GDPR Policy

At GM2 Labs, we are committed to protecting your privacy and handling your personal data in a transparent, lawful, and secure manner. This GDPR Policy explains how we collect, use, store, and protect personal data in accordance with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679).

1. What Is GDPR?

The General Data Protection Regulation (GDPR) is a data protection law that gives individuals greater control over how their personal data is collected, used, and stored. It applies to all organizations that process personal data of individuals located in the European Economic Area (EEA).

2. Personal Data We Collect

We may collect and process the following types of personal data:

  • Name, email address, phone number, and billing/shipping address

  • Order details and purchase history

  • Payment-related information (processed securely by third-party providers)

  • Account login information

  • IP address, browser type, and website usage data

  • Communications sent to us via email or contact forms

3. Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so, including:

  • Performance of a contract (e.g., processing your order)

  • Compliance with legal obligations

  • Legitimate business interests (e.g., improving our services)

  • Your consent (e.g., marketing communications)

4. How We Use Your Data

Your personal data may be used to:

  • Process and deliver orders

  • Communicate order updates and customer support responses

  • Improve website functionality and user experience

  • Send marketing communications (only where consent is given)

  • Prevent fraud and ensure website security

5. Data Sharing

We do not sell your personal data. We may share data with trusted third parties only when necessary, such as:

  • Payment processors

  • Shipping and logistics partners

  • Website hosting and analytics providers

All third parties are required to handle your data in compliance with GDPR standards.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal and regulatory requirements.

7. Your GDPR Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion of your data (“right to be forgotten”)

  • Restrict or object to data processing

  • Request data portability

  • Withdraw consent at any time (where applicable)

To exercise your rights, please contact us using the details provided on our website.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or loss.

9. Cookies & Tracking

Our website may use cookies and similar technologies to enhance functionality and analyze usage. You can manage cookie preferences through your browser settings or cookie consent tools.

10. International Data Transfers

If personal data is transferred outside the EEA, we ensure appropriate safeguards are in place to protect your information in compliance with GDPR requirements.

11. Policy Updates

GM2 Labs may update this GDPR Policy from time to time. Any changes will be posted on this page, and continued use of our website indicates acceptance of the updated policy.

12. Contact Us

If you have questions about this GDPR Policy or how your data is handled, please contact us through the official contact details listed on our website.