</strong> Depending on where you reside, you may have the right to opt out of the "sale" or "sharing" of your personal data or its processing for "targeted advertising" purposes. You can exercise this right <a href="https://malialab.com/pages/data-sharing-opt-out">here</a>. Please note that if you visit our website with the Global Privacy Control signal enabled, we will treat this as a request to opt out for the device and browser you are using. If we are able to associate the signal with a Shopify account, we will apply the opt-out request to that account as well. For more information about Global Privacy Control, visit https://globalprivacycontrol.org/. Other than Global Privacy Control, we do not recognize "Do Not Track" signals sent by your browser or device.</li>
<li><strong>Managing communication preferences.</strong> We may send you promotional emails, and you can opt out at any time by using the unsubscribe option included in our emails. If you opt out, we may still send you non-promotional emails, such as those related to your account or orders.</li>
</ul>
<div>
<p><strong>If you reside in the United Kingdom or the European Economic Area,</strong> and subject to local legal limitations, you may also have the following rights:</p>
<ul>
<li><strong>Objection and restriction of processing:</strong> You may have the right to request that we stop or restrict processing of your personal data for certain purposes.</li>
<li><strong>Withdrawal of consent:</strong> Where we rely on your consent to process your personal data, you have the right to withdraw it. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.</li>
</ul>
</div>
<p>You may exercise any of these rights where indicated in the Services or by contacting us using the details below. For more information about how Shopify uses your personal data and your rights, including those related to data processed by Shopify, please visit https://privacy.shopify.com/en.</p>
<p>You will not be discriminated against for exercising these rights. Before processing your request, we may need to verify your identity as permitted by law. Where permitted by law, you may designate an authorized agent to make requests on your behalf. Before accepting such a request, we will require proof that the agent has been authorized by you, and we may ask you to verify your identity directly. We will respond to your request within the timeframes required by applicable law.</p>
<h2>Complaints</h2>
<p>If you have complaints about how we process your personal data, please contact us using the details below. Depending on where you reside, you may have the right to appeal our decision or to lodge a complaint with your local data protection authority. For the EEA, you can find a list of supervisory authorities <a href="https://edpb.europa.eu/about-edpb/about-edpb/members">here</a>.</p>
<h2>International transfers</h2>
<p>Please note that we may transfer, store, and process your personal data outside your country of residence.</p>
<p>If we transfer your personal data outside the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses or equivalent contracts issued by the relevant UK authority, unless the transfer is to a country deemed to provide an adequate level of protection.</p>
<h2>Changes to this Privacy Policy</h2>
<p>We may update this Privacy Policy from time to time, including to reflect changes in our practices or for operational, legal, or regulatory reasons. We will post the updated Privacy Policy on the website, update the "Last updated" date, and provide notice as required by applicable law.</p>
<h2>Contact</h2>
<p>If you have any questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of your rights, please call , email us at info@malialab.it, or contact us at Via Provinciale 157, Guardavalle Marina, CZ, 88065, IT. For the purposes of applicable data protection laws, we are the data controller of your personal data.</p>