Privacy Policy

Last updated: August 20, 2025
Website: https://www.mindolle.com
Legal owner / 15,07,2025: Mindolle/Mindolle Potion Room (“we”, “us”, “our”)
Contact:

mindolle.glow@proton.me

1) What this policy covers

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit mindolle.com, make a purchase, create an account, subscribe to our newsletter, or interact with our content and ads.

2) Data we collect

• Account & order data: name, email, phone (optional), billing/shipping address, order details, notes.
• Payment data: processed by third‑party providers (e.g., Stripe/PayPal/SEPA provider). We don’t store full card or bank details on our servers.
• Communications: messages, support requests, newsletter preferences.
• Device & usage data: IP address, browser/OS, pages viewed, time on page, referring URLs, UTM parameters, approximate location, cookie IDs.
• Cookies & similar tech: see Section 7 and our Cookie banner (CMP) for details and choices.

3) Why we process data (GDPR legal bases)

• To fulfill a contract (process orders, deliver products, customer support).
• Legitimate interests (site security, fraud prevention, service improvement, non‑personalized analytics).
• Consent (email marketing, personalized advertising, non‑essential cookies).
• Legal obligations (tax, accounting, compliance).

4) Advertising & Google AdSense

We use Google AdSense to display ads. Google and its partners may use cookies and device identifiers to show ads based on your visits to this and/or other sites.

• In the EEA/UK, we rely on your consent for personalized ads.
• We implement Google Consent Mode v2 so Google tags respect your choices for: ad_storage, analytics_storage, functionality_storage, security_storage, ad_user_data, ad_personalization.
• Manage your choices any time via the “Manage Cookies/Consent” link in our banner.
• More about Google’s data use and controls:
  Ads settings: https://adssettings.google.com
  How Google uses info: https://policies.google.com/technologies/ads
  EU user consent policy: https://www.google.com/about/company/user-consent-policy.html

Third‑party vendors and ad networks may serve ads on our site. You can opt out of some third‑party vendors’ personalized advertising at:

• EU/Global: https://youronlinechoices.eu / https://optout.networkadvertising.org
• US: https://optout.aboutads.info

If you do not consent to personalized ads, you may still see non‑personalized (contextual) ads.

5) Analytics & tools

We may use tools such as Google Analytics 4 (via Site Kit), Search Console, anti‑spam/security, performance and email delivery plugins. These tools set cookies or read device data to provide aggregated insights or deliver core functionality. Where required, we ask for your consent via the CMP.

6) Sharing your data

We share data with trusted service providers who help operate our store and services, e.g.:

• Hosting/CDN, payment processors (e.g., Stripe/PayPal/SEPA), e‑commerce platform/plugins (e.g., WooCommerce), email service providers, analytics and advertising partners (e.g., Google), security/fraud‑prevention tools, couriers.
  They process data under contracts and only as instructed by us.

7) Cookies and consent

Our site uses cookies and similar technologies for essential functionality, analytics, and advertising. On your first visit we display a Consent Management Platform (CMP) to obtain your choices and, where applicable, consent.

• You can accept/reject categories (e.g., analytics, advertising) and change your preferences any time via the banner link.
• Essential cookies are required for the site and store to function.
• Cookie lifetimes and full lists are provided dynamically through the CMP.

Cookies & Similar Technologies
We use cookies and similar technologies for essential functionality, analytics and advertising. You can manage your choices via our consent banner (“Manage Cookies / Consent”) at any time. For details, see our Cookie Policy.

8) International transfers

Some providers may be located outside your country. When transferring data internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) as required by law.

9) Data retention

• Orders & invoices: kept for 6 years (or longer where required by tax/accounting law).
• Analytics data: per tool settings (typically 14–26 months).
• Marketing consents: until you withdraw consent.
• Support messages: typically 24 months.
  We may keep data longer where necessary to establish, exercise, or defend legal claims.

10) Your rights (EEA/UK)

You can access, rectify, erase, or port your data; restrict or object to certain processing; and withdraw consent at any time (this does not affect processing before withdrawal).
To exercise rights, contact us at [contact email]. You also have the right to lodge a complaint with your local data protection authority.

11) Children’s privacy

Our services are not directed to children under 13 (or the age defined by local law). We do not knowingly collect data from children.

12) “Do Not Sell/Share” (California)

If we make our services available to California residents, we will honor CPRA rights, including “Do Not Sell or Share My Personal Information,” right to limit sensitive data use, and opt‑out of cross‑context behavioral advertising. California residents can contact us at [contact email] to exercise these rights.

13) Security

We use reasonable technical and organizational measures to protect personal data. No method of transmission or storage is 100% secure.

14) Changes to this policy

We may update this policy from time to time. We will post the updated version with a new “Last updated” date.

15) Contact us

Data controller: [Mindalle/Mindolle Potion Room]
Email:

mindolle.glow@proton.me