Privacy Notice


Hello Marilu is committed to protecting your privacy through the use of our website and service providers. To help you understand and feel confident with how we collect, process, store and protect your data please review our Privacy Notice below.

This Privacy Notice is effective from 24th May 2018. We will from time to time update our Privacy Notice. We advise you to regularly review our Privacy Notice to keep up to date with any changes and make sure you are happy with all changes.

By using our site and our services you are consenting to our websites Privacy Notice.

In this policy, "we", "us" and "our" refer to Hello Marilu. “You” refers to you the user.

Our Details

Hello Marilu is owned and run by Mary-Ann Aveline, who is also the data controller responsible for your personal data.

Our business contact details are;

Business: Hello Marilu

Contact: Mary-Ann Aveline


Address: Hello Marilu, 66 Endwell Road, London, SE4 2ND

You may contact us by email, or in writing if you have any questions regarding our Privacy Notice, or if you would like us to update or correct your personal information.


The Data we collect

We process certain types of data about you as set out below:

Usage Data – this may include how you use our website, which products and services you view, your IP address, log in details, geographical location, and referral source, or any information which you post to our website. We may use this data to analyse the use of our website, products and services and to help us make improvements. Our legal ground for processing this information is our legitimate interests, in monitoring and improving our website, products and services.

Account Data – if you register an account with us we will ask you to supply your name and email address, and create a unique password. The account data may be processed to ensure the security of our website, for back up purposes and to communicate with you. Our legal ground for processing this information is via your consent by creating an account on our website, and our legitimate interests in fulfilling our services to you.

Contact Data – this may include your name, company, billing and shipping address, email and telephone numbers. This information will be provided by you. The legal ground for processing this data is via your given consent so we may communicate with you, and fulfill a service, purchase or contract with you. We also process this information for our legitimate interests in the administration of our website and business, to maintain our records, and to establish, pursue or defend legal claims.

Enquiry Data – this may include any enquiry or communication made to us by you via our website form, email address, telephone or postal address, or in person at an event, market or workshop. The legal ground for processing this data is via your consent in contacting us, and our legitimate interests in replying to your enquiry, maintaining records, and administering our business.

Transactional Data – this may include your contact data, card or payment details, and transaction details. We will process this data to complete any purchase of goods or services made by you, and maintaining records of such transactions. Our legal ground for processing this data is via your consent so we may fulfil our contract with you, and our legitimate interest in the administration of our website and business.

Marketing Data – this may include your preferences in receiving marketing communications from us, and our third parties. Our legal ground for processing this information is via your given consent, and our legitimate interests in updating you with news, products, services and events relating to Hello Marilu, which may be of interest to you and which will help grow our business. You may unsubscribe from these communications at any time by updating your preferences, clicking the unsubscribe link at the bottom of our communications, or emailing us directly at

Our legal ground for processing all of the above data is via your given consent in using our website and/or supplying your details. We will also process this data for our legitimate interests, to analyse and improving our website, products and services, to complete and fulfil orders and services, to communicate when necessary and as agreed with the user, to maintain our records and administer our business. In addition we may process this data for any legal claims or obligations to which we are subject in the protection or our legal rights, your legal rights and the legal rights of others.

If you are not happy with the way in which we collect and use your data, we ask you to contact us on and we will aim to resolve your issue for you. You also have the right to complain to the Information Commissioners Office (ICO) if you believe there is a problem in the way that we handle your data.


Sharing your personal data

Your data may be shared with any member of our company, Hello Marilu, as necessary to fulfil any business purpose described above or for any legal requirements.

Third Parties

Your data is collected and stored on our website hosting site which is powered by Shopify Inc. Your data is stored in their secure data storage database. They follow industry standards on security management to safeguard your information. You can read more about their Privacy Policy here.

Financial transactions are collected via Shopify Inc. Shopify Inc omplies with the highest level of Payment Card Industry (PCI) standards. 

Additionally you may opt to use PayPal to complete your transaction. Each PayPal transaction is encrypted using advanced encryption technology. For more information on PayPal’s safety and security please visit their website

Our Marketing Communication data is stored and processed on our marketing platform which is powered by Mailchimp. The Mailchimp application is encrypted and best security practices are employed to protect your information. For more information on Mailchimps safety and security please visit their website

We may share your personal data with third party courier or postal services only to the extent necessary to deliver your purchased goods.

We may be required to disclose your personal data in compliance with legal or regulatory obligations, to which we are subject in the protection or our legal rights, your legal rights and the legal rights of others.


International transfers

Countries outside of the European Economic Area (EEA) do not always off the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

Many of our third party service providers are based outside of the EEA, so their processing of your data will involve a transfer of data outside the EEA.

We will only work with service providers who provide adequate safeguards to protect your data. These include:

Shopify Inc - Our website is hosted by Shopify Inc, which is situated in Canada. Shopify’s GDPR whitepaper can be accessed here along with their Privacy Policy here.

Mailchimp - Our email marketing database is hosted by Mailchimp, which is situated in North America. Mailchimps privacy policy can be accessed here.

PayPal – At check out you have the option to complete your transaction through PayPal. Paypal is situated in North America. PayPals Privacy Policy can be accessed here.

Data Retention

We will retain your personal data for no longer than is necessary for the purpose we obtained it.

For tax purposes we are required by law to retain basic customer details, including contact details and transaction details, for 6 years following the date of their last transaction.

For mailing list purposes we will retain contact information until the user unsubscribes from our mailing list or directly requests removal from our mailing list.

We may in certain circumstances be required by law to retain personal data where it is necessary for compliance with a legal obligation.


Your rights

Under the GDPR you have following rights in relation to your personal data. These include:

·       The right to be informed

·       The right of access

·       The right of rectification

·       The right to erasure

·       The right to restrict processing

·       The right to data portability

·       The right to object

·       The right not to be subject to automated decision – making including profiling.

For more information on these rights you can visit the ICO website pages


If you would like to request any of the rights to your data, please email us at

We will aim to comply with your request within one month. We may need to gather some information from you in order to securely deal with your request. A delay in response from you may increase the time it takes to complete your request.

In most cases we will not charge for your request, unless the request is seen to be manifestly unfounded or excessive.

We reserve the right to refuse a request, in which case we will notify you and advise you of your right to complain to the supervisory authority.


Cookies are small amounts of data which are created by a website and stored on a users hard drive. They enable the website to recognise you and keep track of your preferences in terms of what items you have recently viewed, or your username for website log in. Cookies in no way allow us access to your computer or personal information. 

Cookies allow us to identify which products and pages are being viewed, which in turn helps us to understand our customer preferences and improve our website and product offering. It also aims to improve your own shopping experience by remembering your preferences.

By using our website you are agreeing to accept cookies. If however you wish to decline cookies you can do this by modifying your own website browser. This may prevent you from using our website to its full potential.

Terms & Conditions

Please visit our separate Terms & Conditions page here.

Links to other websites

We may on occasion provide links to other websites which may be of interest to you. We are not responsible for the protection and privacy of any information you provide whilst visiting any of these linked sites. Each separate website should have its own privacy policy which you should review with caution.