Privacy Policy
Privacy Policy
MaxandsohWatches.com
Last Updated: 17 March 2026
This Privacy Policy explains how MaxandsohWatches.com (“we”, “us”, “our”), operated by Ngoubi Maximillian Diangha and registered in the United Kingdom, collects, uses, stores, and protects your personal data when you visit our website, make a purchase, or interact with us in any way.
We are committed to protecting your privacy and handling your personal information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
Please read this policy carefully. By using our website and services, you acknowledge that you have read and understood this Privacy Policy.
1. Who We Are (Data Controller)
For the purposes of applicable data protection law, the data controller is:
MaxandsohWatches.com
Operated by: Ngoubi Maximillian Diangha
Address: 44 Sidlaw Close, Basingstoke, RG22 5BJ, United Kingdom
Website: www.maxandsohwatches.com
Email: admin@maxandsohwatches.com
Phone: +44 7506 608408
Data Protection Contact: Ngoubi Maximillian Diangha is the designated data protection contact for MaxandsohWatches.com. All data protection queries, Subject Access Requests, and rights requests should be directed to admin@maxandsohwatches.com.
If you have any questions or concerns about how we handle your personal data, or wish to exercise your data protection rights, please contact us using the details above.
2. What Personal Data We Collect
We may collect and process the following categories of personal data:
2.1 Information You Provide to Us
- Full name
- Email address
- Postal address (including billing and delivery addresses)
- Telephone number
- Payment information (processed securely via third-party payment providers — we do not store your full card details)
- Account login credentials (if you create an account on our website)
- Communications and correspondence (including emails, contact form submissions via WPForms, messages, and enquiries)
- Product reviews, feedback, and preferences
2.2 Information Collected Automatically
- IP address and approximate geographic location
- Browser type and version
- Device type and operating system
- Pages visited, time spent on pages, and navigation paths on our website
- Referring website, search terms, or campaign links that brought you to our site
- Cookie data and similar tracking technologies (see Section 10)
2.3 Information from Third Parties
We may receive personal data from third-party platforms and service providers, including:
- Payment processors (Stripe, PayPal) — transaction confirmation and fraud screening data
- Delivery and fulfilment partners (CJdropshipping, Royal Mail, DHL, FedEx, UPS) — delivery status and tracking data
- Analytics platforms (Google Analytics) — aggregated and anonymised website usage data
- Review platforms (Trustindex) — customer review data where you have submitted a review via a connected platform
- Social media platforms — where you interact with our content or connect your account
3. How We Use Your Personal Data
We use your personal data only where we have a lawful basis to do so under UK GDPR. The purposes for which we use your data, and the corresponding lawful bases, are as follows:
| Purpose | Lawful Basis |
|---|---|
| Processing and fulfilling your orders (including passing your name, address, and order details to our fulfilment partner CJdropshipping for dispatch) | Performance of a contract |
| Processing payments securely via Stripe, PayPal, or other payment gateways | Performance of a contract |
| Fraud prevention, identity verification, and address checks on orders | Legitimate interests / Legal obligation |
| Communicating with you about your orders, enquiries, returns, or complaints | Performance of a contract / Legitimate interests |
| Sending marketing communications, newsletters, and promotional offers (only where you have opted in) | Consent |
| Personalising your browsing and shopping experience | Legitimate interests |
| Analysing website traffic and user behaviour via Google Analytics to improve our website and services | Legitimate interests |
| Displaying customer reviews via Trustindex to promote trust and transparency | Legitimate interests |
| Complying with legal and regulatory obligations (including tax, accounting, and consumer law requirements) | Legal obligation |
Where we rely on legitimate interests as our lawful basis, we have assessed that our interests are not overridden by your rights and freedoms. You may object to such processing at any time (see Section 8).
