Privacy Policy

Last updated: May 26, 2026

This Privacy Policy explains how malvêtu collects, uses, shares, stores, protects, and retains personal information when you visit malvetu.com, place an order, contact customer care, subscribe to marketing, use our website, or otherwise interact with the brand.

Please read this Privacy Policy carefully. By using the website or providing personal information to us, you acknowledge the practices described in this Privacy Policy.

This Privacy Policy should be read together with our Terms of Service, Cookie Policy, Do Not Sell or Share My Personal Information, Shipping & Delivery, Returns & Exchanges, Refund Policy, and Legal Notice.

1. Who we are

This website is operated by:

Khemiri Mohamed Mahdi
Einzelunternehmer
Parkstrasse 3
13187 Berlin
Germany

VAT ID: DE336667728
Customer care: hello@malvetu.com
Website: malvetu.com

Throughout this Privacy Policy, “malvêtu,” “we,” “us,” and “our” refer to the legal operator of malvetu.com.

For data protection purposes, the legal operator listed above is the controller of personal information processed through malvetu.com, unless stated otherwise.

2. Scope of this Privacy Policy

This Privacy Policy applies to personal information collected or processed through:

• malvetu.com

• checkout and order forms

• customer accounts, where available

• Shopify and Shopify Payments

• PayPal payments

• customer care communications

• email marketing

• SMS marketing, where active

• Klaviyo or similar marketing tools

• Meta Pixel, Meta Ads, and Meta Conversions API

• Google Ads and Google conversion tracking

• TikTok Ads, TikTok Pixel, TikTok Events API, and TikTok Shop

• Pinterest Ads, where activated

• cookies and similar technologies

• return, exchange, refund, cancellation, and delivery processes

• reviews, forms, surveys, or user-submitted content, where available

• official brand interactions through digital channels

This Privacy Policy does not apply to third-party websites, platforms, payment providers, social media platforms, or services that we do not control. Those third parties may process personal information under their own privacy policies.

3. Personal information we collect

We may collect the following categories of personal information.

Identity and contact information

• name

• email address

• billing address

• shipping address

• phone number, where provided

• country, region, city, and postal code

• customer account details, where accounts are available

Order and transaction information

• products ordered

• size, color, and style selection

• order number

• purchase date

• order value

• selected payment method

• shipping method

• delivery status

• tracking information

• returns, exchanges, refunds, or cancellation requests

• customer service history related to the order

Payment-related information

At launch, malvêtu intends to accept payments through Shopify Payments and PayPal.

Payment information is processed by secure third-party payment providers. We may receive transaction status, payment confirmation, billing details, fraud-screening signals, payment method type, limited card details such as the last digits where provided by the processor, and related order information.

malvêtu does not store full payment card numbers on its own systems.

When you choose PayPal, PayPal may process your personal information according to PayPal’s own privacy terms. When you use Shopify Payments, Shopify and its payment infrastructure providers may process your information to complete the transaction, prevent fraud, and comply with legal obligations.

Website, device, and technical information

When you visit malvetu.com, we may collect:

• IP address

• device type

• browser type

• operating system

• referring page

• pages viewed

• products viewed

• time spent on the website

• cart activity

• checkout activity

• purchase events

• approximate location based on technical data

• cookie identifiers

• advertising identifiers, where permitted

• consent preferences

• session information

• website performance data

Marketing and communication information

We may collect:

• email subscription status

• SMS subscription status, where active

• marketing consent

• unsubscribe activity

• email opens and clicks, where permitted

• SMS engagement, where active

• discount code usage

• abandoned cart activity, where permitted

• product interest signals

• campaign source, medium, and attribution information

• responses to campaigns

• preferences expressed through forms, surveys, or customer interactions

Customer care information

When you contact customer care, we may collect:

