Privacy policy
Privacy Policy
Introduction
We are committed to protecting your privacy and handling your personal information in a transparent and secure way. This Privacy Policy explains what data we collect through our website (which is hosted on the Wix.com platform), how we use and share that data – including when processing payments via Stripe – and how we comply with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws. By using our website or services, you agree to the collection and use of information as described in this policy.
Information We Collect
Information You Provide to Us: When you interact with our site (for example, by filling out a contact form, creating an account, or making a purchase), you may provide personal information. This can include:
Contact details: such as your name, email address, postal address, and phone number.
Account information: if you register an account, we may collect login credentials (like username and password).
Order and payment details: if you purchase something, we collect information necessary to process the order – for example, the products/services selected, billing and shipping address, and payment information. (Payment card details are handled securely by our payment processor, Stripe, as explained later – we do not store your full card number or security code on our servers.)
Other information you choose to provide: any communications you send to us (for example, inquiries or customer support messages), and any other personal data you submit on the website.
Information Collected Automatically: When you visit or use our website, our system (via the Wix platform and analytics tools) automatically collects certain technical and usage data. This includes:
Device and browser data: IP address, browser type and version, operating system, and device identifiers.
Usage data: pages or products viewed, the page that referred you to our site (referring URL), dates/times of access, page response times, length of visits, download errors, and page interaction information (such as scrolling, clicks, and mouse-overs).
Cookies and similar technologies: Our site uses cookies, web beacons, and other tracking technologies to collect information about your interactions. For instance, cookies help us remember your preferences, keep you logged in (if applicable), and understand how you navigate through our pages. See the Cookies and Analytics section below for more details.
We may use software tools (provided by Wix or third parties) to analyze this data for performance and analytics purposes. This automatically collected information generally does not identify you by name, but it may be combined with other information you provide to us. Where it can indirectly identify you (e.g. IP address), we treat it as personal data under data protection law.
Cookies and Analytics
Cookies are small text files placed on your device when you visit a website. We use cookies and similar tracking technologies on our Wix-hosted site for several important reasons:
Essential Cookies: These cookies are necessary for the website to function properly. For example, they enable core features like secure login, shopping cart functionality, and page navigation. Without these, the site may not perform correctly.
Functional Cookies: These remember your preferences and improve your experience. For instance, they might recall your language or region or keep you logged in between sessions.
Analytics and Performance Cookies: We (and Wix on our behalf) use these to monitor site traffic and usage patterns. They help us understand which pages are popular, how users move through the site, and if any errors occur. This information is used to improve our website’s design, features, and content. (For example, Wix’s analytics tools may collect data on page load times or visitor interactions.)
Security Cookies: Some cookies help ensure the site’s security and integrity. They may be used to detect and prevent fraudulent activity or abuse of our services.
When you first visit our site, you may see a cookie banner or prompt. Where required by law, we will ask for your consent to use certain cookies (particularly analytics or other non-essential cookies). You can choose to accept or decline those cookies. Even after consenting, you can always manage or delete cookies through your browser settings. Please note that if you disable certain cookies, some features of the site may not function properly. Our cookies and tracking tools do not collect sensitive personal details like your name or email unless you explicitly provide them. They focus on technical and behavioral information as described above. We do not use cookies for any invasive profiling or advertising purposes not disclosed in this policy.
How We Use Your Information
We use the collected information for the following purposes:
To Provide Our Services: We process your personal data to fulfill our contract with you. This includes processing orders you place, completing transactions, and delivering products or services you’ve requested. For example, we use your address to ship goods and your email to send order confirmations or digital products.
To Process Payments: We use your information to take payment and validate financial transactions (via Stripe, see next section). This includes sending necessary data to our payment processor and ensuring we receive payment for our products/services.
To Communicate with You: We may use your contact details to send you important notices related to your orders or account, such as confirmations, invoices, delivery updates, or changes to our terms/policies. If you contact us with a question or issue, we will use your information to respond and assist you. (We will only send you marketing emails or newsletters if you have opted in to receive them, and you can opt out at any time.)
To Improve and Personalize our Website: The usage and analytics data we collect help us understand how our site is used and where we can make improvements. This allows us to fix bugs, optimize website performance, and tailor our content or layout to better suit user preferences. It also helps us ensure the site is user-friendly and content is relevant.
To Ensure Security and Prevent Fraud: Information (like IP addresses and browsing behavior) may be used to protect our website, business, and users from fraud, malicious activity, or other security risks. For example, we might use certain data to detect unusual activity that could indicate a cyberattack or to verify that an account login is legitimate.
To Comply with Legal Obligations: In some cases we are required by law to process certain personal information. For example, we may need to keep transaction records for tax and accounting purposes, or provide information if formally requested by law enforcement or regulatory authorities.
