Privacy Policy

Sudemulleyn Limited is a company incorporated under the Companies Act, 2006 with a registered office located at 35 Grafton Way, London, W1T 5DB, England (hereinafter also referred to as “Mulleyn”, “Company”, “we”, “our” or “us”) operates www.mulleyn.co.uk (“Website”). Our Privacy Policy (“Policy”) in compliance with the General Data Protection Regulation (GDPR) governs your visit to our Website and explains how we collect, safeguard and disclose information that results from your use of our Service.
We take your privacy very seriously. In this Policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this Policy that you do not agree with, please discontinue the use of our Services immediately.
We use your data to provide and improve Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Policy, the terms used in this Policy have the same meanings as in our Terms and Conditions. Our Terms and Conditions govern all use of our Service and together with the Policy constitute your agreement with us.
If this Policy is modified in any way, it will be updated here. Regularly checking and reviewing this page ensures that you are updated on the information which may be collected, used (and under what circumstances), and if it may be shared with other parties (if at all). If we believe that the modifications are material, we will notify you of the changes by posting a notice on the Website, or emailing you at the email address provided to us by you, and as we may deem appropriate. What constitutes a material change will be determined by us, at our sole and absolute discretion. In this Policy "you", "your" or “Users” refers to the users of the Website.
DEFINITIONS
SERVICE means the Website operated by Mulleyn.
PERSONAL DATA means data about a living individual who can be identified from that data (or from those and other information either in our possession or likely to come into our possession).
USAGE DATA is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
COOKIES are small files stored on your device (computer or mobile device).
DATA CONTROLLER means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
DATA PROCESSORS (OR SERVICE PROVIDERS) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
DATA SUBJECT is any living individual who is the subject of Personal Data.
THE USER is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data. This includes anyone who is browsing our Website.
WHAT INFORMATION DO WE COLLECT?
The personal information you disclose to us
In Short: We collect information that you provide to us.
We may collect personal information that you voluntarily provide to us, express an interest in obtaining information about us or our products and Services or otherwise when you contact us.
The personal information that we may collect depends on the context of your interactions with us and the Website, the choices you make and the services and features you use. The personal information we collect may include the following:
Personal Information Provided by You. We collect First name; Last name; email address; phone number; Address; State; Province; ZIP/Postal code; City; order details and other similar information. We may also collect additional information about our clients in order to provide relevant and effective services.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Website.
When you access our websites, we, our service providers and our partners may automatically collect information about you, your computer or mobile device, and your activity on our websites. Typically, this information includes your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; and information about your use of and actions on or in our websites, such as pages or screens you accessed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access.
Our service providers and business partners may collect this type of information over time and across third-party websites. This information is collected via various mechanisms, such as via web beacons, embedded scripts, and similar technologies. This type of information may also be collected when you read our HTML-enabled emails.
The information we collect includes:
Log and Usage Data. Log and usage data is service-related, diagnostic usage and performance information our servers automatically collect when you access or use our Website and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity on the Website (such as the date/time stamps associated with your usage, pages and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings).
Device Data. We collect device data such as information about your computer, phone, tablet or other devices you use to access the Website. Depending on the device used, this device data may include information such as your IP address (or proxy server), device application identification numbers, location, browser type, hardware model Internet service provider and/or mobile carrier, and operating system configuration information.
USE OF COOKIES, WEB BEACONS AND OTHER TRACKERS
We use temporary and permanent cookies, tags, scripts, and other similar technologies to identify users of our services and enhance user experience and identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness and for targeted visitor and user engagement by tracking your activities on our websites. We use third-party tracking services like google analytics and google tag manager to understand the behaviour of our website visitors and serve them better.

Further, the pages on the website may also include web beacons or pixels, which are electronic files to count users who have visited that page, to track activity over time and across different websites, to determine users’ interactions with emails we send, to identify certain cookies on the computer or other electronic device accessing that page, or to collect other related information, and this information may be associated with your unique browser, device identifier, or Internet Protocol address.

You can set your browser to refuse all cookies or to indicate when a cookie is being sent to your computer. However, this may prevent our site or services from working properly. You can also set your browser to delete cookies every time you finish browsing. For more information please refer to our Cookies Policy.

HOW DO WE USE YOUR INFORMATION?
In Short: We process your information for purposes based on legitimate business interests, the fulfilment of our contract with you, compliance with our legal obligations, and/or your consent.
We use personal information collected via our Website for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the information we collect or receive:
To provide our services to you. We offer products for create accounts, sale, shipping and fulfilment of your order, and keep you up to date on new products, services, and offers.
To send administrative information to you. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
To protect our Services. We may use your information as part of our efforts to keep our Website safe and secure (for example, for fraud monitoring and prevention).
To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.
To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
To respond to user inquiries/offer support to users. We may use your information to respond to your inquiries and solve any potential issues you might have with the use of our Services.
To send you marketing and promotional communications. We and/or our third-party marketing partners may use the personal information you send to us for our marketing purposes if this is in accordance with your marketing preferences.
WILL YOUR INFORMATION BE SHARED WITH ANYONE?
In Short: We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.
We may process or share the data that we hold based on the following legal basis:
Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfil the terms of our contract.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal processes, such as in response to a court order(including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
More specifically, we may need to process your data or share your personal information in the following situations:
​​Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Third-Party Advertisers: We may use third-party advertising companies to serve ads when you visit or use the Website. These companies may use information about your visits to our Website(s) and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you.
Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honour this Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
Business Partners: We may share your information with our business partners to offer you certain products, services or promotions.
WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
In Short: We are not responsible for the safety of any information that you share with third-party providers who advertise, but are not affiliated with, our Website.
The Website may contain third parties links and which may link to other websites. We cannot guarantee the safety and privacy of the data you provide to any third parties. Any data collected by third parties is not covered by this Policy. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services or applications that may be linked to or from the Website. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
WE HEREBY DISCLAIM LIABILITY FOR, ANY INFORMATION, MATERIALS, PRODUCTS, OR SERVICES POSTED OR OFFERED AT ANY OF THE THIRD-PARTY SITES LINKED TO THIS WEBSITE. BY CREATING A LINK TO A THIRD-PARTY WEBSITE, WE DO NOT ENDORSE OR RECOMMEND ANY PRODUCTS OR SERVICES OFFERED OR INFORMATION CONTAINED ON THAT WEBSITE, NOR ARE WE LIABLE FOR ANY FAILURE OF PRODUCTS OR SERVICES OFFERED OR ADVERTISED AT THOSE SITES. SUCH A THIRD PARTY MAY HAVE A PRIVACY POLICY DIFFERENT FROM THAT OF OURS AND THE THIRD-PARTY WEBSITE MAY PROVIDE LESS SECURITY THAN THIS SITE.
HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this Policy will require us keeping your personal information for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, the transmission of personal information to and from our Website is at your own risk. You should only access the Website within a secure environment.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE OF THE UK?
Many of our third-party service providers are based outside the USA, so processing of your Personal Data may involve a transfer of your Personal Data outside the UK and it will be maintained or accessed in servers or files located in countries outside the UK, including the United States. By accepting our privacy policy you expressly consent to the sharing of your personal data between Mulleyn and third-party service providers that allow us to discharge our regulatory and compliance obligations.
Whenever we transfer any Personal Data outside the UK, we will put in place an adequate level of protection to ensure that any such transfers comply and are consistent with applicable UK data protection laws, the standard data protection clauses specified in regulations made by the Secretary of State under section 17C(b) of the 2018 Data Protection Act and for the time being in force in the United Kingdom (the “UK Clauses”) as appropriate.
Please contact us at Info@mulleyn.co.uk if you are located in the UK and want further information on the specific mechanism used by us when transferring Personal Data outside of the UK.
YOUR DATA PROTECTION RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR).
If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed of what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
Under certain circumstances, individuals in Europe have rights under data protection laws in relation to their personal data. If you are located in Europe, you may ask us to take the following actions regarding personal data that we hold:
Access. You are entitled to ask us if we are processing your personal data and, if so, for a copy of the personal data we hold about you, as well as obtain certain other information about our processing activities.
Correction. If any personal data we hold about you is incomplete or inaccurate, you can require us to correct it, though we may need to verify the accuracy of the new data you provide to us.
Erasure. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Object. Where our reason for processing your personal data is a legitimate interest you may object to the processing as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
