Privacy policy

Last updated: July 14, 2025

Privacy Policy

At My Favourite Things your privacy is our priority and we are committed to the confidentiality of your Data. This Privacy Policy shall serve to inform you of the extent and of the purpose of the collection, use, consultation, process and transmission of the information provided by you, as the “User” of this website.

  1. USER DATA CONSENT

  1. The Company may collect, use, consult, process, and/or transmit the data and information that the Client may provide the Company with through different means including, but not limited to, this website, e-mail, telephone communication, post, videos or any other form of communication;

  1. By providing any kind of information, the Client acknowledges and explicitly consents to the Company collecting, using, consulting, processing or transmitting Data in order to fulfil the specific requirements needed to provide its Services. 

    1. 1.2.1.Provided that when you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery and/or return a purchase, you are hereby acknowledging and recognising your consent to our collecting the abovementioned data  and using it for that specific reason only.

    2. 1.2.2.Provided further that if we ask for your personal information for a secondary reason, including but not limited to marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to refuse our offer.

  1. AGE OF CONSENT

  1. By using this website, you represent that you are at least the age of majority in your nation, state or province of residence, or that you are the age of majority in your nation, state or province of residence and you have given us your consent to allow any of your minor dependents to use this website.

  1. DATA COLLECTION

  1. The Client recognises that s/he directly provides the Company with most of the data collected by the Company. Data is collected when the Client:

    1. Registers online or makes an order directly on our website;

    2. Completes any form/s on our website;

    3. Voluntarily completes a customer survey or provides feedback on any of our message boards, surveys or via email;

    4. Uses or views our website via the Client’s browser’s cookies. 

  2. In the event that the Client provides the Company with any Data pertaining to minors, the Client guarantees that such Data is provided with the consent of the minor’s parents or those persons having legal custody of the minor;

  3. The Company automatically collects certain information when you visit, use or navigate the Website. This information does not reveal your specific identity such as name or contact information, but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when the Client uses the Company’s website and other technical information. This information is primarily needed to maintain the security and operation of the Company’s website, and for our internal analytics and reporting purposes. 

    1. 3.3.1.We also collect information through cookies and similar technologies. 

  1. DATA CLASSIFICATION

In order to provide its Services, the Company may gather different kinds of data, including but not limited to the following categories:

  1. Personal Data: This may include but it is not limited to name, surname, nationality, sex, age, date of birth, ID or passport number, phone number, email, address and location;

  2. Purchase information: This may include but it is not limited to description and quantity of items purchased;

  3. Correspondence Data: This may include but it is not limited to date and time of contact, means of contact (website, submission of form and telephone calls, amongst others);

  4. Documentation: This may include but it is not limited to ID card, passport, IBAN and bank details in case of refund, proof of payment of goods or services, completed and signed forms when requested by a service provider;

  5. Cookies. 

  1. COOKIES

  1. The following is a non-exhaustive list of cookies used on our website: 

a. _session_id, unique token, sessional: Allows Shopify to store information about your session (referrer, landing page, etc).

b. _shopify_visit, no data held: Persistent for 30 minutes from the last visit. This cookie is used by our website provider’s internal stats tracker to record the number of visits;

c. _shopify_uniq, no data held, expires at midnight (relative to the visitor) of the next day: Counts the number of visits to a store by a single customer.

d. cart, unique token, persistent for 2 weeks: Stores information about the contents of your cart.

e. _secure_session_id, unique token, sessional

f. storefront_digest, unique token, indefinite: If the shop has a password, this is used to determine if the current visitor has access.

    1. 5.2 For all intents and purposes, it is hereby being clarified that this list is not exhaustive and that additional cookies may be stored and used on our website. We have listed the abovementioned cookies, so you that you can choose if you want to opt-out of cookies or not.

  1. TREATMENT OF DATA

  1. The Company shall collect, use, consult, process and/or transmit Data in order to deliver the following Services which include but are not limited to:

    1. To process orders and purchases made on our online stores;

    2. To facilitate account creation and logon process;

    3. Maintain contact with the clients;

    4. Improve and develop the management of the Company’s customer relationship, our marketing communication activities, our service offering, our partner network, and the user experience of the Company’s website;

    5. Establish statistics and reports for internal use;

    6. Provide the client with news about the Company, its Services and the Website;

    7. Request feedback from Clients;

    8. To post testimonials on the Company’s Services that may contain personal information. 

  2. 6.2.Email marketing (if applicable): With your permission, we may send you emails about our store, new products and/or services and any other updates.

  3. 6.3.The Company shall store Data for as long as it is required for the respective processing purposes for instance for processing of purchases purposes and advertising purposes;

  4. 6.4.The Company may share data with third party service providers, partners or agents and who shall require access to such information to carry out the Services contracted by the Client;

    1. The Company may only provide Data to third party service providers for the purpose and to the extent of carrying out the Services as outlined in the Agreements. In each case, the Company shall ensure that access to Data is strictly limited to those individuals and/or companies who need to know and/or have access to the relevant Data, as strictly necessary for the purposes of the Agreement and in accordance with applicable laws in the context of that individual's and/or company’s duties to the Company;

    2. Unless otherwise described in this Agreement, the Company does not share, sell, rent or trade any of your information with third parties for their promotional purposes;

    3. The Company has Data Protection Agreements in place with the Company’s data processors, which are designed to help safeguard the User’s personal information. 