We will only use your personal data for the purposes we collected it for (or for closely related purposes). If we need to use it for an unrelated purpose, we will notify you and explain the legal basis, unless otherwise required or permitted by law.
How We Share Your Information
We treat your personal information with care and confidentiality. We do not sell your data to third parties. However, we do share information with selected third parties in order to operate our website and provide our services to you. The main instances in which data is shared are:
Wix (Website Hosting Provider): Our website is built on and hosted by the Wix.com platform. This means that information you provide through our site (your personal details, site usage data, etc.) is stored on Wix’s servers and processed through Wix’s applications. Wix acts as a data processor on our behalf, handling data under our instructions. Your data may be stored in Wix’s databases and log files. Wix is a reputable website hosting provider that implements strong security measures (including secure servers, firewalls, and encryption where applicable) to protect your data. They are contractually bound to only process your data for providing services to us and not for other purposes. (For more details, you can refer to Wix’s own Privacy Policy on their website.)
Stripe (Payment Processor): We use Stripe to handle payments on our site. When you make a payment (such as purchasing a product or service), the necessary personal and financial information is securely transmitted to Stripe. This includes your payment details and relevant personal identifiers (outlined in the “Payments via Stripe” section below). Stripe processes your payment on our behalf and may store some of your information for record-keeping and fraud prevention. Stripe is also obligated to protect your data and use it only for processing transactions or complying with applicable laws.
Service Providers and Partners: In addition to Wix and Stripe, we may share information with other service providers who help us run our business. For example, if we use an email service to send newsletters, or a shipping company to deliver orders, we would share only the information necessary (such as your email or address) for that service. All our service providers are chosen for their commitment to security and privacy, and they must agree to handle data in compliance with applicable data protection laws.
Legal Requirements: We may disclose personal information if required to do so by law or in response to valid requests by public authorities. For instance, if we receive a court order or need to cooperate with a government investigation, we might need to share the requested data. We may also share information to enforce our terms and conditions or to protect our rights, property, or safety (or those of our users or others).
When we share your data with third parties, we ensure that they only receive the minimum amount of information necessary for the purpose, and that they are contractually obligated to protect it. We do not allow any third-party service providers to use your data for their own marketing or other purposes not related to the service they are providing to us.
Payments via Stripe
All payment transactions on our website are processed by our third-party payment provider, Stripe, Inc. (including its affiliated Stripe entities depending on your region). Stripe is a widely-used, secure payment processing platform. By choosing to make a payment on our site, you acknowledge that your payment information will be handled by Stripe in accordance with this policy and Stripe’s privacy and security practices. What Information is Shared with Stripe: When you enter your payment details on our website (for example, during checkout), that information is sent directly to Stripe over an encrypted connection. The data Stripe receives and processes includes:
Payment method details: such as your credit or debit card number, expiration date, CVV code, and billing postcode (or other payment method information if applicable, e.g. mobile wallet details).
Transaction details: the amount of the purchase, currency, date and time of the transaction, and a description of the purchase (e.g. the product or service you are buying).
Identity and contact info: Stripe may also receive personal information to verify and authorize the payment. This can include your name as it appears on the card, your email address, billing address, and in some cases your phone number or order history. This information helps Stripe confirm the payment isn’t fraudulent and can be used for sending you a payment receipt.
How Stripe Uses and Protects Your Data: Stripe will use this information to process the payment transaction you have initiated (i.e. to charge your card or account for the purchase amount) and to carry out necessary verification and fraud checks. Stripe may store your payment details (for example, keeping a tokenized version of your card number or the last four digits and expiry date) to facilitate refunds, deal with disputes, or comply with financial regulations. Importantly:
Our website does not store or have access to your full card number or security code at any point. This sensitive financial information is handled only by Stripe. We receive a confirmation once your payment is approved, along with basic information necessary for us to record the payment (such as a transaction ID, the amount, and your name/contact info).
Stripe is PCI-DSS compliant (Payment Card Industry Data Security Standard compliant), which means it adheres to stringent security standards for handling payment data. Your card details are encrypted and transmitted securely. Stripe employs robust security measures, including encryption in transit (SSL/TLS), encryption at rest, and sophisticated fraud detection tools. They also use technologies like HSTS to ensure browsers only communicate with Stripe over secure HTTPS connections.
We have a Data Processing Agreement in place with Stripe, which means they are committed to processing personal data in line with GDPR/UK GDPR requirements. Stripe will not use your information for any purpose other than processing payments, except as required by law. If you’d like more information on how Stripe handles personal data, you can refer to the Stripe Privacy Policy available on their website (see stripe.com/privacy).
