Privacy Policy

Privacy Policy

Effective as of 01.01.2026

MAHRA places fundamental importance on respecting its customers’ privacy and protecting their personal data. This Privacy Policy aims to inform the Customer about how their data is collected, used, and protected.

This policy complies with the General Data Protection Regulation (GDPR – EU 2016/679), the Swiss Federal Act on Data Protection (FADP), and applicable regulations in the international jurisdictions in which MAHRA operates.

1. Data Controller

MAHRA

Email: hello@mahraskin.com

2. Data Collected

When placing an order or browsing the Website, MAHRA may collect the following data:

Identification data

  • First and last name
  • Postal address (shipping and billing)
  • Phone number
  • Email address

Payment data

  • Payment card information (processed exclusively by our payment providers Shopify Payments / Stripe — MAHRA never has access to full card details)

Browsing data

  • IP address, browser type, pages visited, duration of visit
  • Cookies (see dedicated section below)

Communication data

  • Customer service email exchanges
  • Newsletter subscription (if applicable)

3. Purposes of Processing

Collected data is used for the following purposes:

  • Order processing and shipment
  • Customer account management and order history
  • Customer service and support
  • Sending transactional emails (order confirmation, shipping updates)
  • Sending marketing communications (only with explicit consent)
  • Statistical analysis and website improvement
  • Compliance with legal and tax obligations
  • Fraud prevention

4. Legal Basis for Processing

Data processing is based on the following legal grounds:

  • Contract performance: for order processing and delivery
  • Legal obligation: for accounting and tax record keeping
  • Consent: for marketing communications and non-essential cookies
  • Legitimate interest: for website security, fraud prevention, and service improvement

5. Data Recipients

Personal data may be shared with the following recipients, strictly for the purposes described:

  • Shopify (e-commerce platform and hosting, GDPR compliant)
  • Blanka (fulfillment partner for order preparation and shipping)
  • Shopify Payments / Stripe / PayPal (payment providers)
  • Shipping carriers (delivery services)
  • Email service providers (transactional emails)
  • Competent authorities (only when legally required)

6. International Data Transfers

Some data may be transferred outside the European Union, particularly to the United States and Canada (Shopify, Blanka). These transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and/or equivalent legal mechanisms.

7. Data Retention

  • Order data: 10 years (legal accounting requirement)
  • Customer account: as long as the account is active, plus 3 years after last activity
  • Marketing data: until consent is withdrawn, plus 3 years
  • Cookies: maximum 13 months

8. Cookies

The Website uses cookies to ensure proper functionality, measure audience, and personalize content.

  • Essential cookies: required for website operation (cart, session). No consent required.
  • Analytics cookies (Google Analytics, Shopify Analytics): used to measure website usage. Enabled only with consent.
  • Marketing cookies (Meta Pixel, TikTok Pixel): used for advertising retargeting. Enabled only with explicit consent.

The Customer may modify cookie preferences at any time via the cookie banner on the homepage.

9. Customer Rights

In accordance with GDPR, FADP, and applicable laws, the Customer has the following rights:

  • Right of access: obtain confirmation of processing and a copy of their data
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure (“right to be forgotten”): request deletion of data, subject to legal obligations
  • Right to restriction of processing: temporarily suspend processing
  • Right to data portability: receive data in a structured, machine-readable format
  • Right to object: object to processing, especially for marketing purposes
  • Right to withdraw consent: at any time without justification

To exercise these rights, contact mathias.andeghergis@icloud.com, specifying the request and including proof of identity. Response within a maximum of 30 days.

In case of dispute, the Customer may file a complaint with the competent supervisory authority:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — www.edoeb.admin.ch
  • France: CNIL — www.cnil.fr
  • EU: national data protection authority of the country of residence

10. Security

MAHRA implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or destruction.

The Website uses HTTPS protocol and encrypted connections (SSL/TLS).

11. Policy Changes

MAHRA reserves the right to modify this Privacy Policy at any time. Customers will be informed of any substantial changes. The last update date is indicated at the beginning of the document.

12. Contact

For any questions regarding this Privacy Policy or the processing of personal data:

Email: hello@mahraskin.com