• name

• email address

• order number

• message content

• photos or files you provide

• delivery issue details

• return or exchange reason

• refund or cancellation request

• claim information for damaged, defective, misprinted, or incorrect items

• internal notes needed to resolve your request

User-generated content

If you submit, tag, mention, upload, or send content involving malvêtu, we may collect:

• social media handle

• public profile information

• photos, videos, comments, reviews, captions, or messages

• permissions you give us to use the content

• related correspondence

4. How we collect personal information

We collect personal information directly from you when you:

• visit the website

• place an order

• use Shopify Payments or PayPal

• create an account, where available

• subscribe to email marketing

• subscribe to SMS marketing, where active

• contact customer care

• request a cancellation

• request a return, exchange, or refund

• submit photos or claim details

• use a promotion or discount code

• interact with emails, ads, or website content

• adjust cookie or privacy preferences

• submit content, reviews, or forms

• purchase through TikTok Shop, where active

We may also receive personal information from service providers and platforms that help us operate the website, process payments, prepare orders, deliver products, manage analytics, run advertising, send marketing communications, prevent fraud, and comply with legal obligations.

5. How we use personal information

We use personal information for the following purposes.

To process and fulfill orders

We use personal information to:

• receive orders

• process payments

• verify transactions

• prevent payment fraud

• prepare products

• arrange production and fulfillment

• ship orders

• provide delivery updates

• handle delivery issues

• manage returns, exchanges, refunds, and cancellations

• provide customer support

To provide customer care

We use personal information to:

• respond to questions

• identify orders

• investigate delivery issues

• review damaged, defective, misprinted, or wrong-item claims

• handle returns and exchanges

• resolve customer service matters

• maintain support records

To operate and improve the website

We use personal information to:

• operate malvetu.com

• maintain checkout functionality

• support payment processing

• improve product pages and navigation

• measure website performance

• detect technical problems

• improve customer experience

• understand customer behavior

• protect the website from abuse

To provide marketing, where permitted

We may use personal information to:

• send email marketing

• send SMS marketing, where active and legally permitted

• show relevant ads

• measure ad performance

• create customer segments

• send abandoned cart reminders, where permitted

• send product release notices

• send collection announcements

• provide early access or promotional messages

• suppress existing customers from certain ads, where appropriate

• understand campaign attribution

• personalize marketing where legally allowed

You may unsubscribe from email marketing at any time using the unsubscribe link in the email. Where SMS marketing is active, you may opt out by following the instructions in the SMS message.

To measure advertising and conversions

We may use personal information and event data to measure the performance of advertising campaigns on platforms such as Meta, Google, TikTok, Pinterest, and similar platforms.

This may include measuring events such as:

• page views

• product views

• search activity

• cart activity

• checkout activity

• purchases

• signups

• email clicks

• SMS interactions

• ad interactions

To protect the brand, customers, and website

We use personal information to:

• detect fraud

• prevent payment abuse

• manage chargebacks

• prevent account misuse

• protect against unauthorized access

• investigate suspicious activity

• protect intellectual property

• prevent counterfeit or unauthorized commercial activity

• enforce our Terms of Service

To comply with law

We use personal information to:

• comply with tax, accounting, legal, and regulatory obligations

• maintain business records

• respond to lawful requests

• protect legal rights

• comply with consumer protection, privacy, ecommerce, fraud prevention, and payment obligations

6. Legal bases for processing

Where GDPR, UK GDPR, or similar laws apply, we rely on one or more legal bases to process personal information.

Contract

We process personal information where necessary to provide products and services you request, including order processing, payment, fulfillment, shipping, customer support, cancellations, returns, exchanges, and refunds.

Consent

We process personal information based on consent where required, including certain marketing communications, SMS marketing, cookies, advertising pixels, analytics, retargeting, and similar tracking technologies.

You may withdraw consent where applicable.

Legitimate interests

We may process personal information where necessary for legitimate business interests, provided those interests are balanced against your rights and freedoms.