By making a payment, you consent to this sharing of your data with Stripe. If you have any questions about payment security, you can contact us or Stripe for further details. Rest assured, we chose Stripe for its strong reputation in safeguarding customer payment information.
Data Storage and International Transfers
Storage on Wix’s Servers: As mentioned, your personal data is stored via the Wix.com platform’s data storage, databases, and general applications. Wix stores data on secure servers protected by firewalls and other security measures. Your data (for example, your account info, form submissions, and order history) remains stored as long as needed to fulfill the purposes outlined in this policy (unless a longer retention is required by law – see “Data Retention” below). Data Location: Wix has servers and infrastructure in various locations around the world, including the United Kingdom, the European Economic Area (EEA), and the United States. This means the personal data we collect may be transferred to or stored on servers outside your home country, including in countries outside the UK or EEA. Similarly, Stripe and any other service providers we use might process data in the United States or other jurisdictions outside the UK/EEA. International Transfer Compliance: Whenever your personal data is transferred outside of the UK (or the EEA, for EU residents) to a country that may have different data protection standards, we will ensure that appropriate safeguards are in place as required by law.
These may include:
Relying on a country’s adequacy decision (if the destination country is officially recognized as having an adequate level of data protection by the UK government).
Using standard contractual clauses (SCCs) or similar legally approved agreements that contractually oblige the recipient to protect your data according to UK GDPR standards.
Ensuring the recipient is certified under an approved framework (for example, some US companies may comply with international frameworks that facilitate secure data transfer).
Our aim is to make sure your personal information remains fully protected and that your rights are maintained, wherever the data is processed. You can contact us for more information about the specific safeguards in place for international data transfers related to our site.
Security Measures
We take security seriously and have implemented various measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: Our website is secured via SSL (Secure Sockets Layer) which encrypts data transmitted between your browser and our site. This is visible as the “https://” in our URL and the padlock icon in your browser address bar. Sensitive actions (like entering payment information) occur over encrypted connections. Stripe also encrypts your payment data, both in transit and at rest.
Secure Hosting: Data stored by Wix is on secure servers behind firewalls. Wix continuously updates and audits its security practices to guard against vulnerabilities and attacks.
Access Controls: Personal information is only accessible to people who need it to perform their duties. For example, our staff can access your order details to fulfill purchases or respond to inquiries, but they cannot see your full payment card details. Administrative access to systems containing personal data is restricted and protected by strong authentication.
PCI Compliance: As noted, our payment processing adheres to PCI-DSS standards. This ensures that credit card data is handled with the highest security standards in the industry.
Monitoring and Testing: We (and our service providers like Wix) monitor our systems for possible vulnerabilities and attacks. We also keep our software, website plugins, and integrations up-to-date to patch security issues promptly.
Backup and Recovery: Regular backups of site data are maintained (by Wix), and disaster recovery plans are in place. This means in case of a technical issue or data loss event, data can be restored to prevent permanent loss.
While we strive to protect your information, no website or Internet transmission is completely secure. However, we continually review and improve our security practices to ensure your personal data is as safe as possible. If you have reason to believe that your interaction with our site is no longer secure (for example, if you suspect a vulnerability or if you notice any suspicious activity in your account), please contact us immediately.
Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example:
If you make a purchase, we will retain your data for as long as needed to process the transaction, provide any applicable warranty or support, and maintain appropriate records for legal and financial compliance (typically, order records are kept for a number of years as required by tax law).
If you create an account with us, we will keep your account information until you deactivate your account or request deletion, or until we no longer need the information to provide services to you.
If you have subscribed to marketing communications, we will keep your contact details for that purpose until you opt out or unsubscribe.
Web server logs and analytics records are kept for a reasonable period for analysis and security purposes, then either deleted or anonymized.
When we no longer have a legitimate need or legal obligation to keep your personal data, we will securely delete or anonymize it. If deletion is not feasible (for example, because the data is stored in backup archives), we will isolate it from further processing until deletion is possible.
Your Rights Under UK Data Protection Law
Under the UK GDPR and related data protection laws, you have several important rights regarding your personal data. We are committed to upholding these rights. You have the right to:
Access Your Data: You can ask us to confirm whether we have personal information about you and request a copy of that information (commonly known as a "Subject Access Request"). We will provide you with a copy, along with details on what data we have, why we have it, and who it may be shared with, within the legally required timeframes.
Rectification: If any personal data we hold about you is incorrect or incomplete, you have the right to have it corrected. Upon your request, we will rectify any inaccuracies or add information to complete any incomplete data.
Erasure: You can request that we delete your personal data if it's no longer necessary for us to retain it, if you withdraw consent (where applicable) or object to our processing, or if we are unlawfully processing your data. This is often called the "right to be forgotten." Please note, for certain records (like those we must keep by law or that are necessary to fulfill a contract), we may not be able to delete them immediately, but will do so as soon as legally permissible.
