Privacy policy

Privacy Policy 

Last updated: August 24, 2025

This Privacy Policy describes how My Store (“My Store”, “we”, “us”, or “our”) collects, uses, discloses, and protects your personal information when you visit, use our services, or make a purchase from maeveandorla.com (the “Site”) or otherwise communicate with us regarding the Site (collectively, the “Services”). It also includes our VAT & Import Policy applicable to shipments to Ireland under Incoterm DAP/DDU.

Please read this Privacy Policy carefully.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on the Site, update the “Last updated” date, and take any other steps required by applicable law.

What Personal Information We Collect

The types of personal information we obtain about you depend on how you interact with our Site and Services. “Personal information” means information that identifies, relates to, describes, or can be associated with you.

  1. Information You Provide Directly
  • Contact details: name, address, phone number, email.
  • Order information: name, billing address, shipping address, payment confirmation, email address, phone number.
  • Account information: username, password, security questions, and other authentication data.
  • Customer support information: the content of communications you send us (e.g., via contact forms, email, chat).

You may elect not to provide certain information; however, doing so may prevent you from using or accessing some features.

  1. Information Collected Automatically (Usage Data)
    We automatically collect certain information about your interaction with the Services using cookies, pixels, and similar technologies (“Cookies”). Usage Data may include device and browser information, network information, IP address, pages viewed, links clicked, and other interaction data.

  2. Information from Third Parties
    We may obtain information about you from:

  • Service providers supporting our Site and Services (e.g., Shopify).
  • Payment processors who process your payments (e.g., bank account, credit/debit card details, billing address).
  • Advertising/analytics partners and other vendors that collect information via online tracking technologies (pixels, web beacons, SDKs, third‑party libraries, Cookies) when you visit our Site, interact with our emails, Services, or ads.

Any information obtained from third parties will be treated in accordance with this Privacy Policy. See also “Third Party Websites and Links.”

How We Use Your Personal Information

  • Providing Products and Services (contract performance): to process payments, fulfill orders, arrange shipping, manage returns/exchanges, send transactional notifications, and manage your account. We may allow Shopify to match your account with other Shopify services you choose to use; in such cases, Shopify processes your information per its Privacy Policy and Consumer Privacy Policy.
  • Marketing and Advertising (legitimate interests; if required by law, based on consent): to send marketing communications and tailor advertising on our Site and other websites. For EEA residents, the legal basis is our legitimate interest in selling our products (Art. 6(1)(f) GDPR), unless consent is required under local law.
  • Security and Fraud Prevention (legitimate interests): to detect, investigate, and act on fraudulent, illegal, or malicious activity; to keep our Services secure (Art. 6(1)(f) GDPR).
  • Communicating with You and Service Improvement (legitimate interests): to provide customer support, respond to inquiries, and improve our Services (Art. 6(1)(f) GDPR).

Cookies and Online Tracking

We use Cookies to power and improve our Site/Services (e.g., remember preferences), run analytics, and tailor content/ads. For specific information about Cookies used in connection with Shopify, see https://www.shopify.com/legal/cookies.

  • Your choices: Most browsers accept Cookies by default. You can remove or reject Cookies via your browser controls. Blocking Cookies may affect Site functionality and may not fully prevent information sharing with third parties (e.g., advertising partners).
  • Global Privacy Control (GPC): Our website recognizes GPC signals as a valid opt‑out of “sharing”/targeted advertising for the associated browser/device. If we can associate the device to a Shopify account, we will apply the opt‑out to that account as well. Learn more at https://globalprivacycontrol.org/.
  • Do Not Track: Other than GPC, we do not recognize other “Do Not Track” signals.

How We Disclose Personal Information

We may disclose personal information in the following circumstances:

  • Service providers/vendors acting on our behalf (e.g., IT, payment processing, fulfillment/shipping, cloud storage, analytics, customer support).
  • Business and marketing partners to provide services and advertise to you (they will use your information in accordance with their own privacy notices).
  • With your direction or consent (e.g., to ship products, social media widgets, login integrations).
  • Within our corporate group/affiliates (legitimate interests to operate our business).
  • In connection with business transactions (e.g., merger), to comply with legal obligations (e.g., subpoenas), enforce terms, and protect our rights, users, and the Services.

In the past 12 months, we have disclosed the following categories of personal information for the purposes above:

  • Identifiers and certain order/account information.
  • Personal information categories listed in the California Customer Records statute (basic contact/order/account information).
  • Commercial information (orders, shopping information, customer support).
  • Internet/network activity (Usage Data).
  • Geolocation data (e.g., derived from IP).

Categories of recipients: service providers (ISPs, payment processors, fulfillment partners, customer support, analytics), business/marketing partners, and affiliates.

We do not use or disclose sensitive personal information without your consent or to infer characteristics.

With your consent, we may “sell” or “share” personal information for advertising/marketing as defined by applicable laws. In the preceding 12 months, categories “sold”/“shared” may include identifiers (e.g., name, email, phone), commercial information (purchase records), and Usage Data to business/marketing partners.