Restriction. You may ask us to suspend our use of your personal data in the following scenarios: if you want us to establish the data's accuracy; where our use of your personal data is unlawful but you do not want us to erase it; where you need us to hold your data for a longer period than we usually would, because you need it to establish, exercise or defend legal claims; or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Transfer. Where it is possible, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data provided by you which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent. Where our reason for processing is based on your consent, you may withdraw that consent at any time. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Automated decision making. You have the right not to be subject to automated decision-making (e.g., profiling) that significantly affects you. The exercise of this right is not available to you in the following cases:
The automated decision is required to enter into, or perform, a contract with you.
We have your explicit consent to make such a decision.
The automated decision is authorised by the local law of an EU member state.
However, in the first two cases set out above, you still have the right to obtain human intervention in respect of the decision, to express your point of view and to contest the decision.
There may be legal or other reasons why we cannot, or are not obliged to, fulfil a request to exercise your rights. We will use available lawful exemptions to your individual rights to the extent appropriate. If we decline your request, we will tell you why, subject to legal restrictions.
You will not have to pay a fee to exercise any of your rights relating to your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not be able to provide Service without some necessary data.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).
WHAT INFORMATION DO THE SERVICE PROVIDERS HAVE ACCESS TO?
We may employ third-party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
GOOGLE ANALYTICS
We may use third-party Service Providers to monitor and analyse the use of our Service.
Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
GOOGLE ADWORDS
Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: My Ad Centre
Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
OTHER THIRD-PARTY SERVICES
Our Service may offer integration with several platforms, including Shopify These platforms are used by our users to create and manage products and orders, and may require certain design information and other data from our Service.
It's important to note that these third-party services have their own privacy policies that dictate how they handle user data. We encourage our users to review these policies carefully and understand how their information is collected, used, and protected by each platform. The privacy policies for these services can be found at the following links:
Shopify: https://www.shopify.com/legal/privacy
Please note that our Service is not responsible for the actions or policies of these third-party services, as they operate independently from us. If you have any questions or concerns about how your data is being used by these platforms, we recommend that you contact them directly.
CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference and not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
HOW DO WE PROTECT CHILDREN’S PRIVACY?
Our Services are not for the use of children below the age of 18 (“Child” or “Children”). We do not knowingly collect personally identifiable information from children under 13 without the consent of the legal guardian. If you become aware that a Child has provided us with Personal Data without the parent's consent, please contact us. If we become aware that we have collected Personal Data from Children, we take steps to remove that information from our servers.
WHAT THIRD-PARTY PAYMENT PROCESSORS DO YOU USE?
At our Service, we offer paid products and/or services, but we do not store or collect your payment details. Instead, we may use third-party services for payment processing, such as PayPal, Shopify Payment and Klarna.
PayPal: https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Shopify Payment: https://www.shopify.com/legal/privacy
Klarna: https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/privacy
When you make a payment through one of these third-party services, your payment information is provided directly to the payment processor, and their use of your personal information is governed by their own Privacy Policy. These payment processors adhere to the standards set by PCI-DSS (Payment Card Industry Data Security Standard) as managed by the PCI Security Standards Council. PCI-DSS requirements help ensure the secure handling of payment information.
We take the security of our users' payment information very seriously and are committed to protecting it. By using trusted third-party payment processors that adhere to the PCI-DSS requirements, we can provide a secure and reliable payment experience for our users.
DELETION OF ACCOUNT AND DATA
If you no longer wish to use our Services, you may be able to delete your account and data with us. If you can delete your own account, please contact us. Mulleyn may take up to 7 (seven) working days to process your request. Once your account is deleted, you will lose access to all Services. For the avoidance of doubt, it is hereby clarified that all data with respect to transactions performed by you on the Platform will be retained in accordance with applicable law.

HOW CAN YOU SUBMIT A COMPLAINT?
If you have a complaint about our handling of your personal data, you may contact our data protection officer using the contact information below. We request that a complaint be made in writing. Please provide details about your concern or complaint so that our data protection officer can investigate it. We will take appropriate action in response to your complaint, which may include conducting internal discussions with relevant business representatives. We may contact you for additional details or clarification about your concern or complaint. We will contact you to inform you of our response to your complaint.
You also have the right to make a complaint to the Information Commissioner’s Office – the supervisory authority that handles data protection law in the UK. You can contact them at: https://ico.org.uk/make-a-complaint/
DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last updated” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
CONTACT US
After reviewing this policy, if you have any additional questions, concerning this Privacy Policy, please contact us by sending an email to Info@mulleyn.co.uk by adding the word “Privacy” in the subject line.
Last Updated: June 7, 2023.