Privacy policy

Privacy Policy | Matisa Deco

Last Updated: March 2026

At Matisa Deco, we respect your privacy and are committed to protecting your personal data. This policy outlines how we handle your information when you visit www.matisadeco.ie and purchase our organic decor pieces.

1. Data Controller

MATISA DECO is the independent Data Controller of your personal data. As we operate across Ireland and the United Kingdom, we comply with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

For any privacy inquiries, please contact us at: info@matisadeco.ie.

2. What Data We Collect

We collect only the information necessary to provide a premium and secure shopping experience:

  • Identity & Contact Data: Name, email, phone number, shipping and billing addresses.
  • Financial & Transaction Data: Details about payments and products purchased. Note: We do not store full credit card details; these are handled by secure gateways (Shopify Payments).
  • Tax & Compliance Data: Information required for VAT reporting in Ireland and the United Kingdom (including transaction values for UK Customs compliance).
  • Technical Data: IP address, browser type, and location data to ensure website security and performance.
  • Marketing Data: Your preferences in receiving promotions and your communication choices.

3. Legal Grounds for Processing

We process your data under the following legal bases:

  • Contractual Necessity: To process your orders, manage deliveries, and handle returns.
  • Legal Obligation: To comply with Irish and UK Tax Authorities (HMRC) regarding VAT registration, invoicing, and accounting records.
  • Legitimate Interest: To improve our services, prevent fraud, and ensure the security of our Dublin hub.
  • Consent: For marketing communications (newsletters), which you can withdraw at any time.

4. Third-Party Disclosures

Your data is shared only with trusted partners essential to our operations:

  • Logistics & Couriers: Partners like An Post, UPS, or DPD to fulfill delivery.
  • Payment Processors: Secure gateways (Shopify Payments) to manage transactions.
  • Tax Authorities: The Revenue Commissioners (Ireland) and HMRC (United Kingdom) as required by law for VAT reporting.
  • Technical Services: Cloud and email service providers ensuring our platform's stability.

5. International Data Transfers

As an Irish-based business selling to the United Kingdom, we ensure that any data transferred outside the European Economic Area (EEA) is protected by appropriate safeguards (Standard Contractual Clauses) to maintain the level of protection required by the GDPR.

6. Data Retention

  • Transaction & Tax Records: We retain purchase data for 10 years to comply with statutory tax and audit obligations in Ireland and the UK.
  • Marketing Data: Retained until you withdraw consent or for up to 4 years after your last interaction.
  • Customer Support: Retained for as long as necessary to resolve your specific inquiry.

7. Your Rights (EU & UK GDPR)

Under the GDPR, you have the following rights:

  • Access & Rectification: Request a copy of your data or correct inaccurate info.
  • Erasure ("Right to be Forgotten"): Request deletion when data is no longer necessary.
  • Withdraw Consent: Opt-out of marketing at any time.
  • Object & Restrict: Object to processing based on legitimate interests.
  • Data Portability: Receive your data in a structured, electronic format.
  • To exercise these rights, email info@matisadeco.ie. We respond to all valid requests within 30 days.

8. Complaints

If you have concerns about our data handling, you have the right to lodge a complaint with: