Privacy Policy

MH Luxury Boutique ("MH", "we", "us", or "our") operates the website mhmabruk.store. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or make a purchase. Please read this Privacy Policy carefully. By accessing or using our website, you agree to the collection and use of information in accordance with this policy.

Personal Information You Provide

When you interact with our website, you may voluntarily provide us with personal information, including but not limited to:

• Full name
• Email address
• Phone number
• Shipping and billing address
• Billing and payment information

Information Collected Automatically

When you visit our website, certain information is collected automatically, including:

• IP address
• Browser type and version
• Device information (operating system, screen resolution)
• Pages visited and time spent on each page
• Referring URL (the website that directed you to us)
• Date and time of access

Transaction Data

When you make a purchase, we collect transaction-related data, including:

• Purchase history and order details
• Order confirmations and payment confirmations
• Delivery and shipping information

We use the information we collect for the following purposes:

• Order Processing: To process and fulfill your orders, including shipping and delivery
• Customer Communication: To communicate with you about your orders, respond to inquiries, and provide customer service
• Marketing: To send you promotional materials and newsletters, only with your explicit consent. You may opt out at any time
• Website Improvement: To analyze usage patterns, improve our website, and enhance the user experience
• Fraud Prevention: To detect, prevent, and address fraudulent transactions and other illegal activities
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations

We use the following third-party services to operate our website and process transactions. Each service has its own privacy policy governing the use of your information:

Cloudinary

We use Cloudinary for image hosting and optimization via their content delivery network (CDN). Cloudinary may process technical data related to image delivery.

Cloudflare Turnstile

We use Cloudflare Turnstile for bot protection and form security. This service helps ensure that form submissions on our website are made by real users and not automated bots. Cloudflare may collect certain technical data to verify user interactions.

YaadPay

We use YaadPay as our payment processing provider. When you make a purchase, your credit card information is handled directly by YaadPay and is not stored on our servers. YaadPay processes your payment data in accordance with PCI DSS standards.

We encourage you to review the privacy policies of these third-party services for more information about how they handle your data.

Our website uses cookies and similar tracking technologies to enhance your browsing experience. The types of cookies we use include:

Essential Cookies

These cookies are necessary for the website to function properly. They enable core functionality such as page navigation and access to secure areas of the website.

Preference Cookies

These cookies allow the website to remember your preferences, such as your selected language and cookie consent choices, to provide a more personalized experience.

Analytics Cookies

With your consent, we may use analytics cookies to understand how visitors interact with our website. This helps us improve our website and services.

You can manage your cookie preferences through your browser settings or by using our cookie consent banner when you first visit the website. Please note that disabling certain cookies may affect the functionality of our website.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Specifically:

• Order and transaction data is retained for 7 years in accordance with Israeli tax regulations
• Account information is retained for as long as your account remains active
• Marketing preferences are retained until you withdraw your consent
• Technical log data is retained for a limited period for security and troubleshooting purposes

When data is no longer required, it is securely deleted or anonymized.

Under the Israeli Privacy Protection Law 5741-1981 and the General Data Protection Regulation (GDPR), where applicable, you have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you
• Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data
• Right to Erasure: You have the right to request deletion of your personal data, subject to legal retention requirements
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format
• Right to Object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time

To exercise any of these rights, please contact us using the details provided in the Contact Us section below. We will respond to your request within a reasonable timeframe and in accordance with applicable law.

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS protocols
• Secure server infrastructure with firewall protection
• Access controls restricting data access to authorized personnel only
• Regular security assessments and vulnerability testing
• Employee training on data protection and privacy best practices

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Your personal data is primarily stored and processed in Israel. In some cases, your data may be transferred to and processed in countries outside of Israel, for example, when using third-party service providers whose servers are located internationally.

Where international data transfers occur, we ensure that adequate safeguards are in place to protect your personal data in accordance with applicable data protection laws, including contractual clauses and compliance with recognized data protection frameworks.

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete such information as promptly as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately so that we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: