Privacy Policy

Privacy Policy (UK GDPR Compliant)

Last updated: January 2026

1. Introduction

This Privacy Policy explains how OBAI Ltd (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit www.maitresavonitto.uk, make a purchase, or contact us. We comply with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Data Controller

OBAI Ltd The Venture Centre, Stirling House, Cambridge Innovation Park, Denny End Road, CB25 9PB, United Kingdom Email: hello@maitresavonitto.uk

3. Personal Data We Collect

3.1 Data you provide directly

• Name

• Billing and delivery address

• Email address

• Phone number (if provided)

• Order details

• Account details (if you create an account)

• Messages sent to us (customer service)

3.2 Data collected automatically

• IP address

• Browser and device information

• Pages visited and interactions

• Cookies and similar technologies (Essential cookies always run; non‑essential cookies only run with consent.)

3.3 Payment information

Payments are processed securely by Stripe or PayPal. Depending on your device, additional payment methods such as Apple Pay or Google Pay may be offered. These services process your payment information directly and do not share your full card details with us.

4. Legal Bases for Processing

We process your data under the following lawful bases:

• Contractual necessity – to process and deliver your orders

• Legitimate interests – fraud prevention, website security, customer account management

• Legal obligation – accounting, tax, and record‑keeping

• Consent – for non‑essential cookies (if introduced in the future) (We currently use essential cookies only.)

5. How We Use Your Data

• Processing and fulfilling orders

• Delivering products via Royal Mail or courier

• Managing customer accounts

• Responding to enquiries

• Improving website performance and security

• Preventing fraud and misuse

• Complying with legal and financial obligations

(Marketing emails are not sent, as your website does not collect marketing opt‑ins.)

6. Data Sharing

We may share your data with trusted service providers:

• Payment processors (Stripe, PayPal)

• Delivery partners (Royal Mail / couriers)

• Website hosting and IT providers

• Email service provider (transactional emails only)

• Professional advisers (accountants, auditors)

We never sell your personal data.

7. International Transfers

Where data is transferred outside the UK, we rely on:

• UK adequacy regulations

• International Data Transfer Agreements (IDTA)

• Standard Contractual Clauses (SCCs) where required

8. Data Retention

• Orders and accounts: up to 6 years (legal requirement)

• Customer enquiries: up to 12 months

• Cookies: up to 13 months (see Cookie Policy)

9. Your Rights

You may request:

• Access to your data

• Correction of inaccurate data

• Deletion (where applicable)

• Restriction of processing

• Data portability

• Objection to processing

• Withdrawal of cookie consent

Contact: hello@maitresavonitto.uk

10. Complaints

If you have concerns, you may contact the Information Commissioner’s Office (ICO): https://ico.org.uk

11. Cookies

We use essential cookies required for the operation of our website. We do not currently use analytics, advertising, or other non‑essential cookies. If optional cookies are introduced in the future, they will only run with your consent. See our Cookie Policy for full details.

12. Security

We use appropriate technical and organisational measures, including:

• SSL encryption

• Secure hosting

• Access controls

• Regular updates

• Fraud‑prevention tools

13. Updates

We may update this Privacy Policy from time to time. The latest version will always be available on our website.