10% OFF Bedding Bundles & Free delivery from

Privacy Policy

Privacy Policy

Last updated: February 13, 2026

Website: maluashop.com

This Privacy Policy explains how Malua (“we”, “us”, “our”) collects and processes your personal data when you visit and use maluashop.com (the “Site”), place an order, create an account, sign up to our communications, or contact us (together, the “Services”).

We respect your privacy and handle personal data in line with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR”), where it applies.

Contents

1. Processing of personal data: categories, purposes, legal bases and retention

1.1 Placing an order

1.2 Creating and using an account

1.3 Contacting customer service

1.4 Newsletter and marketing communications

1.5 Visiting the Site (cookies and analytics)

1.6 Reviews and user-generated content

2. Sharing personal data with third parties

3. International data transfers

4. Security measures

5. Your rights

6. Cookies

7. Changes to this Privacy Policy

8. Questions and contact details

1. Processing of personal data: categories, purposes, legal bases and retention

“Personal data” means any information relating to an identified or identifiable natural person. Below we explain what data we collect, why we use it, the legal basis we rely on, and how long we keep it. In general, we keep your data only as long as needed for the purposes described, unless we must keep it longer to meet legal duties (for example, accounting and tax requirements).

1.1 Placing an order

When you place an order, we may process:

Contact details (name, email address, phone number).
Delivery details (shipping address).
Billing details (billing address).
Order details (items purchased, size/colour variants, order history).
Payment details (payment method and payment confirmation). We do not store full card numbers; payment is handled by payment providers.

Purposes:

to process and fulfil your order,
to take payment and prevent fraud,
to arrange delivery and handle returns,
to send transactional messages (order confirmation, shipping updates, return/refund updates).

Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and, where relevant, legitimate interests (Art. 6(1)(f) GDPR).

Retention: order and invoice data is kept for the period required by applicable tax and accounting laws (typically up to 5–7 years, depending on the obligation).

1.2 Creating and using an account

If you create an account, we may process:

Account credentials (email address and password).
Account profile details (name, addresses, order history).

Purposes: to create and manage your account, speed up checkout, and show your order history.

Legal basis: performance of a contract / steps prior to entering into a contract (Art. 6(1)(b) GDPR).

Retention: we keep account data until you request deletion, unless we must keep certain records for legal reasons (e.g., past orders/invoices).

1.3 Contacting customer service

When you contact us (email, phone, WhatsApp or contact form), we may process:

Contact details (name, email, phone number).
The content of your message and our replies.
Order number (if you provide it) and details needed to resolve your request.

Purposes: to answer questions, handle requests, and provide customer support.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR) and, where needed, performance of a contract (Art. 6(1)(b) GDPR).

Retention: typically up to 12 months after the case is closed, unless a longer period is needed for legal claims or compliance.

1.4 Newsletter and marketing communications

If you subscribe to our newsletter, we may process:

Contact details (email address and, if provided, your name).
Information about email interactions (e.g., whether an email was opened or a link was clicked), where your settings and applicable law allow it.

Purposes: to send newsletters and updates about collections, products and offers.

Legal basis: your consent (Art. 6(1)(a) GDPR).

Retention: until you unsubscribe. You can unsubscribe anytime via the link in our emails.

1.5 Visiting the Site (cookies and analytics)

When you browse the Site, we may automatically collect:

Device and browser information (e.g., device type, browser version).
Log data (IP address, date/time, pages viewed, referrer).
Cookie identifiers and similar online identifiers (where cookies are used).

Purposes: to operate the Site, keep it secure, remember preferences, understand how the Site is used, and improve performance.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR) and/or your consent for optional cookies (Art. 6(1)(a) GDPR), depending on your cookie choices.

Retention: depends on cookie type. See section 6 for more details.

1.6 Reviews and user-generated content

If you submit a product review or other public content, it may be visible to others on the Site. Please avoid sharing sensitive information.

