1. Introduction Matronne (“Matronne”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal information in accordance with applicable privacy and data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada and the General Data Protection Regulation (GDPR) applicable within the European Economic Area (EEA) and the UK GDPR. This Privacy Policy explains how we collect, use, store, disclose and protect personal information when you visit or use our website, www.matronne.com (the “Website”), purchase products, contact us, or otherwise interact with our services. By accessing or using the Website, you acknowledge that your personal information will be processed as described in this Privacy Policy.

2. Data Controller For the purposes of applicable data protection laws, the data controller is: Matronne Website: www.matronne.com Email: extra@matronne.com The data controller is responsible for determining the purposes and means of processing personal information collected through the Website.

3. Information We Collect We may collect the following categories of personal information:

• Information You Provide Directly: Full name, billing address, shipping address, email address, telephone number, order details, and communications submitted through customer enquiries.
• Information Collected Automatically: When you access the Website, certain technical information may be collected automatically via secure protocols, including IP address, browser type and version, device information, operating system, referral source, website usage information, and the date and time of access.
• Transaction Information: When you make a purchase, transaction-related information is processed, including order value, transaction identifier, and payment status. Matronne does not store or have direct access to complete payment card numbers.

4. Purposes of Processing We process personal information for the following specific and lawful purposes:

• Processing and fulfilling orders;
• Delivering purchased products through our verified logistics networks;
• Providing dedicated customer support and resolving enquiries;
• Managing returns, refunds and related requests;
• Preventing fraudulent or unlawful activity and mitigating transaction risks;
• Maintaining website functionality and secure performance;
• Complying with statutory legal, regulatory, accounting and tax obligations.

5. Legal Bases for Processing (EEA and UK Visitors) Where GDPR or UK GDPR applies, we process personal information on one or more of the following legal grounds:

• Performance of a Contract: Processing necessary to fulfil orders, deliver products and provide customer support.
• Legal Obligation: Processing necessary to comply with applicable legal, tax, accounting and regulatory requirements.
• Legitimate Interests: Processing necessary for robust business administration, fraud prevention, information security and the protection of legal rights.
• Consent: Where required by law, processing based upon your explicit consent, which may be withdrawn at any time.

6. Payment Processing Payments made through the Website are securely handled by Stripe, a third-party payment processing service provider. When a payment is submitted, relevant transaction and payment information is transmitted directly to Stripe via encrypted channels for the purpose of processing payments, fraud monitoring, regulatory compliance and financial reconciliation. All payment processing complies strictly with the Payment Card Industry Data Security Standard (PCI-DSS). Stripe processes personal information in accordance with its own privacy practices and applicable legal obligations. For further information, users may review Stripe’s privacy information at: https://stripe.com/privacy Matronne does not store, view, or retain full payment card details on its own systems.

7. Disclosure of Personal Information We may disclose personal information only where reasonably necessary to operate our business and fulfil customer orders, strictly limited to:

• Payment processing providers (Stripe);
• Direct shipping partners and internal fulfilment networks managed by or for Matronne;
• Website hosting and information technology service providers operating under strict confidentiality;
• Professional advisers and statutory authorities where legally required. Personal information is never sold, rented, or traded to third parties.

8. International Data Transfers Personal information is processed and stored securely in Canada and within our direct operational infrastructure in the United Kingdom. For European Economic Area (EEA) residents, transfers to Canada are fully protected and legitimised under the European Commission’s Adequacy Decision regarding the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). Where personal information is transferred to other jurisdictions outside the EEA, standard contractual clauses (SCCs) approved by the European Commission are strictly implemented to guarantee an equivalent level of data protection.

9. Data Retention Personal information is retained only for as long as necessary to fulfil the purposes described in this Privacy Policy and to satisfy statutory legal obligations. Unless a longer retention period is required by mandatory law:

• Customer account, order and transaction records are retained for up to 7 years following the completion of the relevant transaction for tax and financial auditing purposes.
• Customer service communications are retained for up to 3 years following the last interaction.
• Technical and website usage records are retained for up to 24 months. Following the expiry of the applicable retention period, personal information will be permanently deleted, securely anonymised, or otherwise disposed of in a secure manner.

10. Data Security We implement rigorous technical, organisational and administrative measures intended to protect personal information against unauthorised access, disclosure, alteration, misuse or loss. Secure Sockets Layer (SSL/TLS) encryption is deployed to safeguard data transmissions during checkout and data submission processes. While appropriate industry-standard measures are maintained, no method of electronic transmission or storage can provide absolute protection under all circumstances.

11. Your Privacy Rights Subject to applicable law (including GDPR and PIPEDA), individuals hold specific rights regarding their data, including the right to:

• Access personal information held about them;
• Request immediate correction of inaccurate or incomplete information;
• Request erasure of personal information (“the right to be forgotten”) under certain conditions;
• Request restriction of or object to certain forms of data processing;
• Request data portability where technically feasible;
• Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Data rights requests may be submitted directly to: extra@matronne.com. We may request specific information necessary to verify your identity before fulfilling such requests.

12. Cookies and Similar Technologies The Website uses functional and analytical cookies to maintain core platform stability, improve user experience, analyse performance, and measure visitor interactions. Users retain full control over cookie preferences through their individual browser settings. Where required by the EU ePrivacy Directive, explicit consent will be obtained before non-essential analytical cookies are placed on a user’s device.

13. Children’s Privacy The Website is intended solely for individuals who have reached the age of majority in their jurisdiction or who are legally capable of entering into binding commercial transactions. We do not knowingly collect personal information from children.

14. Regulatory Complaints If you believe your personal information has been processed in a manner inconsistent with applicable data protection laws, you have the right to submit a complaint to the competent privacy or data protection authority in your jurisdiction (such as the Office of the Privacy Commissioner of Canada or an EEA Supervisory Authority). We politely encourage individuals to contact us first so that any concerns may be reviewed and resolved directly.

15. Changes to This Privacy Policy We may update this Privacy Policy from time to time to reflect operational, legal or regulatory developments. Any revised version will become effective upon publication on the Website together with the updated revision date.

16. Contact Information For questions regarding this Privacy Policy or our personal information practices, please contact: Matronne Website: www.matronne.com Email: extra@matronne.com