Privacy policy

This Privacy Policy outlines how ONDERMAX LTD ("ONDERMAX", "we", "us", or "our") collects, uses, stores, discloses, and protects your personal information when you access or use our website www.ondermax.com (the "Site"). This policy applies in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant legal frameworks related to privacy, data protection, and digital services in the United Kingdom and abroad.
We are committed to protecting your privacy and ensuring transparency in how your personal data is handled, regardless of your geographic location or reason for interacting with us. By accessing the Site or using any of our services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
  1. Who We Are ONDERMAX LTD is a private limited company registered in England and Wales under Company Number 16394300. Our registered office is 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, UNITED KINGDOM. We serve as the data controller, meaning we determine the purposes and means of processing your personal data in compliance with applicable laws.
  2. What Data We Collect We may collect and process a broad range of personal data depending on how you interact with our website, place orders, or communicate with us:
  • Identity Data: your full name, title, date of birth (where applicable), and gender
  • Contact Data: billing address, delivery address, email address, mobile and telephone numbers
  • Financial Data: limited payment card details (processed by secure third-party platforms only)
  • Transaction Data: details of purchased products, order history, return activity, and correspondence
  • Technical Data: internet protocol (IP) address, browser type and version, device type, screen resolution, language settings, time zone, and operating system/platform
  • Profile Data: username, password, preferences, purchase history, saved items
  • Usage Data: browsing behavior, site navigation, time spent on pages, page response times, and user interactions
  • Marketing and Communications Data: marketing preferences, consent records, and communication history
  1. How We Collect Your Data We gather data in the following ways:
  • Direct Interactions: You may give us personal data by filling in forms, purchasing products, or corresponding with us by email, phone, or chat.
  • Automated Technologies: As you interact with our website, we may automatically collect Technical and Usage Data through cookies, pixels, server logs, and similar technologies.
  • Third Parties and Public Sources: We may receive personal data from Shopify, Stripe, analytics providers, or publicly available sources (such as social media or company registries).
  1. How We Use Your Data We only use your data when legally permitted. The most common uses include:
  • Processing transactions, fulfilling orders, and managing deliveries
  • Communicating updates regarding orders, returns, or service queries
  • Providing personalized support and customer service
  • Managing user accounts and authentication
  • Monitoring and enhancing the performance, security, and usability of our website
  • Complying with legal and financial reporting obligations
  • Detecting and preventing fraud or suspicious activity
  • Sending promotional offers, newsletters, or marketing materials, only if you have opted in
We may also anonymize your data for research or statistical purposes, ensuring it can no longer be linked to you.
  1. Lawful Basis for Processing We rely on several lawful bases for data processing under UK GDPR:
  • Contractual Necessity: Processing necessary to fulfill your order or respond to service requests
  • Legal Obligation: Where we must retain transaction records for tax, accounting, or regulatory purposes
  • Legitimate Interests: For internal analytics, fraud prevention, and improving our services
  • Consent: For optional communications or marketing where you have actively given permission
  1. Data Sharing and Third Parties We do not sell, rent, or lease your personal data. However, to operate effectively, we may disclose your data to carefully vetted third parties:
  • Shopify: our ecommerce platform
  • Stripe/Shopify Payments: for secure payment processing
  • Logistics Partners: to deliver your orders globally
  • IT and system administration providers
  • Professional service firms such as legal or accounting consultants
  • Regulatory or law enforcement authorities, when required by law
All partners must adhere to strict confidentiality and data protection obligations under contract.
  1. International Transfers If we transfer your personal data outside the UK (e.g., to data processors in the US or EEA), we ensure appropriate safeguards such as:
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions issued by the UK Government
  • Binding corporate rules (where applicable)
You may contact us for a copy of such safeguards if applicable.
  1. Data Retention We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or tax requirements. In general:
  • Transaction and order data: retained for 7 years
  • Marketing data: retained until you unsubscribe or withdraw consent
  • Browsing data: retained based on analytics configurations, generally 12-36 months
  1. Your Legal Rights You have various rights under the UK GDPR and other applicable laws, including:
  • Right to access: receive a copy of your personal data
  • Right to rectification: correct inaccurate or incomplete information
  • Right to erasure: request deletion in certain circumstances
  • Right to restriction: limit the processing of your data
  • Right to object: oppose processing based on legitimate interests or marketing
  • Right to data portability: obtain your data in a reusable format
  • Right to withdraw consent at any time (if processing is based on consent)
To exercise your rights, contact us at hello@ondermax.com. We may request identity verification for your security.
  1. Cookies and Tracking Technologies Our Site uses cookies and similar tracking tools to:
  • Improve site performance and functionality
  • Remember preferences and items in your cart
  • Analyze website traffic and visitor behavior
  • Deliver relevant advertising across platforms
You can control cookie preferences via your browser settings or our Cookie Banner. For full details, refer to our Cookie Policy.
  1. Data Security We apply industry-standard security measures, including:
  • HTTPS encryption and SSL certificates
  • Regular vulnerability scans and server updates
  • Access controls and password encryption
  • Limiting access to personal data on a need-to-know basis
Despite our efforts, no system is 100% secure. You are responsible for keeping your login credentials confidential.
  1. Children’s Privacy Our Site is not intended for children under 18, and we do not knowingly collect data from minors. If we discover that a minor has submitted data, we will delete it immediately.
  2. Changes to This Policy We may revise this Privacy Policy from time to time to reflect legal changes or business updates. We encourage you to check this page regularly. Continued use of the Site after such updates constitutes your acknowledgment.
  3. Contact Questions, requests, or complaints related to this Privacy Policy should be directed to: Email: hello@ondermax.com
  4. Address: ONDERMAX LTD, 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, UNITED KINGDOM