Privacy Policy


This Privacy notice explains what happens to any personal data that you give to us when you use this website. It applies to all our products and services here at Mauldons. When we say ‘we’ ‘us’ ‘our’ or the ‘website’ in the notice below, we are referring to Mauldons.

Who are we?

Mauldons Ltd.
Our registered office is 13 Churchfield Road, Sudbury, Suffolk, CO10 2YA.
Our company registration number is 03905674 – Mauldons is a subsidiary of Heathpatch Ltd.
Our vat number is 741043373

A Statement

If you have placed an order, set up an account or agreed to receive email marketing from us, you have trusted us with your data and we sincerely acknowledge and understand our duty of care when processing it.

We only collect data which is absolutely necessary to provide you with our products and/or services.

We loathe spam too!

We take your privacy very seriously. We will never sell, lend or otherwise trade your personal data.

When do we collect your personal data?

We collect information about you when you place an order for our products or services (either on the website or by phone).

If you decide to set up an account with us.

If decide you decide to receive marketing information from us by subscribing to our form on this website.

When you contact us by phone, email or by post to place an order or with a query or a complaint.

When you enter prize draws or competitions.

When you choose to complete any surveys we send you.

When you comment on or review our products or services.

What sort of personal data do we collect

When you place an order we collected your title, full name, billing address, delivery address (if different to billing address) email address and phone number.

If you decide to set up an account with us we collect your title, full name, any addresses you enter, email address and phone number and your orders with us. You set up a password to get into your account. (Your password is stored encrypted for your security.)

Details of interactions with you by telephone or email or post. Including your title and full name and any other contact details necessary to deal with your query or complaint.

If you agree to receive marketing from us, we collect your email address. We will also collect your name and birthday if you choose to provide these details.

We may collect details of what purchases you have made from us, voucher redemptions, products you have shown interest in.

When you contact us by phone, email or by post with a query or a complaint.

When you enter prize draws or competitions.

When you choose to complete any surveys we send you.

When you comment on or review our products or services.

How and why do we use your personal information?

We use your personal information to process any orders you make. If we don’t collect your personal data during checkout we are unable to process your data and comply with our legal obligations.

If you choose to receive marketing information from us we use your name, birthday and email address to send you information about products and offers and sometimes links to our blog. You may opt out of this at any time. At times we use your personal data to provide personalized content and services to you. For example, we may use your purchase history with us to send you personalized offers.

We may occasionally use your address details to send you direct marketing by post telling you about product and services that we think might interest you.

To administer any of our prize draws and competitions which you enter, based on your consent given at the time of entering.

How we protect your data

We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.

We secure access to all transactional areas of our websites and apps using ‘https’ technology.

Access to your personal data is password-protected.

We regularly monitor our system for possible vulnerabilities and attacks


Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit or You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.

What are the legal grounds for our processing of your personal information (this includes when we share it with others).

We rely on ‘contract’ in the case of fulfilling an order you have placed with us.

We rely on ‘consent’ from you when you decide to set up an account with us. You can request that we delete this account at any time by contacting

We rely on ‘consent’ from you when you choose to receive marketing from us. You can unsubscribe at any time by clicking the unsubscribe button in any marketing email you receive from us.

We rely on ‘legitimate interests’: for the management of our business, including accounting. To keep records of any email communications with you and our staff. Where we need to share your personal information with people or organisations in order to run our business, or comply with any legal and/or regulatory obligations.

When do we share your personal information with other organisations.

We sometimes have to share your personal data with trusted third parties.

We share your full name, delivery address and phone number with our courier company in order to send the goods to you. Our Courier Company is APC Overnight.

Our accountants have sight of orders placed on our website for accounting purposes.

We are working towards your name and address and purchase history being stored within our accounting system Xero, no financial details whatsoever are stored on Xero.

When you place an order on this website you are transferred to our payment service provider Stripe. They handle your payment on our behalf. We do not hold any bank details from you whatsoever within the website.

The IT companies who support our website and other business systems.

A direct marketing system which allows us to send electronic communications to you (when you have consented to this).

How and when can you withdraw your consent?

When we’re relying on your consent to process your personal data you can withdraw this consent at any time by contacting or by unsubscribing to the emails we send you.

Do you have to provide your personal information to us?

We are unable to provide you with our products or services if you do not provide certain information to us. In cases where providing personal information is optional we make this clear and ask for your consent.

How long do we keep your personal information for?

We keep your personal data based on the following criteria:

For as long as we provide goods and/or services to you.

Retention periods in line with legal and regulatory guidance.

Protecting your data outside the EEA

The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA.

For example, this might be required in order to fulfil your order, process your payment details or provide support services.

If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. If you wish for more information about this, please contact

What are your rights under data protection laws?

You have the right to request:

Access to the personal data we hold about you, free of charge in most cases. Please email

The correction of your personal data when incorrect, out of date or incomplete.

That we stop using your personal data for direct marketing.

That we stop any consent-based processing of your personal data after you withdraw that consent.

Your right to withdraw consent:

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

Where we rely on our legitimate interest:

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Checking your identity:

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

Your right to complain

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws:

You can contact us at or at the address at the top of this notice.

Changes to this privacy policy

Mauldons has the discretion to update this privacy policy at any time.

This privacy policy was updated on 25th August 2020