These interests may include:

• operating the website

• preventing fraud

• securing the website

• improving customer experience

• measuring business performance

• protecting the brand

• managing legal claims

• responding to customer requests

• understanding non-sensitive customer behavior

Legal obligation

We process personal information where necessary to comply with tax, accounting, payment, consumer protection, privacy, ecommerce, fraud prevention, regulatory, or legal obligations.

7. Cookies and similar technologies

We use cookies and similar technologies to operate the website, remember preferences, support checkout, analyze performance, improve the customer experience, measure advertising activity, and support marketing attribution.

Cookies and similar technologies may include:

• browser cookies

• pixels

• tags

• server-side events

• conversion APIs

• local storage

• software development tools

• device identifiers, where permitted

Some cookies are necessary for the website to function. Other cookies may be used only where permitted by law or after consent where required.

You can learn more in our Cookie Policy.

Where available, you may adjust cookie preferences through the cookie banner, cookie settings link, or privacy controls on the website.

8. Advertising, pixels, and conversion tracking

malvêtu may use advertising, analytics, and conversion-measurement tools to understand website performance, measure campaign results, improve advertising, show relevant ads, and understand how customers interact with malvetu.com.

These tools may include, where activated:

• Meta Pixel

• Meta Ads

• Meta Conversions API

• Google Ads

• Google conversion tracking

• TikTok Ads

• TikTok Pixel

• TikTok Events API

• TikTok Shop tools

• Klaviyo email and SMS tools

• Pinterest advertising tools

• Shopify pixels and analytics

• attribution, tag-management, and retargeting tools

These tools may process information such as:

• page views

• product views

• cart activity

• checkout activity

• purchase events

• email interactions

• SMS interactions

• device information

• browser information

• IP address

• cookie identifiers

• advertising identifiers

• hashed email address, where permitted

• hashed phone number, where permitted

• order value

• currency

• conversion events

• campaign attribution data

Where legally required, these tools will be used according to your consent choices, cookie settings, platform privacy settings, or applicable opt-out rights.

Depending on your location, some advertising, analytics, retargeting, or conversion-measurement activity may be considered targeted advertising, sale, or sharing of personal information under certain privacy laws.

You may exercise applicable opt-out rights through our Do Not Sell or Share My Personal Information page.

9. Meta advertising tools

We may use Meta tools, including Meta Pixel, Meta Ads, and Meta Conversions API, to measure advertising performance, understand customer interactions, improve campaign delivery, and show relevant advertising on Meta platforms.

Information shared with Meta may include event data such as page views, product views, cart activity, checkout activity, purchase events, device information, IP address, browser information, cookie identifiers, and hashed customer information where permitted.

Meta may process this information according to its own privacy terms and business tool terms.

10. Google advertising tools

We may use Google Ads, Google conversion tracking, Google tags, and related Google services to measure advertising performance, understand campaign results, and improve relevant advertising.

Information processed through Google tools may include page views, product views, cart activity, checkout activity, purchase events, IP address, device information, cookie identifiers, advertising identifiers, and conversion data.

Google may process this information according to its own privacy terms and advertising policies.

11. TikTok advertising and TikTok Shop

We may use TikTok Ads, TikTok Pixel, TikTok Events API, and TikTok Shop tools to promote products, measure advertising performance, manage TikTok Shop activity, and understand customer interactions.

Information processed through TikTok tools may include page views, product views, cart activity, checkout activity, purchase events, order data related to TikTok Shop, device information, IP address, cookie identifiers, advertising identifiers, and hashed customer information where permitted.

TikTok may process this information according to its own privacy terms, advertising terms, and TikTok Shop terms.

12. Pinterest advertising tools

If activated, we may use Pinterest Ads, Pinterest tags, and related Pinterest tools to measure advertising performance, understand campaign activity, and show relevant advertising.

