Welcome to our website https://www.mdfbeauty.com (the “Website”). Please take a moment to review this Privacy Policy, which explains how we handle personal data when you use our Website and related services.

1.0 OUR APPROACH TO PRIVACY
Welcome to our website https://www.mdfbeauty.com (the “Website”). Please take a moment to review this Privacy Policy, which explains how we handle personal data when you use our Website and related services.Everyone is entitled to the protection of their personal data. For the purposes of this Privacy Policy, personal data means any information relating to an identified or identifiable living person (“Personal Data”). We believe transparency is essential. We want you to understand what Personal Data we collect, why we collect it, and how it is used. When processing data that could directly or indirectly identify you, we apply a data minimisation principle: we collect and use only what is necessary for clearly defined purposes. Where possible, we provide services using anonymised, aggregated, or technical data (such as browsing statistics or language and location preferences) rather than identifiable Personal Data. We only process identifiable data where it is required to deliver our services, comply with legal obligations, or respond to lawful requests from public authorities.

2.0 DATA CONTROLLER
For the purposes of applicable data protection laws (as described below), Gatac Group Ltd is the entity responsible for determining how and why your Personal Data is processed. Gatac Group Ltd, 35 Cybercity, Level 3, Alexander House, Ebene 72201, Mauritius. Company registration number: C217124. This Privacy Policy applies to Personal Data collected when you access or use the Website, including when you place an order, complete a form, subscribe to communications, or otherwise interact with us. This Privacy Policy is intended to help you understand: what Personal Data we collect, the purposes and legal basis for processing, how your data may be shared the rights available to you, To help keep our records accurate, please notify our customer service team if your information changes. If you knowingly provide inaccurate or misleading information, we may be unable to provide certain services and may suspend access where permitted by law.

3.0 APPLICABLE LAW
We process Personal Data in accordance with the laws that apply based on your country of residence or the location of the relevant interaction. For users located in the European Economic Area, this includes compliance with EU Regulation 2016/679 (the General Data Protection Regulation – “GDPR”), without prejudice to any mandatory local consumer protection laws, in line with EU Regulation 593/2008 (Rome I). Together with any other applicable conflict-of-law rules, these are referred to as “Data Protection Legislation.”

4.0 PURPOSES OF PROCESSING AND LEGAL BASIS
We collect and use Personal Data for the purposes outlined below, relying on the corresponding legal bases under Data Protection Legislation.

a) Online sales and service delivery. We process Personal Data to operate our e-commerce services, including: fulfilling orders, managing payments, communicating with you about order status or delivery issues, providing information to service providers involved in order fulfilment

b) Marketing and communications: Where permitted by law, or where you have provided consent, we may use your Personal Data to: send marketing communications via email, SMS, postal mail, push notifications, or other digital channels, inform you about products, launches, promotions, events, and exclusive offers. With your consent, we may use identifiers such as your email address to help deliver advertising tailored to your interests or to create similar (“lookalike”) audiences on platforms such as Meta (Facebook/Instagram), Google, TikTok, Snapchat, or Pinterest (collectively, “Third-Party Digital Platforms”). These platforms typically use hashed identifiers and do not disclose the identities of individuals within such audiences to us. We are not responsible for the data practices of these platforms. You may opt out of marketing communications at any time via the unsubscribe link in our messages or by contacting us directly.

c) Analytics, cookies, and advertising technologies: We may work with third parties to analyse how the Website is used and to display advertising on other websites or applications. This may involve the use of cookies, pixels, tags, identifiers, and similar technologies (“Tracking Technologies”). These tools help us: understand usage trends, measure content performance, deliver advertising that is relevant to your interests. Your consent for non-essential Tracking Technologies is managed through our cookie preference tool. More details are available in our Cookies Policy.

d) Promotions and competitions: If you choose to participate in a competition, sweepstake, or promotion, we may collect Personal Data needed to administer it. Participation is voluntary and subject to the applicable rules, which may include additional data uses.

e) Security and fraud prevention: Based on our legitimate interests, we process certain data (such as IP address, device data, usage patterns, and transaction details) to: prevent fraud and misuse, protect accounts and payment systems, detect and investigate suspicious or unlawful activity. Where necessary, information may be shared with competent authorities in accordance with applicable law.

5.0 WHAT HAPPENS IF YOU DO NOT PROVIDE PERSONAL DATA
Some Personal Data is required to process orders, deliver services, or meet legal obligations. If you do not provide required information, we may be unable to complete your purchase or provide certain services. Providing additional Personal Data beyond what is required is optional and does not affect general browsing of the Website. Mandatory fields will be clearly identified at the point of collection.

6.0 SHARING OF PERSONAL DATA
Some Personal Data is required to process orders, deliver services, or meet legal obligations. If you do not provide required information, we may be unable to complete your purchase or provide certain services. Providing additional Personal Data beyond what is required is optional and does not affect general browsing of the Website. Mandatory fields will be clearly identified at the point of collection.We may share Personal Data with trusted third parties who support our operations and provide appropriate data protection safeguards, including: customer service providers, hosting and IT service providers, payment processors, logistics and delivery partners, marketing and analytics providers, fraud prevention and security services. These providers process Personal Data only for authorised purposes and in accordance with Data Protection Legislation. Personal Data may also be disclosed to law enforcement or judicial authorities where required by law or to prevent fraud or unlawful activity.

7.0 SECURITY MEASURES AND DATA RETENTION
We implement appropriate technical and organisational safeguards to protect Personal Data against loss, unauthorised access, alteration, or disclosure. We retain Personal Data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including compliance with legal, tax, and warranty obligations. When data is no longer required, it is securely deleted or anonymised.

8.0 INTERNATIONAL DATA TRANSFERS
Personal Data is primarily processed within the European Economic Area (EEA) or in countries recognised as providing an adequate level of protection. Where data is transferred outside these regions, appropriate safeguards are applied in accordance with Data Protection Legislation.

9.0 YOUR RIGHTS
Subject to applicable law, you may have the right to: withdraw consent at any time, access your Personal Data, request correction of inaccurate or incomplete data request deletion of your data, restrict or object to certain processing, receive a portable copy of your data, lodge a complaint with a competent supervisory authority, You can exercise these rights by contacting us using the details below.

10.0 CONTACT US
If you have questions about this Privacy Policy or how we handle your personal data, please contact us at: Email: customercare@MdFbeauty.com, Contact form: online form, Postal address: Gatac Group Ltd, 35 Cybercity, Level 3, Alexander House Ebene 72201 MAURITIUS

Last updated: 1 FEB 2026
© Gatac Group Ltd. All rights reserved.