Legal basis: your consent and/or legitimate interests (Art. 6(1)(a) and/or Art. 6(1)(f) GDPR), depending on the feature.

Retention: we keep reviews until you request removal or the feature is discontinued, unless we must keep records for legal reasons.

2. Sharing personal data with third parties

We share personal data only when needed to run our store, fulfil your order, or meet legal duties. Typical recipients include:

E-commerce platform provider (e.g., Shopify) to power the Site and checkout.
Payment service providers to process payments securely.
Shipping and fulfilment partners (e.g., DHL and our fulfilment/warehouse partners) to deliver your order.
Email and customer support tools (to send transactional emails and respond to enquiries).
Analytics and advertising partners (only where enabled by your cookie/consent choices).

Where a supplier processes personal data on our behalf, we use appropriate agreements (data processing agreements) and require adequate security measures.

3. International data transfers

Some service providers may process data outside the European Economic Area (EEA). If we transfer personal data outside the EEA, we use recognised safeguards where required, such as the European Commission’s Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

4. Security measures

We use appropriate technical and organisational measures to protect personal data, including:

TLS/SSL encryption for data transmission.
Access controls and strong authentication practices.
Regular updates and monitoring of systems.
Limiting access to data to authorised personnel and partners only.

5. Your rights

Depending on where you live (and especially if you are in the EEA/UK), you may have rights such as:

Access: request a copy of your personal data.
Correction: ask us to correct inaccurate or incomplete data.
Deletion: ask us to delete your data in certain cases.
Restriction: ask us to limit processing in certain cases.
Portability: receive your data in a structured, commonly used format.
Objection: object to processing based on legitimate interests, including direct marketing.
Withdraw consent: where processing is based on consent (e.g., newsletter, optional cookies).

To exercise your rights, contact us at hello@maluashop.com. We may need to verify your identity before responding.

6. Cookies

We use cookies and similar technologies to make the Site work, remember preferences, and (if you allow) to measure performance and support marketing. You can control cookies through your browser settings and, where available, our cookie banner/settings.

For information about cookies used by Shopify, see Shopify’s cookie information page: shopify.com/legal/cookies.

7. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legal requirements. The most current version will always be available on maluashop.com, and the “Last updated” date will be revised accordingly.

8. Questions and contact details

Data controller: DOUBLE M sp. z o.o. (Malua)

Registered address: ul. Tadeusza Kościuszki 38/4, 44-100 Gliwice, Poland

Email: hello@maluashop.com

Website: maluashop.com

If you have questions about this Privacy Policy or how we handle your personal data, please contact us by email. If you are in the EEA/UK, you also have the right to lodge a complaint with your local data protection authority.

Pillowcase Size Guide

Pillowcase	Size (W x L)
Small	60 cm x 50 cm (24" x 20")
Standard	70 cm x 50 cm (28" x 20")
Big	80 cm x 70 cm (31" x 28")

Fitted Sheet Size Guide

Fitted Sheet	Size (W x L + pocket depth)	Mattress Size (W x L + height)
Single	140 cm x 200 cm + 30 cm (55" x 79" + 12")	140 cm x 200 cm + up to 12"
Queen	160 cm x 200 cm + 30 cm (63" x 79" + 12")	160 cm x 200 cm + up to 12"
King	180 cm x 200 cm + 30 cm (71" x 79" + 12")	180 cm x 200 cm + up to 12"

Duvet Cover Size Guide

Duvet Cover	Size (W x L)	Mattress Size (W x L)
Single	140 cm x 200 cm (55" x 79")	80/90 cm x 190/200 cm
Single	160 cm x 200 cm (63" x 79")	90/100 cm x 190/200 cm
Double	200 cm x 200 cm (79" x 79")	140 cm x 200 cm
King	220 cm x 200 cm (87" x 79")	140/160 cm x 200 cm
Super King	240 cm x 220 cm (94" x 87")	160/180 cm x 200 cm