Login

Cart

Your cart is empty

Privacy Policy

1. Introduction

Maximus EU ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit or make a purchase from maximuseu.com (the "Website"), and describes the rights you have under applicable law.

This policy is issued in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation, "GDPR"), and applicable national data protection legislation. If you are a resident of the United Kingdom, references to the GDPR also include the UK GDPR as retained under the Data Protection Act 2018.

Please read this policy carefully. By using our Website, you acknowledge that you have read and understood its contents. If you do not agree, please discontinue use of the Website.

2. Who we are (Data Controller)

The data controller responsible for your personal information is:

Maximus EU
Coimbra, Portugal
Email: support@maximuseu.com
Website: maximuseu.com

As data controller, we determine the purposes and means of processing your personal data. Where we engage third-party service providers to process data on our behalf, they act as data processors and are bound by contractual obligations consistent with this policy and the GDPR.

3. What personal data we collect

We collect personal data in the following categories, depending on how you interact with our Website:

3.1 Data you provide directly

  • Full name
  • Billing and shipping address
  • Email address
  • Phone number (if provided)
  • Payment information (processed securely via Shopify Payments — we do not store full card details)
  • Communications you send us (e.g. support emails, contact form submissions)

3.2 Data collected automatically

  • IP address and approximate geographic location
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent on pages, and navigation behaviour
  • Referring URL (how you arrived at our Website)
  • Cookie and tracking data (see our Cookie Policy for full details)

3.3 Data from third parties

  • Payment verification data from Shopify Payments and associated payment processors
  • Fraud detection signals from Shopify's built-in risk tools
  • Analytics data from tools such as Google Analytics (anonymised where possible)

4. Legal basis for processing

Under Article 6 of the GDPR, we are required to have a lawful basis for each processing activity. The table below sets out how we use your data and the corresponding legal basis.

Purpose Legal basis (GDPR Art. 6)
Processing and fulfilling your order Performance of a contract (Art. 6(1)(b))
Sending order confirmations and shipping updates Performance of a contract (Art. 6(1)(b))
Processing payments securely Performance of a contract (Art. 6(1)(b))
Responding to your enquiries and support requests Legitimate interests (Art. 6(1)(f))
Fraud prevention and security Legitimate interests (Art. 6(1)(f))
Compliance with legal obligations (e.g. tax, accounting) Legal obligation (Art. 6(1)(c))
Sending marketing emails and newsletters Consent (Art. 6(1)(a)) — only if you have opted in
Website analytics and performance improvement Legitimate interests (Art. 6(1)(f)) / Consent for cookies

5. How we use your personal data

We use the personal data we collect for the following purposes:

  • To process, fulfil, and deliver your orders
  • To communicate with you about your order status, shipping updates, and any issues
  • To handle returns, refunds, and customer support requests
  • To send you marketing communications, where you have given us explicit consent to do so
  • To detect and prevent fraudulent transactions and protect the security of our Website
  • To comply with our legal and regulatory obligations (e.g. VAT records, consumer law)
  • To improve our Website, products, and services through anonymised analytics

We will never use your personal data for purposes incompatible with those listed above without obtaining your prior consent.

6. Sharing your personal data

We do not sell, rent, or trade your personal data. We share your information only where strictly necessary, with the following categories of recipients:

Recipient Purpose Location
Shopify Inc. E-commerce platform, payment processing, order management USA (SCCs applied)
Shopify Payments / Stripe Secure payment processing USA/EU (SCCs applied)
Fulfilment & logistics partners Order shipment and delivery International
Google Analytics Website analytics (anonymised) USA (SCCs applied)
Email service providers Transactional and marketing emails EU/USA (SCCs applied)
Legal or regulatory authorities Compliance with legal obligations, fraud prevention EU / as required

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission under Article 46 of the GDPR.

7. Data retention

We retain your personal data only for as long as is necessary for the purposes for which it was collected, and in accordance with applicable legal requirements:

  • Order and transaction data: retained for 7 years to comply with EU tax and accounting obligations
  • Customer support communications: retained for 3 years from the date of last contact
  • Marketing consent records: retained until you withdraw consent, plus 1 year
  • Website analytics data: retained in anonymised form for up to 26 months
  • Account data (if applicable): retained for the duration of your account, plus 2 years after closure

When data is no longer required, it is securely deleted or anonymised in accordance with our internal data retention procedures.

8. Your rights under the GDPR

As a data subject residing in the EU or EEA, you have the following rights under Chapter III of the GDPR:

  • Right of access (Art. 15): You may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): You may request deletion of your data, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18): You may request that we limit how we use your data in certain circumstances.
  • Right to data portability (Art. 20): You may request a copy of your data in a structured, machine-readable format.
  • Right to object (Art. 21): You may object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint (Art. 77): You have the right to lodge a complaint with your national data protection authority at any time.

To exercise any of these rights, please contact us at support@maximuseu.com. We will respond to all legitimate requests within 30 days in accordance with Article 12 of the GDPR. In complex cases, this period may be extended by a further two months, of which we will notify you.

9. Supervisory authority

As Maximus EU is established in Portugal, the competent supervisory authority is:

Comissão Nacional de Proteção de Dados (CNPD)
Rua de São Bento, 148–3º, 1200-821 Lisboa, Portugal
Website: www.cnpd.pt

You also have the right to lodge a complaint with the supervisory authority in your country of residence or place of work within the EU.

10. Cookies and tracking technologies

We use cookies and similar tracking technologies on our Website for functional, analytical, and marketing purposes. Full details of the cookies we use, their purpose, and how to manage your preferences are set out in our Cookie Policy, which forms part of this Privacy Policy.

11. Children's privacy

Our Website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at support@maximuseu.com and we will delete such data without undue delay.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure, in accordance with Article 32 of the GDPR. These include SSL/TLS encryption on all data transmissions, access controls, and secure hosting via Shopify's infrastructure.

While we take all reasonable steps to protect your data, no method of transmission over the internet is entirely secure. We encourage you to use a strong, unique password if you create an account, and to contact us immediately if you suspect any unauthorised use of your information.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the "last updated" date at the top of this page. For significant changes, we will notify you by email or by placing a prominent notice on our Website. We encourage you to review this policy periodically.

14. Contact

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us:

Email: support@maximuseu.com
Response time: Within 30 days as required by GDPR Article 12, typically sooner.

✔️ Produto adicionado com sucesso.