PRIVACY POLICY

Last Updated: 02nd of March 2026

MCDOLY.LK we respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, make purchases, use our services, or interact with us (collectively, the “Services”). It applies worldwide to users of our luxury clothing brand.

We operate as a data controller under applicable data protection laws, including the Personal Data Protection Act No. 9 of 2022 (PDPA) of Sri Lanka (as amended), the General Data Protection Regulation (GDPR) for EEA/UK users, the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) for California residents, and other relevant laws.

Please read this policy carefully. By using the Services, you consent to the practices described here.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will post the revised version on the Site with an updated “Last Updated” date. For material changes, we may notify you via email or a prominent notice on the Site. Continued use after changes constitutes acceptance.

PERSONAL INFORMATION WE COLLECT

We collect personal information from various sources depending on your interactions:

1. Information You Provide Directly

• Contact details (name, email, phone, address).

• Order details (billing/shipping address, payment info via processors, items purchased).

• Account details (username, password, preferences).

• Shopping data (viewed items, cart contents, saved loyalty points, reviews, referrals, gift cards).

• Communications (customer support messages, inquiries).

2. Automatically Collected Usage Data We use cookies, pixels, web beacons, and similar technologies (see Cookies section) to collect:

• Device/browser info (IP address, browser type, OS).

• Usage patterns (pages visited, time spent, clicks).

• Geolocation (approximate, via IP).

• Interaction with ads/emails.

3. Information from Third Parties

• Shopify and platform providers.

• Payment processors (for transaction fulfillment).

• Analytics/advertising partners (e.g., Google, Facebook).

HOW WE USE YOUR PERSONAL INFORMATION

We use your information to:

• Fulfill orders, process payments, ship products, handle returns/exchanges (contract performance).

• Manage accounts, provide support, personalize experience.

• Send transactional communications (order confirmations, shipping updates).

• Improve Services, conduct analytics, detect fraud/security issues.

• Send marketing/promotions (with consent or opt-out where required; legitimate interests for existing customers in some jurisdictions).

• Comply with legal obligations, enforce terms, protect rights.

LAWFUL BASES FOR PROCESSING (Where Applicable)

• Contract performance (e.g., orders).

• Legitimate interests (e.g., fraud prevention, site improvement, direct marketing to existing customers — balanced against your rights).

• Consent (e.g., marketing emails, non-essential cookies).

• Legal obligations.

COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies as detailed in Shopify’s Cookie Policy: https://www.shopify.com/legal/cookies (incorporated by reference). Categories include necessary, functional, performance/analytics, advertising, and social media.

We honor the Global Privacy Control (GPC) signal as an opt-out from sharing/selling/targeted advertising. If GPC is detected, we apply it to the browser/device (and linked account if identifiable). We do not respond to other “Do Not Track” signals.

You can manage cookies via browser settings, but this may limit site functionality.

HOW WE DISCLOSE YOUR PERSONAL INFORMATION

We share information with:

• Service providers (Shopify, payment processors, shipping, analytics, IT).

• Marketing/business partners (for ads, with opt-out rights).

• Affiliates.

• In mergers, legal requirements, or to protect rights.

Over the past 12 months, we have disclosed/sold/shared (as defined under CCPA/CPRA) categories like identifiers, commercial info, and usage data to marketing partners for advertising. We do not sell/share sensitive personal information or data of minors under 16 without consent.

INTERNATIONAL DATA TRANSFERS

Your information may be transferred to/stored/processed outside your country (e.g., to the US, where Shopify operates). We use safeguards like Standard Contractual Clauses (SCCs) for GDPR transfers, adequacy decisions, or other PDPA-compliant mechanisms to ensure protection.

YOUR PRIVACY RIGHTS

Depending on your location and applicable law (GDPR, CCPA, PDPA, etc.), you may have rights to:

• Access/know your data.

• Correct inaccuracies.

• Delete data.

• Restrict/objection to processing (including marketing/profiling).

• Data portability.

• Withdraw consent.

• Not be subject to solely automated decisions with significant effects.

• Opt out of sales/sharing/targeted ads.

To exercise rights, contact us at info@mcdoly.lk. We may verify identity before responding (within legal timelines, e.g., 30–45 days). No discrimination for exercising rights.

For marketing opt-out: Use unsubscribe links or contact us.

COMPLAINTS

• EEA/UK: Your local supervisory authority (list: https://edpb.europa.eu/about-edpb/board/members_en).

• California: California Attorney General.

• Sri Lanka: Data Protection Authority of Sri Lanka (dpa.gov.lk).

• Other jurisdictions: Relevant authority.

CHILDREN’S PRIVACY

Our Services are not for children under 16. We do not knowingly collect their data.

SECURITY AND RETENTION

We use reasonable security measures, but no system is infallible. Data is retained as needed for purposes above, legal obligations, or disputes (typically order data for several years; analytics longer).