Information processed through Pinterest tools may include page views, product views, cart activity, checkout activity, purchase events, device information, IP address, cookie identifiers, advertising identifiers, and conversion data.

Pinterest may process this information according to its own privacy terms and advertising policies.

13. Email and SMS marketing

malvêtu may use Klaviyo or similar marketing tools to manage email and SMS communications, customer segments, consent records, unsubscribe activity, campaign performance, message delivery, and marketing automation.

Where you subscribe, purchase, consent, or where otherwise permitted by law, we may send marketing communications by email or SMS.

These communications may include:

• product releases

• collection announcements

• editorial messages

• promotions

• abandoned cart reminders

• back-in-stock notices

• early access

• brand updates

• customer care follow-ups where relevant

You may unsubscribe from email marketing through the unsubscribe link in the email.

Where SMS marketing is active, you may opt out by following the instructions in the SMS message. Message and data rates may apply depending on your carrier and plan.

Transactional messages, including order confirmations, shipping updates, customer service replies, refund updates, cancellation notices, account messages, and legal notices, may still be sent where necessary.

14. Data sharing and service providers

We share personal information only where necessary for legitimate business, operational, legal, marketing, payment, or customer service purposes.

We may share personal information with:

• Shopify and related ecommerce platform providers

• Shopify Payments

• PayPal

• payment processors and payment infrastructure providers

• fraud prevention and chargeback management providers

• professional production and fulfillment partners

• shipping carriers and delivery partners

• customer support tools

• Klaviyo or similar email and SMS marketing providers

• Meta, Google, TikTok, Pinterest, and similar advertising platforms

• TikTok Shop, where active

• analytics and attribution providers

• tag-management and conversion-tracking providers

• cookie consent and privacy tools

• review, survey, or UGC tools, where used

• accountants, tax advisers, legal advisers, and compliance providers

• authorities, regulators, courts, or law enforcement where legally required

Service providers are expected to process personal information only for the services they provide to us and in accordance with applicable privacy and data protection obligations.

15. Shopify and Shopify Payments

malvetu.com is operated through Shopify.

Shopify may process personal information to provide ecommerce services, including hosting, checkout, customer accounts, order management, analytics, fraud prevention, payment support, and privacy tools.

If you use Shopify Payments, payment and transaction information may be processed by Shopify and its payment infrastructure providers to authorize payment, complete the transaction, prevent fraud, manage disputes, and comply with legal obligations.

Where Shopify privacy tools are available, customers may be able to manage cookie preferences, data sharing choices, and certain privacy rights through Shopify-supported controls.

16. PayPal

If you choose PayPal at checkout, PayPal may process your personal information to complete the payment, verify the transaction, prevent fraud, manage disputes, and comply with legal and regulatory obligations.

PayPal may collect and process information according to its own privacy statement. Your use of PayPal is also subject to PayPal’s own terms and privacy practices.

17. International transfers

malvêtu is operated from Germany and sells to customers in international markets, including the United States, United Kingdom, Canada, and Australia.

Personal information may be processed in countries outside your country of residence. This may include Germany, the European Economic Area, the United States, Canada, the United Kingdom, Australia, and other locations where our service providers operate.

Where required, we use appropriate safeguards for international data transfers, such as contractual protections, platform safeguards, adequacy decisions, standard contractual clauses, or other legally recognized transfer mechanisms.

18. How long we keep personal information

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

Retention periods may depend on:

• order history

• tax and accounting requirements

• payment records

• legal obligations

• fraud prevention needs

• customer service history

• return, refund, cancellation, or chargeback claims

• warranty or consumer-rights issues

• marketing consent status

• unsubscribe records

• legal dispute or investigation needs

• platform and service-provider retention requirements

When personal information is no longer required, we will delete, anonymize, or securely retain it according to applicable law and operational requirements.

19. Security

We use reasonable technical, administrative, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These measures may include secure payment processing, platform security tools, access controls, fraud monitoring, restricted account access, privacy settings, service-provider safeguards, and internal review of data access.