Children’s Data

The Services are not intended for children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us to request deletion. As of the effective date, we do not have actual knowledge that we “share” or “sell” personal information of individuals under 16 years of age.

Security and Retention

No security measures are perfect. Information sent to us may not be secure in transit. Do not use insecure channels for sensitive information. We retain personal information as needed to operate the Services, maintain your account, fulfill legal obligations, resolve disputes, and enforce agreements.

Your Rights

Depending on where you live, you may have rights regarding your personal information, which may include:

  • Access/Know; Delete; Correct; Portability.
  • Opt out of Sale/Sharing/Targeted Advertising.
  • Restriction of Processing; Withdrawal of Consent; Appeal of decisions.
  • Manage communication preferences (unsubscribe from marketing; we may still send transactional emails).

You may exercise these rights where indicated on our Site or by contacting us (see “Contact”). We may request information to verify your identity (e.g., email or account details). You may designate an authorized agent subject to verification requirements. We will respond within timeframes required by law. We will not discriminate against you for exercising your rights.

International Users and Data Transfers

We may transfer, store, and process your personal information outside your country. Where we transfer personal data out of Europe, we rely on recognized transfer mechanisms such as the European Commission’s Standard Contractual Clauses (or UK equivalents), unless transferring to an “adequate” country.

Third‑Party Websites and Links

Our Site may link to third‑party websites or platforms. Their privacy/security policies govern those sites. We are not responsible for their content, security, or privacy practices. Information you provide on public or third‑party platforms may be viewable by others.

VAT & Import Policy (Ireland – Incoterm DAP/DDU)

This section explains how VAT, duties, and import charges apply to certain orders delivered to Ireland. It is part of our customer transparency and may involve processing personal information (e.g., passing consignee details to carriers/customs for delivery and compliance).

  • Incoterm: We ship under DAP/DDU (Delivered at Place – Duties Unpaid) for relevant orders. Prices displayed on our Site for such deliveries exclude Irish VAT, customs duties, and clearance/handling fees.
  • Importer of Record: The recipient in Ireland acts as the importer of record and is responsible for paying Irish import VAT and any applicable duties/fees to the carrier or Irish customs before/at delivery.
  • IOSS: We do not use IOSS for these shipments; VAT is charged upon import in Ireland.
  • Scope: Applies to orders shipped directly from a non‑EU country (e.g., China) to an address in Ireland. Not applicable where expressly stated otherwise (e.g., EU‑stock dispatch or DDP deliveries).
  • Legal basis (brief): EU VAT Directive 2006/112/EC, including Articles 33 and 36a. Under DAP/DDU, VAT is collected at import in Ireland; you are the importer of record.
  • What to expect: The carrier (e.g., An Post, DHL, UPS, FedEx) may contact you to collect Irish import VAT, any customs duties, and clearance/handling fees. Delivery occurs after these charges are paid.
  • How charges are calculated: Based on goods value (commercial invoice), shipping costs (if applicable), the Irish VAT rate for the product, applicable customs duties, and any carrier handling/clearance fees.
  • Pricing and invoicing: Website prices for applicable deliveries to Ireland exclude VAT and import charges. Our invoice will state Incoterm “DAP/DDU – Delivered at Place (duties unpaid).” We do not charge Irish VAT at checkout; VAT is due at import.
  • Responsibilities:
    • Customer (Importer of Record): pays import VAT, customs duties, and any clearance/handling fees; provides complete and accurate delivery details; ensures product is permitted in Ireland and meets local requirements (e.g., CE marking).
    • Seller: ships from the non‑EU origin to the Irish address; declares correct goods value and DAP/DDU Incoterm on shipping documents; lists the recipient as consignee/importer on customs documents; clearly informs customers of this policy before purchase.
  • Returns and refusal: If import charges remain unpaid and the parcel is refused/returned, return and handling costs may be deducted from any refund. Original shipping costs are non‑refundable unless required by law. For incorrect charge calculations, contact the carrier; we will assist with documentation where possible.
  • Timelines and customs checks: Customs inspections may extend delivery times. Delivery estimates are not guarantees; we are not liable for delays due to customs or charge collection.
  • Product restrictions and compliance: Customers must ensure the product is permitted in Ireland and meets local requirements. If customs detain goods due to restrictions/non‑compliance, additional costs or returns may arise.

Note on data use for shipping and customs: To fulfill your order under DAP/DDU, we may share necessary personal information (e.g., name, address, contact details, order value) with carriers, customs brokers, and authorities to arrange importation, calculate charges, and complete delivery. The legal bases include contract performance (Art. 6(1)(b) GDPR), legal obligation (Art. 6(1)(c) GDPR), and legitimate interests (Art. 6(1)(f) GDPR) in ensuring compliant delivery.

Contact

If you have questions about our privacy practices or this Privacy Policy, or if you wish to exercise your rights, please contact us:

Unless otherwise stated, we are the data controller for your personal information.

If you are not satisfied with our response to your complaint, you may lodge a complaint with your local data protection authority (for EEA residents, see the list of supervisory authorities provided by the European Data Protection Board).