Privacy policy

Last updated: 11 June 2026

This Privacy Policy explains how Matcha-Tees ("we", "us") collects, uses and protects your personal data when you visit our store or place an order. We are based in Indonesia and sell to customers in the United Kingdom. Where we process the personal data of UK customers, we do so in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, as well as applicable Indonesian data protection law (Law No. 27 of 2022 on Personal Data Protection).

1. Who we are

Matcha-Tees is operated from Indonesia. For any privacy question or request, contact us at dharmasamuderamanunggal@gmail.com.

2. What we collect

Order data: name, delivery address, email address, phone number, and details of what you bought. Payment card details are processed by our payment providers and never stored by us.
Account data: if you create an account — your login email and order history.
Technical data: IP address, browser and device information, and how you use our site, collected via cookies and similar technologies.
Marketing data: your email address and preferences if you sign up to our newsletter.

3. Why we use it (lawful bases)

To fulfil your order — processing, delivery, customs paperwork, and customer service (performance of a contract).
To meet legal obligations — tax, accounting and consumer law records.
To run and improve the store — analytics, fraud prevention, site security (legitimate interests).
To send marketing — only with your consent, which you can withdraw at any time via the unsubscribe link in any email.

4. Who we share it with

We share data only with service providers who need it to serve you: our e-commerce platform (Shopify), payment processors, print and fulfilment partners, delivery carriers, and email/analytics providers. We do not sell your personal data.

5. International transfers

Because we operate from Indonesia and use international service providers, your data may be transferred outside the UK. Where this happens, we rely on safeguards such as the providers' standard contractual protections and platform-level compliance (e.g. Shopify's data processing terms).

6. How long we keep it

Order and tax records are kept for as long as the law requires (typically 6–7 years). Marketing data is kept until you unsubscribe. Technical data is retained per our analytics providers' standard windows.

7. Cookies

We use essential cookies to make the store work (cart, checkout, login) and, with your consent, analytics and marketing cookies to understand how the site is used and to measure advertising. You can manage cookies through your browser settings or our cookie banner.

8. Your rights (UK customers)

Under UK GDPR you have the right to: access your data; correct it; delete it; restrict or object to processing; data portability; and withdraw consent at any time. To exercise any right, email us — we respond within one month. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.