Privacy policy
Last updated: July 3, 2026
This Privacy Policy describes how Malìa Lab (the "Site", "we", "us" or "our") collects, uses, and discloses your personal information when you visit, use our services, make a purchase from malialab.com (the "Site"), or otherwise communicate with us about the Site (collectively, the "Services"). For the purposes of this Privacy Policy, "you" and "your" refer to you as a user of the Services, whether you are a customer, a website visitor, or another individual about whom we have collected information under this Privacy Policy.
Please read this Privacy Policy carefully.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last updated" date, and take any other measures required by applicable law.
How we collect and use your personal information
To provide the Services, we collect and have collected in the past 12 months personal information about you from a variety of sources, as described below. The information we collect and use varies depending on how you interact with us.
In addition to the specific uses described below, we may use the information we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and protect or defend the Services, our rights, and the rights of our users or others.
What personal information we collect
The types of personal information we obtain about you depend on how you interact with our Site and use our Services. When we use the term "personal information," we mean information that identifies, relates to, describes, or can be associated with you. The sections below describe the categories and specific types of personal information we collect.
Information we collect directly from you
The information you provide directly to us through our Services may include:
- Contact details including name, address, phone number, and email.
- Order information including name, billing address, shipping address, payment confirmation, email address, and phone number.
- Account information including username, password, security questions, and other information used for account security purposes.
-
Purchase information including items viewed, added to cart, saved in your account such as loyalty points, reviews, referrals, gift cards, or purchases.
- Loyalty points/product reviews/referrals/gift cards saved
- Customer support information including any information you choose to include in communications with us, for example when you send a message through the Services.
Some features of the Services may require you to provide certain information about yourself directly. You may choose not to provide such information, but doing so may prevent you from using or accessing those features.
Information we collect about your usage
We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do so, we may use cookies, pixels, and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, network connection information, your IP address, and other information related to your interaction with the Services.
Information we obtain from third parties
Finally, we may obtain information about you from third parties, including vendors and service providers who may collect information on our behalf, such as:
- Companies that support our Site and Services, for example Shopify.
- Our payment processors who collect payment information (for example, bank account, credit or debit card information, billing address) to process payment in order to fulfill your orders and provide the products or services you requested to perform our contract with you.
- When you visit our Site, open or click on emails we send you, or interact with our Services or advertising, we or third parties we work with may automatically collect certain information using online tracking technologies such as pixels, web beacons, software development kits, third-party libraries, and cookies.
Any information we obtain from third parties will be handled in accordance with this Privacy Policy. See also the section below, Third-party websites and links.
How we use your personal information
- Provision of products and services. We use your personal information to provide the Services in order to perform our contract with you, including processing your payments, fulfilling your orders, sending you notifications related to your account, purchases, returns, exchanges, or other transactions, creating, maintaining, and otherwise managing your account, arranging shipping, facilitating returns and exchanges, and other account-related features and functionality . We may also enhance your shopping experience by allowing Shopify to match your account to other Shopify services you may choose to use. In that case, Shopify will process your information as set out in its Privacy Policy and Consumer Privacy Notice .
- Marketing and advertising We may use your personal information for marketing and promotional purposes, such as sending marketing, advertising, and promotional communications via email, text messages, or postal mail and showing you advertisements for products or services. This may include using your personal information to better personalize the Services and advertising on our Site and other websites . If you reside in the EEA, the legal basis for these processing activities is our legitimate interest in selling our products under Article 6(1)(f) of the GDPR.
- Security and fraud prevention. We use your personal information to detect, investigate, or take action regarding potential fraudulent, illegal, or harmful activity. If you choose to use the Services and register an account, you are responsible for keeping your account credentials secure. We strongly recommend that you do not share your username, password, or other access details with anyone. If you believe your account has been compromised, contact us immediately . If you reside in the EEA, the legal basis for these processing activities is our legitimate interest in keeping our website secure for you and other customers under Article 6(1)(f) of the GDPR.
- Communication with you and service improvement. We use your personal information to provide customer support and improve our Services. This is in our legitimate interest to be responsive to you, provide effective services, and maintain our business relationship with you under Article 6(1)(f) of the GDPR.
Cookies
Like many websites, we use cookies on our Site. For specific information about the cookies we use in relation to managing our Shopify store, see https://www.shopify.com/legal/cookies. We use cookies to operate and improve our Site and Services (including to remember your actions and preferences), to perform analytics and better understand user interaction with the Services (in our legitimate interest to administer, improve, and optimize the Services). We may also allow third parties and service providers to use cookies on our Site to better personalize services, products, and advertising on our Site and other websites.
Most browsers accept cookies by default, but you can set your browser to remove or refuse cookies via browser controls. Please note that removing or blocking cookies may negatively affect your user experience and may cause some Services to malfunction or become unavailable, including some general features and functionality. Also, blocking cookies may not completely prevent the way we share information with third parties, such as our advertising partners.
Our website also recognizes the Global Privacy Control (GPC) signal, which allows you to opt out of certain uses or disclosures of your information. If you communicate your preference to us via GPC, we will treat that signal as a valid request to opt out of sharing/targeted advertising for the associated browser or device and, if we can associate the device by sending the signal to the Shopify account, we will apply the opt-out request to the account as well. To learn more about the Global Privacy Control, you can visit https://globalprivacycontrol.org/. In addition to the Global Privacy Control, we do not recognize other "Do Not Track" signals that may be sent by your web browser or device.
How we disclose your personal information
In certain circumstances, we may disclose your personal information to third parties for contract performance, legitimate purposes, and other reasons subject to this Privacy Policy. Such circumstances may include:
- to vendors or other third parties who perform services on our behalf (for example IT management, payment processing, data analytics, customer support, cloud storage, order fulfillment, and shipping).
- To commercial and marketing partners to provide services and advertise to you. Our commercial and marketing partners will use your information in accordance with their privacy notices.
- When you direct us, request, or otherwise consent to our disclosure of certain information to third parties, for example to ship products to you or through the use of social media widgets or login integrations, with your consent.
- With our affiliates or otherwise within our corporate group, in our legitimate interest to operate a successful business.
- In connection with a business transaction, such as a merger or bankruptcy, to comply with applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or others.
In the past 12 months we have disclosed the following categories of personal data and sensitive personal data about users for the purposes described above in “How we collect and use your personal information” and “How we disclose personal information”:
| Category | Categories of recipients |
|---|---|
|
|
We do not use or disclose sensitive personal information without your consent or to infer characteristics about you.
With your consent we share personal information for advertising and marketing activities as follows.
We have "sold" and "shared" (as defined by applicable law) personal information in the past 12 months for advertising and marketing purposes as follows.
| Category of personal information | Categories of recipients |
|---|---|
| Identifiers such as name, email address, and phone number | Commercial and marketing partners |
| Commercial information such as records of products or services purchased | Commercial and marketing partners |
| Usage Data | Commercial and marketing partners |
Third-party websites and links
Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not warrant and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on those sites. Information provided in public or semi-public places, including information shared on third-party social networking platforms, may also be visible to other users of the Services and/or users of those third-party platforms without restrictions on their use by us or a third party. The inclusion of such links by us does not, by itself, imply any endorsement of the content of those platforms or their owners or operators, except as disclosed on the Services.
Children's data
The Services are not intended for use by children and we do not knowingly collect any personal information from children. If you are a parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details below to request deletion.
As of the effective date of this Privacy Policy, we are not aware that we "share" or "sell" (as defined by applicable law) personal information of individuals under the age of 16.
Security and retention of your information
Please note that no security measure is perfect or impenetrable and we cannot guarantee "perfect security." In addition, any information you send to us may not be secure during transmission. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.
How long we retain your personal information depends on various factors, for example whether we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes, or enforce other contracts and policies.
Your rights
Depending on where you live, you may have some or all of the rights listed below with respect to your personal information. However, these rights are not absolute, may apply only in certain circumstances, and in some cases we may refuse your request as permitted by law.
- Right of access: you may have the right to request access to the personal information we hold about you, including details about how we use and share your information.
- Right to deletion: you may have the right to request deletion of the personal information we hold about you.
- Right to rectification: you may have the right to request that we correct inaccurate personal information we hold about you.
- Right to portability: you may have the right to receive a copy of the personal information we hold about you and to request its transfer to third parties, in certain circumstances and subject to certain exceptions.
- Right to opt out of sale, sharing, or targeted advertising: you may have the right to request that we not "sell" or "share" your personal information or to opt out of processing your personal information for purposes considered "targeted advertising" as defined by applicable privacy laws. Please note that if you visit our Site with the Global Privacy Control explicit opt-out preference enabled, depending on where you are located, we will automatically treat that as a request to opt out of "sale" or "sharing" of information for the device and browser you use to visit the Site.
- Restriction of processing: you may have the right to request that we stop or limit our processing of personal data.
- Withdrawal of consent: where we rely on consent to process your personal information, you may have the right to withdraw that consent.
- Appeal: you may have the right to appeal our decision if we refuse to process your request. You can do so by responding directly to our denial.
- Communication preferences: we may send you promotional emails and you can opt out at any time using the unsubscribe option in our emails. If you unsubscribe, we may still send you non-promotional emails, such as those related to your account or orders you have placed.
You can exercise any of these rights as indicated on our Site or by contacting us using the contact details provided below.
We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, such as your email address or account information, before providing a substantive response to the request. In accordance with applicable laws, you may designate an authorized agent to submit requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will ask the agent to provide proof that you have authorized them to act on your behalf and we may require you to verify your identity directly with us. We will respond to your request in a timely manner as required by applicable law.
Complaints
If you have complaints about how we process your personal data, please contact us using the contact details provided below. If you are not satisfied with our response to your complaint, depending on where you live, you may have the right to challenge our decision by contacting us using the contact details below or by filing a complaint with your local data protection authority . For the EEA, you can find a list of supervisory data protection authorities here.
International users
Please note that we may transfer, store, and process your personal information outside the country where you live. Your personal data may be processed by staff and service providers and third-party partners in those countries.
If we transfer your personal information outside of Europe, we will rely on recognized transfer mechanisms such as the European Commission's standard contractual clauses or any equivalent contract issued by the competent UK authority, as applicable, unless the data transfer is to a country that has been determined to provide an adequate level of protection.
Contact
If you have questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of the rights available to you, call us or email us at info@malialab.it or contact us at Malia Lab di Amato Flavia, via provinciale 157, 88065 Guardavalle Marina CZ, Italy.
For the purposes of applicable data protection laws and unless explicitly stated otherwise, we are the data controller of personal data.