Restrict Processing: You have the right to ask us to suspend or limit the processing of your personal information in certain circumstances. For example, if you contest the accuracy of your data or have objected to our processing (pending the outcome of our review), you can request that we restrict use of your data until the issue is resolved.
Data Portability: For data that you have provided to us and that we process by automated means on the legal basis of consent or contract, you have the right to obtain it in a structured, commonly used, machine-readable format. You may also request that we transmit this data directly to another organization, where technically feasible.
Object to Processing: You have the right to object to our processing of your personal data when we rely on a legitimate interest as the legal basis (including profiling based on those interests). If you object, we will cease processing your data for that purpose unless we have a compelling legitimate ground to continue or if needed for legal claims. You also have an unconditional right to object to your data being used for direct marketing purposes – if you object, we will stop using your data for marketing immediately.
Withdraw Consent: In cases where we are processing your personal information based on your consent (for example, if you agreed to receive a newsletter or certain cookies), you have the right to withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and it won’t affect processing of your data under other legal bases. If you withdraw consent for cookies, you can delete or block cookies in your browser to enforce this.
Not Be Subject to Automated Decisions: We do not make any significant decisions about you based solely on automated processing (without human involvement). If that changes, you have rights to certain protections and to contest such decisions under the law.
To exercise any of these rights, please contact us using the contact details provided in the next section. We may need to verify your identity before fulfilling certain requests (to protect your privacy and security). We will respond to your request as soon as possible, and in any case within the timeframe required by law (usually one month, with the possibility to extend by two further months for complex requests – we will inform you if an extension is needed). Please note that some rights may be limited in certain situations – for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required to keep by law. But we will always endeavor to fulfill your request to the fullest extent possible and will explain any denial or limitation if applicable. Your right to complain: If you believe we have not handled your personal data properly or are dissatisfied with our privacy practices, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can find details about how to do this on the ICO’s website. However, we would appreciate the chance to address your concerns first, so please consider contacting us directly so we can try to resolve any issues to your satisfaction.
Lawful Basis for Processing
We will only collect and use your personal information when we have a valid legal basis to do so under data protection law. Depending on the context, our legal basis for processing your data may be:
Consent: In some cases, we rely on your consent. For instance, if you subscribe to a newsletter, fill in optional profile information, or accept non-essential cookies, we process those personal data based on your consent. You have the right to withdraw your consent at any time (see above).
Contract: Much of our data processing is to fulfill our contract with you. When you buy a product or service from us, we need to process your personal data (like payment and contact details) to complete the transaction and deliver your purchase. Similarly, if you use our site and agree to our terms, certain processing of data (like maintaining your account or providing customer support) is necessary to provide what you have requested.
Legitimate Interests: We may process personal data for our legitimate business interests, provided those are not overridden by your rights and interests. For example, it’s in our legitimate interest to understand how our website is being used (analytics) so we can improve it, to secure our platform from fraud, and to market our services to interested customers. When we rely on this basis, we carefully consider and balance any potential impact on you and your rights. You always have the right to object to processing based on legitimate interests (see above).
Legal Obligation: Sometimes, we need to process or retain certain information to comply with a legal obligation. For example, accounting laws require us to keep transaction records for a period of time, and we may need to process personal data to fulfill obligations under consumer protection laws or to respond to lawful requests by public authorities.
If you have any questions about the specific legal basis on which we are processing your personal data, feel free to contact us for more information. Typically, the basis will align with the purposes outlined in the “How We Use Your Information” section of this policy.
Children’s Privacy
Our website and services are not directed to children under the age of 13 (or under the age of 16 in the UK/Europe, where additional restrictions may apply). We do not knowingly collect personal information from children. If you are a parent or guardian and believe that a child under the relevant age has provided us with personal data, please contact us. We will take steps to delete such information as soon as possible. By using this site, you represent that you are at least the age of majority in your jurisdiction (or that you are using the site under the supervision of a parent/guardian who consents to your use).
Updates to This Privacy Policy
We may update or change this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify users by posting the updated policy on our website and updating the “Last Updated” date at the top of the policy. In some cases, we might also notify you via other channels (for example, by email or a notice on our homepage) if the changes are material. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website after any changes to this policy constitutes your acceptance of the updated terms.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us. We value your privacy and will respond as promptly and helpfully as we can. Contact Information: Email info@mcrnano.com. Please use the above contact information if you wish to exercise any of your data protection rights, or if you need any clarification about this policy. We are here to help and aim to address all privacy-related requests or concerns in a timely and satisfactory manner. Thank you for trusting us with your information. We are dedicated to keeping that trust by maintaining the privacy and security of your personal data.