4. How We Share Your Personal Data
We do not sell, rent, or trade your personal data. We may share your data with the following categories of third parties, strictly for the purposes described in this policy:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Stripe (payment processor) | To securely process card payments | Payment card details (processed directly by Stripe — we do not see or store your full card number), billing address, order amount |
| PayPal (payment processor) | To process PayPal and Pay in 3 transactions | Name, email, billing address, order amount |
| CJdropshipping (fulfilment partner) | To pick, pack, and dispatch fashion watch and accessory orders | Recipient name, delivery address, phone number, order details |
| Courier services (Royal Mail, DHL, FedEx, UPS, and CJdropshipping carriers) | To deliver your orders | Recipient name, delivery address, phone number, parcel details |
| Google Analytics (analytics platform) | To analyse website traffic and user behaviour | Anonymised and aggregated browsing data, IP address (anonymised where configured), device and browser information |
| Trustindex (review display platform) | To display verified customer reviews on our website | Publicly available review data from Google Reviews |
| CookieAdmin (cookie consent management) | To manage and record your cookie consent preferences | Consent preferences, anonymised visitor ID |
| WPForms (contact form plugin) | To process and store contact form submissions on our website | Name, email, message content, and any other data you submit via the form |
| Elementor (website page builder) | To build and render website pages; may collect usage data for performance purposes | Anonymised usage data |
| WooCommerce / WordPress (e-commerce platform) | To manage orders, accounts, and website functionality | Order data, account data, browsing data stored on our server |
| Legal and regulatory authorities | Where required to comply with applicable law, court orders, HMRC requirements, or legal proceedings | As required by the specific legal obligation |
All third parties with whom we share data are required to handle it in accordance with applicable data protection law and to use it only for the specified purpose. Where a third party acts as a data processor on our behalf, we have appropriate data processing agreements in place.
For full details of how we process payments securely, please see our Payment & Security Policy. For details of our fulfilment arrangements, please see our Shipping Policy and Disclaimer.
5. International Transfers of Personal Data
Our primary operations are based in the United Kingdom. However, some of our third-party service providers operate outside the UK and the European Economic Area (EEA). Specifically:
| Service Provider | Location(s) | Safeguard |
|---|---|---|
| CJdropshipping | China, United States, Germany, Poland, Thailand, Indonesia | Standard contractual clauses; data limited to order fulfilment only (name, address, order details) |
| Stripe | United States (with UK/EU infrastructure) | UK adequacy decision for US (under UK-US Data Bridge); PCI DSS Level 1 certified |
| PayPal | United States / Luxembourg | Standard contractual clauses; PayPal’s own Binding Corporate Rules |
| Google (Analytics) | United States | UK adequacy decision for US; IP anonymisation enabled where configured |
Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Transfers to countries that have been deemed to provide an adequate level of data protection by the UK Government
- Standard contractual clauses approved by the UK Information Commissioner’s Office (ICO)
- Binding Corporate Rules where applicable
- Other legally recognised transfer mechanisms under UK GDPR
The data we share with CJdropshipping for order fulfilment is limited strictly to what is necessary to deliver your parcel (recipient name, delivery address, phone number, and order contents). We do not share payment card details, account passwords, or browsing data with CJdropshipping.
You may request further information about our international transfer safeguards by contacting us at admin@maxandsohwatches.com.
6. Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are as follows:
| Data Type | Retention Period | Reason |
|---|---|---|
| Order and transaction records | 7 years | HMRC and accounting requirements |
| Customer account data | Duration of account + 2 years after last activity | Account management and warranty support |
| Marketing consent records | Until consent is withdrawn + 6 months | Compliance evidence |
| Contact form submissions and correspondence | Up to 3 years from last contact | Customer service and dispute resolution |
| Website analytics data | Up to 26 months | Google Analytics default retention |
| Cookie consent preferences | 12 months (then re-consent requested) | PECR compliance |
When personal data is no longer required, it is securely deleted or anonymised in accordance with our data retention procedures.
7. Data Security
We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, destruction, or alteration. These measures include:
- SSL/TLS encryption for all data transmitted between your browser and our website (verified by the padlock icon and
https://prefix in your browser) - PCI DSS-compliant payment processing via Stripe and PayPal — we never see, store, or have access to your full card details
- Access controls and authentication measures to restrict access to personal data to authorised personnel only
- Secure hosting with regular backups and server-level security monitoring
- Regular review of our security practices and procedures
While we take all reasonable precautions, no method of transmission or storage is entirely secure. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) without undue delay and in any event within 72 hours, in accordance with our legal obligations under UK GDPR.
For full details of our payment security measures, please see our Payment & Security Policy.
8. Your Rights Under UK GDPR
Under UK data protection law, you have the following rights in relation to your personal data:
- Right of Access — You may request a copy of the personal data we hold about you (also known as a Subject Access Request).
- Right to Rectification — You may ask us to correct any inaccurate or incomplete personal data.
- Right to Erasure — You may request that we delete your personal data in certain circumstances (the “right to be forgotten”).
- Right to Restrict Processing — You may ask us to restrict how we use your data in certain circumstances.
