Privacy Policy

1. Introduction

Midora ("we," "us," "our," or "Company") operates the website and related services. This Privacy Policy explains how we handle, process, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to transparency and user privacy. This policy describes what information we collect, how we use it, and your rights regarding your data.

2. Data We Collect

Information You Voluntarily Provide

If you use our contact form, we collect the following information:

• Your email address
• Your message content

Note: We do not collect your name, phone number, company, or any other personal details beyond email and message content. Submission is entirely voluntary.

Information Collected Automatically

Our website uses only essential cookies necessary for basic site functionality. These cookies are used for:

• Recording your cookie consent preference
• Maintaining site navigation and session integrity

No analytics cookies, tracking cookies, or third-party cookies are used. We do not collect data about your browsing behaviour, device information, IP address, or usage patterns.

3. How We Use Your Data

We use collected information exclusively for the following purposes:

• Contact Form Submissions: To receive and respond to your inquiry. Your email is used only to send a reply.
• Cookie Consent: To record your consent preferences for site functionality.
• Site Operations: To maintain and improve basic site functionality.

We do not use your data for:

• Marketing or promotional communications
• Profiling or targeted advertising
• Analytics or behavioural tracking
• Automated decision-making
• Sale or commercial transfer

4. Legal Basis for Processing

Under UK GDPR, we process your data based on the following legal grounds:

• Consent: Processing contact form data is based on your explicit consent by submitting the form.
• Legitimate Interests: Maintaining site functionality and security is a legitimate interest necessary for website operation.
• Legal Obligation: Compliance with UK GDPR and Data Protection Act 2018.

5. Data Retention

Contact Form Data: We retain your email address and message for a maximum of 90 days after submission, after which it is securely deleted. You may request deletion at any time.

Cookie Data: Cookie consent preferences are stored in your browser and expire based on your browser settings (typically 30 days to 1 year).

6. Data Sharing and Third Parties

We do not share, sell, rent, or trade your personal data with any third parties. Your information remains confidential and is used exclusively by Midora for the purposes stated in this policy.

Our website does not integrate with third-party analytics platforms, advertising networks, or data brokers.

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: You can request a copy of your personal data at any time.
• Right to Rectification: You can request correction of inaccurate data.
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your data.
• Right to Restrict Processing: You can request limitation on how we use your data.
• Right to Data Portability: You can request your data in a structured, commonly used format.
• Right to Object: You can object to specific processing activities.
• Rights Related to Automated Decision-Making: We do not engage in automated decision-making, so this does not apply.

To exercise any of these rights, contact us at [email protected] with the subject line "Data Subject Request." We will respond within 30 days as required by UK GDPR.

8. International Data Transfers

All personal data is processed and stored within the United Kingdom. We do not transfer data outside the UK except where required by law.

9. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include:

• Secure transmission protocols (HTTPS)
• Limited data collection and retention
• Access controls restricting data access
• Regular security reviews

While we implement industry-standard safeguards, no method of electronic transmission is 100% secure. We cannot guarantee absolute security, though we strive to protect your information.

10. Cookies

Our website uses only essential cookies for basic site functionality. Specifically:

• Cookie Consent Cookie: Records your consent preference; expires based on browser settings.
• Session Cookie: Maintains site navigation integrity; expires when you close your browser.

We do not use non-essential cookies for tracking, analytics, or advertising. You can delete cookies from your browser settings at any time. Disabling cookies may affect site functionality.

For detailed information, please see our Cookie Policy.

11. Children's Privacy

Our website is not directed to children under 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 13, we will delete it promptly. Parents or guardians who believe their child has provided data can contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last Updated" date at the top of this policy. Continued use of our website constitutes acceptance of updated terms.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact us:

We aim to resolve any concerns within 30 days. If you are not satisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.