Privacy policy

Privacy Policy

Privacy at Mertella at a glance

Last updated: 8 june 2026

🔒 Your data: name, contact details and payment information when making purchases + basic device information.
💡 Use: for orders, updates and security. Nothing else.
🤝 Sharing: only with the necessary parties for legal purposes.
✅ Your rights: would you like to modify or delete your information? Let us know.
🕒 Retention: only for as long as necessary.

Questions? info@mertella.com is here to help.

Fast, secure, simple. That’s Mertella.

Last updated: 8 December 2025

This Privacy Policy describes how Mertella (“the Site”, “we”, “our”) collects, uses and discloses your personal data when you visit, use our services or make a purchase on mertella.com (“the Site”) or when you communicate with us about the Site (collectively, the “Services”).
For the purposes of this Privacy Policy, the terms “you” and “your” refer to the user of the Services, whether a customer, website visitor or any other person whose information has been collected in accordance with this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal or regulatory reasons. We will publish the updated version on the Site, update the “Last updated” date and take any other action required by applicable law.

How we collect and use your personal data

In order to provide the Services, we collect, and have collected over the past twelve months, personal information about you from different sources, as set out below. The data we collect and use depends on how you interact with us.

In addition to the specific uses described below, we may use the information collected to communicate with you, provide or improve the Services, comply with our legal obligations, enforce the applicable terms of service and protect or defend the Services, our rights and those of our users or other people.

What personal data we collect

The type of personal data we collect depends on your interactions with our Site and Services. “Personal data” means data that identifies you, relates to you, describes you or can be associated with you.

Information you provide directly

The personal data you provide directly through our Services may include:

Contact information: name, address, telephone number and email address.

Order information: name, billing and delivery addresses, payment confirmation, email address and telephone number.

Account information: username, password, security questions and other security information.

Customer support information: details included in your communications with us, for example when you send us a message through the Services.

Certain features may require the provision of this data; if you choose not to provide it, you may not have access to these features.

Information collected automatically

We may automatically collect certain usage data when you interact with the Services. This includes information about the device, browser, network connection, IP address and how you use the Site. We use cookies, pixels and similar technologies (“Cookies”) to collect this information.

Information from third parties

We may also obtain personal data from third parties, such as:

Providers supporting our Site and Services, such as Shopify.

Payment providers, which collect your payment information in order to process your transactions and fulfil your orders.

Advertising or analytics partners, which collect data through technologies such as web beacons, SDKs and cookies when you interact with our emails, advertisements or the Site.

All data from third parties is processed in accordance with this Privacy Policy. See also the section “Third-party sites and links” below.

How we use your personal data
Provision of products and services

We use your data to:

Process orders and payments

Manage your account

Send you transaction notifications

Manage returns and deliveries

Connect your account to associated Shopify services, where applicable

Shopify processes your data in accordance with its Privacy Policy and Consumer Privacy Policy.

Marketing and advertising

We may send marketing communications by email, SMS or post and personalise advertisements. If you reside in the EEA, the legal basis is our legitimate interest in accordance with Article 6, paragraph 1, point f) of the GDPR.

Security and fraud prevention

We use your data to detect and prevent fraud or any malicious activity. If you create an account, you are responsible for keeping your login details confidential. If you suspect unauthorised access, contact us immediately.

Communication and service improvement

We use your data to provide support and improve the Services, on the basis of our legitimate interest in accordance with Article 6, paragraph 1, point f) of the GDPR.

Cookies

We use Cookies for functionality, analytics and personalisation purposes. Details about the cookies used via Shopify are available at the following address: https://www.shopify.com/legal/cookies.
Most browsers accept Cookies by default, but you can change the settings to delete or block them. Blocking cookies may affect how the site functions.

Note: our Site does not respond to “Do Not Track” signals. More information at http://www.allaboutdnt.com/.

Sharing personal data

We may disclose personal data to:

Service providers, for example IT, payments, delivery and customer support

Business and marketing partners, in accordance with their own privacy policies

Affiliated companies within our group

Parties involved in legal proceedings or business transactions, such as mergers

Third parties with your consent, for example for connections via social networks or integrations

Over the past 12 months, we have disclosed the following categories:

Category — Recipients

Identifiers, contact details and account information — Service providers, affiliates, marketing partners

California customer records, order/account data — Same

Commercial data, orders and purchase activity — Same

Internet/network activity, usage data — Same

Geolocation data, based on IP or technical data — Same

We do not sell or use sensitive personal data for profiling purposes without your explicit consent.

User-generated content

Any public content you submit, such as reviews, is accessible by other people. We are not responsible for how third parties use this information.

Third-party websites and links

Our Site may contain links to third-party platforms. We are not responsible for their content, privacy practices or security. Please review their policies before sharing your data.

Children’s data

The Services are not intended for children. If you are a parent or guardian and believe that your child has provided us with personal data, contact us to request its deletion.

To our knowledge, we do not “sell” or “share” the personal data of people under the age of 16.

Security and retention

Although we take security seriously, no method is 100% secure. Avoid sending sensitive data through unsecured channels.

We retain your data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes or enforce our policies.

Your rights

Depending on where you live, you may have the following rights:

Access: request information about the personal data we hold

Deletion: request the deletion of your personal data

Rectification: correct inaccurate data

Portability: obtain a copy of your data or transfer it to a third party

Objection: request that we do not sell/share your data or use it for targeted advertising purposes

Restriction: restrict the processing of your data

Withdrawal of consent: where you have previously given it

Appeal: challenge a refusal of your request

Managing marketing preferences: unsubscribe from promotional emails

To exercise your rights, contact us using the details below. We may need to verify your identity.

You may also appoint an authorised representative to act on your behalf.

Complaints

For any complaint, please contact us by email using the details below. If the issue is not resolved, you may contact your local data protection authority. For the EEA, a list of supervisory authorities is available online.

International users

We may process and store your data outside your country. For transfers from the EU/EEA, we rely on the EU Standard Contractual Clauses or similar mechanisms, unless the destination country ensures an adequate level of protection.

Contact

If you have any questions about our privacy practices or if you wish to exercise your rights, contact us at:
📧 info@mertella.com

Unless otherwise stated, Mertella is the controller of your personal data in accordance with applicable data protection laws.