No method of transmission or storage is completely secure. Customers should also protect their account credentials, payment details, email access, and devices.

20. Your privacy rights

Depending on your location, you may have rights over your personal information.

These rights may include the right to:

• request access to personal information

• request correction of inaccurate information

• request deletion of personal information

• request restriction of processing

• object to certain processing

• request data portability

• withdraw consent where processing is based on consent

• opt out of email marketing

• opt out of SMS marketing, where active

• opt out of sale, sharing, or targeted advertising where applicable

• complain to a data protection authority or privacy regulator

To exercise privacy rights, contact:

hello@malvetu.com

Please include enough information for us to identify your request. We may need to verify your identity before processing certain requests.

21. European Economic Area, United Kingdom, and Switzerland

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have rights under applicable data protection law, including GDPR or UK GDPR.

These rights may include:

• access

• correction

• erasure

• restriction

• portability

• objection

• withdrawal of consent

• complaint to a supervisory authority

Because malvêtu is operated from Germany, you may contact the competent German data protection authority where applicable.

22. United States privacy rights

Some US state privacy laws may provide residents with additional rights, depending on where they live and whether the law applies to malvêtu.

These rights may include:

• the right to know what personal information is collected

• the right to access personal information

• the right to request deletion

• the right to correct inaccurate personal information

• the right to opt out of sale, sharing, or targeted advertising

• the right to limit certain uses of sensitive personal information, where applicable

• the right to non-discrimination for exercising privacy rights

To exercise applicable opt-out rights, visit our Do Not Sell or Share My Personal Information page or contact hello@malvetu.com.

23. California privacy notice

If the California Consumer Privacy Act, as amended, applies to malvêtu, California residents may have specific privacy rights.

Categories of personal information collected

In the past twelve months, we may have collected the following categories of personal information:

• identifiers, such as name, email address, shipping address, billing address, phone number, IP address, and online identifiers

• commercial information, such as products purchased, size selection, order history, payment method type, and transaction information

• internet or electronic network activity, such as browsing activity, product views, cart activity, checkout activity, and interactions with ads, emails, or SMS messages

• geolocation-related information, such as approximate location based on IP address

• inferences, such as preferences based on browsing, purchase, or engagement behavior

• customer service information, such as messages, claim details, and support history

Sources of personal information

We collect this information from:

• you directly

• your device or browser

• Shopify and checkout systems

• Shopify Payments

• PayPal

• customer support interactions

• advertising and analytics tools

• Klaviyo or similar marketing tools

• service providers

• shipping and fulfillment partners

• fraud prevention tools

• TikTok Shop, where active

Purposes for collection and use

We collect and use personal information for:

• order processing

• payment processing

• fraud prevention

• production and fulfillment

• shipping and delivery

• customer support

• returns, exchanges, refunds, and cancellations

• website operation

• analytics

• advertising

• email marketing

• SMS marketing

• conversion tracking

• legal compliance

• brand protection

Sale, sharing, and targeted advertising

malvêtu does not sell personal information in the ordinary sense of selling customer lists for money.

Some privacy laws define “sale,” “sharing,” or “targeted advertising” broadly. Certain advertising, analytics, retargeting, conversion tracking, server-side tracking, platform integrations, or audience tools may be considered sale, sharing, or targeted advertising under those laws.

You may opt out through our Do Not Sell or Share My Personal Information page.

Sensitive personal information

malvêtu does not intentionally collect sensitive personal information for the purpose of inferring personal characteristics.

Customers should avoid sending sensitive information through customer care channels unless necessary for a specific request.

24. Canada privacy rights

If you are located in Canada, you may have rights under Canadian privacy laws, including rights to access personal information, request correction, ask questions about how information is handled, and challenge compliance where applicable.

