Privacy policy
PRIVACY POLICY – UK (UK GDPR)
Last updated: 17 December 2025
This Privacy Policy is issued by memobottle Pty Ltd ("memobottle", "we", "us", "our"), located at 44/15 Cochrane Road, Moorabbin, VIC 3185, Australia.
For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), memobottle Pty Ltd is the Data Controller responsible for the processing of your personal data.
If you have any questions about this policy or our data practices, contact us at hello@memobottle.com or by post at the address above.
1. WHAT INFORMATION WE COLLECT AND WHY
We collect personal data to operate our business, fulfil orders, improve our services, and communicate with you. The categories of data we collect, our purposes, lawful bases, and retention periods are set out below.
Categories of Personal Data
-
Identity & Contact Data: name, email address, billing and shipping address, phone number.
-
Transaction Data: order details, payment status, refunds and returns.
-
Technical & Usage Data: IP address, browser type, device information, pages viewed, cookies.
-
Marketing Preferences: consent status, communication preferences.
-
Customer Support Data: communications with our support team.
Lawful Bases for Processing
We rely on one or more of the following lawful bases under UK GDPR:
-
Contractual Necessity – to process and deliver your orders, manage your account, process payments, and handle returns or refunds.
-
Consent – for sending marketing communications, personalisation, and for non-essential cookies or similar technologies.
-
Legitimate Interests – to prevent fraud, secure our systems, improve our website and products, analyse customer behaviour, and administer our business (balanced against your rights).
-
Legal Obligation – to comply with tax, accounting, consumer law, and other legal requirements.
2. CONSENT
How You Provide Consent
Where required, you provide consent by actively opting in—for example, subscribing to marketing communications or accepting non-essential cookies via our cookie banner.
For purchases and account management, we process your data on the basis of Contractual Necessity rather than consent.
Withdrawing Consent
You may withdraw consent at any time without affecting the lawfulness of processing already carried out. To do so, unsubscribe using the link in our emails or contact us at hello@memobottle.com.
3. DATA USAGE TRANSPARENCY
We are transparent about how your data is used:
-
What we collect: see Section 1 above.
-
Why we collect it: order fulfilment, customer support, marketing (where permitted), analytics, fraud prevention, and legal compliance.
-
Who we share it with: trusted third-party processors (see Section 5).
-
How long we keep it: see Section 8 (Data Retention).
We do not sell your personal data.
4. DISCLOSURE OF PERSONAL DATA
We may disclose your personal data:
-
To comply with a legal obligation, court order, or regulatory request.
-
To enforce our Terms of Service or protect our legal rights.
-
In connection with a business transaction (e.g. merger or restructuring), subject to appropriate safeguards.
5. SHOPIFY AND THIRD-PARTY PROCESSORS
Our store is hosted on Shopify Inc., which provides the e-commerce platform enabling us to sell products to you. Your data is stored through Shopify’s secure servers and applications.
If you choose a direct payment gateway, your payment card data is handled in accordance with PCI-DSS standards. We do not store full payment card details.
Other third-party processors may include:
-
Payment providers
-
Shipping and fulfilment partners
-
Email and CRM platforms
-
Analytics and advertising providers (where consent is given)
Each processor acts under a contract requiring appropriate security and confidentiality.
6. INTERNATIONAL DATA TRANSFERS
Some of our service providers are located outside the UK (including Australia, the United States, and the EU). When personal data is transferred internationally, we ensure appropriate safeguards are in place, such as:
-
UK International Data Transfer Agreements (IDTAs)
-
UK Addendum to EU Standard Contractual Clauses (SCCs)
-
Transfers to countries recognised as providing adequate protection
These safeguards ensure your data remains protected in line with UK GDPR.
7. SECURITY
We implement appropriate technical and organisational measures to protect your personal data, including:
-
SSL encryption
-
Secure access controls
-
Regular monitoring and system updates
Payment information is encrypted using industry standards (including AES-256 where applicable). While no system is completely secure, we work to protect your data from unauthorised access, loss, or misuse.
8. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies for:
-
Strictly necessary functions (e.g. shopping cart, checkout)
-
Analytics and performance
-
Marketing and advertising (with your consent)
You can manage or withdraw your cookie preferences at any time via our cookie banner, in line with UK GDPR and PECR requirements.
Examples of cookies used:
-
_session_id(sessional) – tracks browsing session -
cart(persistent, 2 weeks) – stores cart contents -
_shopify_visit(30 minutes) – records site visits
9. DATA RETENTION
We retain personal data only for as long as necessary for the purposes described:
-
Customer purchase and transaction data: up to 7 years to meet tax and accounting obligations.
-
Marketing data: until you unsubscribe or withdraw consent.
-
Customer support communications: up to 24 months after resolution.
-
Website analytics: up to 26 months, then deleted or anonymised.
10. YOUR DATA PROTECTION RIGHTS (UK GDPR)
You have the right to:
-
Access – request a copy of your personal data.
-
Rectification – correct inaccurate or incomplete data.
-
Erasure – request deletion of your data where it is no longer required.
-
Restrict Processing – limit processing in certain circumstances.
-
Data Portability – receive your data in a machine-readable format.
-
Object – object to processing based on Legitimate Interests, including direct marketing.
-
Automated Decision-Making – not to be subject to decisions based solely on automated processing with legal or significant effects.
To exercise any of these rights, contact us at hello@memobottle.com. We may need to verify your identity before responding.
11. AGE OF CONSENT
Our website is not intended for children. By using this site, you confirm that you are at least the age of majority in your jurisdiction or have parental or guardian consent.
12. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The latest version will always be available on our website, with the revision date shown at the top.
13. COMPLAINTS
If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
-
Website: ico.org.uk/make-a-complaint
-
Telephone: 0303 123 1113
You also have the right to seek a judicial remedy.
QUESTIONS AND CONTACT INFORMATION
For access, correction, deletion requests, or further information, contact:
Privacy Compliance Officer
memobottle Pty Ltd
44/15 Cochrane Road
Moorabbin VIC 3185
Australia
Email: hello@memobottle.com