      1. The data processors are not authorised to do anything with your personal information unless the Company has instructed them to do so. 

      2. The data processors shall not share the User’s personal information with any organisation apart from us. 

      3. The data processors shall commit to protect the Data they hold on behalf of the Company and to retain it for the period instructed by the said Company. 

      4. Provided that certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions For these providers, we recommend that you read their privacy policies so that you may understand the manner in which your personal information will be handled by these providers.

      5. In particular, remember that certain providers may be located in, or have facilities that are located in, a different jurisdiction than either one of us. Should you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

    4. When a Client is redirected to this website through content embedded on a Partner’s website, then any personal data collected upon redirection to this website shall be collected in accordance with the provisions of this Privacy Policy. 

    5. Once you leave our store’s website, or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

  1. DISCLOSURE

  1. 5.1.We may disclose your personal information if we are required by law to do so, or if you violate our Terms of Service.

  1. USER RIGHTS

  1. 6.1.The Company is the entity responsible for processing data;  

  2. 6.2.By providing any kind of information, the Client acknowledges that the Company is acting in good faith in order to collect, use, consult, process or transmit any Data provided by them, in order to fulfil the purposes described in this Agreement;

  3. 6.3.Pursuant to the Data Protection regulations, namely the GDPR and the Data Protection Act, Chapter 586 of the Laws of Malta, you have a right to free information about your stored data and, where applicable, a right to rectification, deletion, limitation of processing and objection to your stored data;

  4. 6.4.In order to exercise its User Rights, the Client agrees to notify the Company as soon as possible in the event of improper use, violation, or breach of its Data, with the intention to protect, restate, or remedy the proposed situation, prior to seeking any judicial remedy. This shall be done by lodging a request with the Data Protection Officer appointed by the Company;

    1. Any such request may be lodged by sending an email to info@myfavouritethingsshop.com;

    2. The User or Customer/Client may also lodge a complaint with the Maltese Data Protection Company, that is the Information and Data Protection Commissioner (IDPC) by sending an email to idcp.info@idpc.org.mt.

  1. WITHDRAWAL OF CONSENT

  1. 7.1.If, after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at info@myfavouritethingsshop.comor mailing us at:

My Favourite Things Shop

Triq L-Oratorju

Naxxar

Malta

  1. SAFEGUARDING AND RISKS OF DATA

  1. The Company has established appropriate and up-to-date technical controls and measures in order to collect, use, consult, process and/or transmit the User’s Data. We take reasonable precautions and follow industry best-practices in order to ensure that such Data is safe from unauthorised access, alteration, destruction, misuse, breach of confidentiality, or loss. 

  1. 9.1.If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

  1. THIRD PARTY WEBSITES

  1. 10.1.The website may contain advertisements from third parties that are not affiliated with the Company and which may link to other websites, online services or mobile applications. The Company cannot guarantee the safety and privacy of data provided by the Client to any third party. Any data collected by third party is not covered by this privacy policy. The Company is not responsible for the content or privacy and security practices and policies of any third party, including other websites, services or applications that may be linked to or from the website. The User shall review the policies of such third parties and contact them directly to respond to their queries. 

  2. 10.2.You acknowledge that consent which you give and/or withdraw in relation to the receipt of newsletters on our website is solely in relation to newsletters sent to you by our Company. 

    1. You may also receive newsletters and/or other marketing material from third party websites which may be accessed through our website and/or from Shopify Inc. which hosts our website. Kindly note that in order to stop receiving such newsletters and/or other marketing materials from such third party websites, you must unsubscribe and/or withdraw your consent with such third party websites directly and we shall not be held responsible and/or liable for the receipt of such marketing material from third party websites. 

  1. SHOPIFY

  1. Our store is hosted by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

  2. Your data is stored through Shopify’s data storage, databases and the general Shopify application. Shopify stores your data on a secure server behind a firewall.

  1. Payment:

    1. If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

    2. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

    3. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

  2. For more insight, you are encouraged to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) and Privacy Statement (https://www.shopify.com/legal/privacy).

  1. AMENDMENTS TO PRIVACY POLICY

  1. The Company keeps its Privacy Policy under regular review and places any updates on this website. 

  1. We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website.

  1. If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products and/or services to you.

  1. GOVERNING LAW

  1. This Agreement shall be governed by and construed in accordance with the laws of Malta. Any dispute arising out of this Agreement or in connection with the interpretation and fulfilment of this Agreement shall be submitted to the exclusive jurisdiction of the courts of Malta.

  1. QUESTIONS AND CONTACT INFORMATION

  1. If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Privacy Compliance Officer at info@myfavouritethingsshop.com or by mail to:

My Favourite Things Shop

[Re: Privacy Compliance Officer]

Triq L-Oratorju

Naxxar

Malta