To make a request, contact:

hello@malvetu.com

25. Australia privacy rights

If you are located in Australia, you may have rights under applicable Australian privacy laws, depending on whether those laws apply to malvêtu and the circumstances of the interaction.

You may contact us to request access to or correction of personal information we hold about you.

Contact:

hello@malvetu.com

26. Marketing choices

You may control marketing communications as follows:

• Email marketing: use the unsubscribe link in the email.

• SMS marketing: follow the opt-out instructions in the SMS message, where SMS is active.

• Cookies and tracking: use the cookie banner or cookie settings where available.

• Sale, sharing, or targeted advertising: use the Do Not Sell or Share My Personal Information page where applicable.

• Platform controls: adjust privacy and ad settings directly through Meta, Google, TikTok, PayPal, Pinterest, or other platforms where available.

Transactional messages may still be sent where necessary for orders, payments, delivery, customer service, legal notices, security, or account administration.

27. Children’s privacy

malvêtu is intended for general fashion customers and does not knowingly collect personal information from children under the age required by applicable law.

If you believe a child has provided personal information to us without appropriate consent, contact hello@malvetu.com and we will review the request.

28. Automated tools, fraud checks, and profiling

We may use service-provider tools that help detect fraud, assess payment risk, personalize marketing, measure website behavior, manage advertising, or improve customer experience.

These tools may use order information, payment signals, device information, IP address, browsing behavior, purchase history, or similar information.

We do not use automated decision-making that produces legal or similarly significant effects on customers without appropriate safeguards where required by law.

29. Fraud prevention and chargeback management

We may use personal information to detect, prevent, investigate, and respond to fraud, payment abuse, return abuse, chargeback abuse, unauthorized account activity, counterfeit activity, and misuse of promotions.

This may include sharing relevant order, payment, delivery, tracking, communication, device, and claim information with payment processors, fraud-prevention providers, ecommerce platforms, shipping partners, legal advisers, or authorities where appropriate.

30. User-generated content and social media

If you tag, mention, message, submit, or share content involving malvêtu, we may process that content and related account information to respond, manage community interactions, request usage permission, display approved content, or protect the brand.

Where we request permission to use your content for marketing, editorial, advertising, or website purposes, separate UGC terms may apply.

Social media platforms process information according to their own privacy policies. We do not control how those platforms process your information.

31. Third-party links

The website may link to third-party websites, platforms, apps, or services.

Those third parties have their own privacy practices. We are responsible only for personal information processed by or on behalf of malvêtu.

32. How to exercise your rights

To exercise privacy rights, contact:

hello@malvetu.com

Please include:

• your full name

• email address used with malvêtu

• order number, where relevant

• country, state, province, or territory of residence

• the right you wish to exercise

• enough information for us to verify and process your request

We may request additional information to verify your identity. We will respond within the timeframe required by applicable law.

33. Authorized agents

Where applicable law allows, you may authorize another person to make a privacy request on your behalf.

We may request proof of authorization and may also ask you to verify your identity directly.

34. Appeals

Where applicable privacy law gives you the right to appeal a decision about your privacy request, you may appeal by contacting:

hello@malvetu.com

Please write Privacy Appeal in the subject line.

35. Complaints

If you have a concern about how we handle personal information, contact us first at:

hello@malvetu.com

If you are located in the European Economic Area, United Kingdom, Canada, Australia, or another jurisdiction with a privacy regulator, you may also have the right to contact your local data protection authority, supervisory authority, or privacy commissioner.

36. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, service providers, website features, payment methods, marketing tools, or privacy controls.

The updated version will be posted on this page with a revised “Last updated” date.

Where required by law, we may provide additional notice or request consent for material changes.

37. Contact

For privacy questions, requests, or complaints, contact:

malvêtu customer care
hello@malvetu.com

Legal operator:

Khemiri Mohamed Mahdi
Einzelunternehmer
Parkstrasse 3
13187 Berlin
Germany

VAT ID: DE336667728