- Right to Data Portability — You may request a copy of the data you have provided to us in a structured, commonly used, machine-readable format.
- Right to Object — You may object to our processing of your data where we rely on legitimate interests, including for direct marketing purposes.
- Rights Relating to Automated Decision-Making — You have the right not to be subject to solely automated decisions that have a significant legal or similarly significant effect on you. We do not currently use automated decision-making or profiling in a way that produces legal effects.
- Right to Withdraw Consent — Where we process your data on the basis of consent, you may withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please contact us at admin@maxandsohwatches.com. We will respond within one calendar month of receiving your request. We may need to verify your identity before processing your request. In complex cases, we may extend the response period by a further two months, but we will inform you of this within the initial one-month period.
If you are not satisfied with how we handle your request or your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Website: www.ico.org.uk
Telephone: 0303 123 1113
9. Marketing Communications
We will only send you marketing emails, newsletters, or promotional communications if you have explicitly opted in to receive them. You may opt out at any time by:
- Clicking the “unsubscribe” link in any marketing email
- Contacting us directly at admin@maxandsohwatches.com
- Updating your preferences in your account settings (if applicable)
Please note that even if you opt out of marketing communications, we may still send you transactional and service-related messages (such as order confirmations, dispatch notifications, delivery updates, and responses to your enquiries). These are necessary for the performance of our contract with you and are not marketing.
10. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to improve your experience, analyse website traffic, and support our marketing activities. Cookies are small text files placed on your device when you visit our website.
10.1 Types of Cookies We Use
| Cookie Type | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Essential for the website to function (shopping cart, login, checkout). Cannot be disabled. | WooCommerce session cookies, WordPress login cookies |
| Performance & Analytics | Help us understand how visitors use our website so we can improve it. | Google Analytics (_ga, _gid, _gat) |
| Functional | Remember your preferences and settings to improve your experience. | Language preference, recently viewed products, wishlist |
| Marketing & Advertising | Used to deliver relevant advertisements and track campaign effectiveness. | Google Ads remarketing, social media pixels (if enabled) |
| Third-Party / Embedded | Set by third-party services embedded on our site. | Trustindex (review widget), PayPal, Stripe |
10.2 Cookie Consent
Upon your first visit to our website, you will be presented with a cookie consent banner powered by CookieAdmin. You can choose to accept all cookies, reject non-essential cookies, or customise your preferences by cookie category. You can change your cookie preferences at any time by clicking the cookie settings icon in the footer of our website or by adjusting your browser settings.
10.3 How to Manage Cookies
Most web browsers allow you to control cookies through their settings. You can set your browser to block or delete cookies, although this may affect the functionality of our website. For more information on managing cookies, visit www.allaboutcookies.org.
10.4 Google Analytics
We use Google Analytics to collect anonymised data about how visitors use our website. Google Analytics uses cookies to track page views, session duration, traffic sources, and user demographics. We have configured Google Analytics to anonymise IP addresses where possible. Google’s privacy policy is available at policies.google.com/privacy. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on.
11. Children’s Privacy
Our website and services are not directed at children under the age of 13, and we do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at admin@maxandsohwatches.com and we will take steps to delete such information promptly.
12. Third-Party Websites and Links
Our website may contain links to third-party websites, social media platforms, or other external services. This Privacy Policy does not apply to those third-party sites, and we are not responsible for their privacy practices or content. We encourage you to review the privacy policies of any third-party websites you visit.
Specific third-party services whose privacy policies may be relevant to you include:
- Stripe: stripe.com/gb/privacy
- PayPal: paypal.com/uk/privacy
- Google: policies.google.com/privacy
- CJdropshipping: cjdropshipping.com/privacy-policy
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, third-party providers, or legal requirements. Any significant changes will be communicated to you by email (where we hold your contact details) or by a prominent notice on our website.
The “Last Updated” date at the top of this document indicates when the policy was most recently revised. We encourage you to review this policy periodically.
14. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our data protection practices, please contact us:
MaxandsohWatches.com
Data Protection Contact: Ngoubi Maximillian Diangha
Address: 44 Sidlaw Close, Basingstoke, RG22 5BJ, United Kingdom
Email: admin@maxandsohwatches.com
Phone: +44 7506 608408
Website: www.maxandsohwatches.com
Response Time: Within 2 business days (Monday–Friday, excluding UK public holidays)
© 2026 MaxandsohWatches.com — Registered in the United Kingdom. All rights reserved.