Privacy Policy

MamaYana LTD – Privacy Policy

Effective Date: 01 October 2025

  1. Who We Are

MamaYana LTD (“we”, “us”, “our”) is registered in England and Wales (Company No. 16652818).

Email: [email protected]

Trading address: RG21 4HG, Belvedere House, Basing View, Basingstoke, Hampshire..

We are the data controller for the personal data we collect about you.

  1. Information We Collect

We may collect:

  • Identity and contact data: name, email, delivery and billing addresses, phone (if provided).

  • Order data: items purchased, payment confirmation (we do not store full card details).

  • Technical data: IP address, browser type, pages visited (via cookies/analytics).

  • Marketing preferences: if you sign up for newsletters or offers.

  1. How We Use Your Data

    To process and deliver your orders.

    To respond to enquiries or support requests.

    To manage your account (if you create one).

    To improve our website and services.

    To send marketing communications only if you consent (unsubscribe anytime).

    To comply with legal and tax obligations.

  2. Legal Bases for Processing

    Contract – fulfilling your purchase.

    Consent – optional marketing emails and non-essential cookies.

    Legal obligation – accounting, tax, fraud prevention.

    Legitimate interests – improving services and preventing misuse.

  3. Cookies

We use essential cookies for site functionality and may use analytics or marketing cookies to improve performance. You can manage cookies via your browser or through our cookie banner.

  1. Third Parties and Create

Our online shop is built on Create (Create.net). Create provides the e-commerce platform that hosts our store and processes data on our behalf. Your personal data may be stored on Create’s secure servers. For details on their practices, see Create’s Privacy Policy.

We also share data with:

  • Delivery partners (e.g., Royal Mail) to ship your orders.

  • Payment processors (e.g., PayPal, Klarna) to securely process payments.

  • Professional service providers (e.g., accountants, IT support) under confidentiality agreements.

We never sell your data.

  1. International Transfers

If data is transferred outside the UK/EEA (e.g., via Create’s infrastructure or third-party services), we ensure safeguards such as Standard Contractual Clauses or equivalent protections.

  1. Data Retention

  • Orders/transactions: 6 years (legal compliance).

  • Marketing data: until you withdraw consent.

  • Analytics data: retained per provider policy, anonymised where possible.

  1. Your Rights

Under UK GDPR, you may:

  • Access, correct, or delete your personal data.

  • Object to or restrict processing.

  • Withdraw consent for marketing.

  • Request data portability.

To exercise rights, email [email protected]. You can also contact the Information Commissioner’s Office at www.ico.org.uk.

  1. Security

We use SSL encryption and restrict access to your data. Payments are handled securely by third-party processors compliant with PCI-DSS standards.

  1. Children

Our website is not directed at anyone under 18. We do not knowingly collect children’s data.

  1. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted here with a revised effective date.