Introduction

At Mana Potion (“we,” “us,” or “our”), we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

By using our website (manapotion.io) and services, you acknowledge that you have read and understood this Privacy Policy.

Personal Data We Collect

We may collect, use, store, and transfer the following categories of personal data:

  • Identity Data: First name, last name, username, date of birth.

  • Contact Data: Email address, phone number, billing and shipping addresses.

  • Financial Data: Payment card details or bank account information.

  • Transaction Data: Details of purchases and payments.

  • Technical Data: IP address, browser type/version, operating system, login data.

  • Usage Data: Information about how you use our website and services.

  • Marketing Preferences: Your preferences for receiving marketing communications.

Purpose and Legal Basis for Processing

We process your personal data for the following purposes under lawful bases:

  1. To fulfill contracts: Processing orders, payments, deliveries (Article 6(1)(b) GDPR).

  2. To comply with legal obligations: Record-keeping for taxes or fraud prevention (Article 6(1)(c) GDPR).

  3. With your consent: Sending marketing emails or newsletters (Article 6(1)(a) GDPR).

  4. For legitimate interests: Improving our services and website functionality (Article 6(1)(f) GDPR).

How We Use Your Personal Data

We use your personal data to:

  • Process orders and payments.

  • Deliver products/services to you.

  • Communicate updates about your orders or account.

  • Improve website functionality through analytics tools.

  • Send marketing communications if you have opted in.

Data Sharing

We may share your personal data with:

  • Third-party service providers (e.g., payment processors, delivery companies).

  • Legal authorities if required by law.

  • Affiliates or partners for marketing purposes (with your consent).

If we transfer your data outside the EU, we ensure appropriate safeguards such as Standard Contractual Clauses are in place.

Data Retention

We retain personal data only as long as necessary for the purposes outlined above or as required by law. Once the retention period expires, we securely delete or anonymize the data.

Your Rights

Under the GDPR, you have the following rights:

  1. Access your personal data.

  2. Rectify inaccurate or incomplete data.

  3. Request erasure of your data (“right to be forgotten”).

  4. Restrict processing of your data under certain conditions.

  5. Object to processing based on legitimate interests or direct marketing.

  6. Portability of your personal data to another service provider.

To exercise these rights, contact us at [Insert Contact Information].

Cookies and Tracking Technologies

We use cookies to enhance user experience and analyze website usage. Non-essential cookies require your explicit consent under GDPR.

You can manage cookie preferences via our cookie banner or browser settings.

Data Security

We implement robust technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include encryption protocols, secure servers, firewalls, and regular audits.

Children’s Privacy

Our services are not intended for individuals under the age of 16 without parental consent.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or our practices. Updates will be communicated via our website.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights under GDPR, please contact us at:

Email: [email protected]

!