Privacy Policy

1. Who we are

MARINAC ("we", "us") is a Ukraine-based brand of marine accessories selling directly via marinac.world to customers worldwide. The data controller for the purposes of GDPR is MARINAC, contact details at the bottom of this page.

2. What data we collect

• Account data — name, email, phone, shipping address, password hash.
• Order data — products purchased, prices, delivery details, invoice information.
• Payment data — handled by our payment processors (Stripe / Wayforpay); we never store full card numbers.
• Technical data — IP address, browser type, device, pages viewed, anonymised analytics events.
• Cookies — see section 6.
• Voluntary data — anything you send us via contact forms, chat or email.

3. How we use your data

• To process orders, ship products and provide customer support.
• To send order-related emails (confirmations, shipping, returns).
• To improve the site (anonymous analytics, A/B testing).
• To send marketing emails — only if you have opted in.
• To comply with tax, accounting and consumer-protection laws.

4. Legal basis (GDPR Art. 6)

• Contract — to deliver the products you bought.
• Legal obligation — for invoices, tax records, customs documents.
• Consent — for marketing emails and non-essential cookies (revocable any time).
• Legitimate interest — for fraud prevention, site security and aggregate analytics.

5. Who we share data with

We do not sell your data and we do not share it with advertisers without your explicit opt-in.

• Payment processors — Stripe (US/EU) and Wayforpay (UA).
• Shipping carriers — Nova Poshta, Ukrposhta, DHL and similar, for the address strictly required to deliver your order.
• Cloud / hosting — Vercel (US/EU) and our database provider; data may transit EU and US infrastructure.
• Analytics — Google Analytics 4 (anonymised) and self-hosted Umami (cookieless).
• Authorities — only when legally compelled.

6. Cookies

We use a minimal set of cookies. Strictly necessary cookies (cart, session, CSRF) load by default. Analytics, marketing and personalisation cookies load only if you grant consent in our cookie banner. You can change or revoke your choice at any time via the "Cookie settings" link in the footer.

7. How long we keep data

• Order records — 3 years (consumer protection) and up to 7 years for accounting where required by law.
• Account data — until you delete the account or after 3 years of inactivity.
• Marketing consent — until you withdraw it.
• Server logs — 90 days.

8. Your rights

Under GDPR (and Ukrainian data-protection law) you have the right to: access your data, correct it, delete it ("right to be forgotten"), restrict or object to processing, portability, and to lodge a complaint with a supervisory authority. To exercise any right, email us at the address below — we respond within 30 days.

9. Security

We use TLS for all traffic, store passwords as bcrypt hashes, and never log full payment details. No system is 100% secure, but we apply industry-standard measures and notify users of any data breach within 72 hours as required by law.

10. Children

Our products are not directed at children under 16. We do not knowingly collect data from minors.

11. Changes

We may update this policy. The "Last updated" date at the top reflects the latest version. Material changes will be announced on the site and, where appropriate, by email.