Privacy Policy

Effective date: 10th of September, 2025

1) Who We Are

Monetic LTD (“Fancy Walls”, “we”, “us”, “our”) is the controller of personal data processed through fancywalls.eu and our direct sales channels, unless stated otherwise in this policy.

2) Scope

This policy explains how we process personal data when:

• Website sales on fancywalls.eu (direct purchases and accounts);
• Amazon orders fulfilled by us using Amazon Selling Partner API (SP-API);
• Dropshipping / white-label services we provide to business clients.

3) Roles (Controller vs. Processor)

• We act as a Data Controller for website sales and Amazon orders (we decide the purposes and means of processing to fulfil your order).
• For dropshipping, we usually act as a Data Processor for our client (the merchant). The client is the Controller of their end-customer data. We process that data only on the client’s documented instructions.

4) What We Collect & Why

We process the following personal data with the listed purposes and lawful bases (Art. 6 GDPR/UK GDPR):

• Usage data (IP, device/browser, referrer, pages, time on site) for security, analytics, and site improvement. Legal basis: consent (cookies) and our legitimate interests (operate and secure our site).
• Account & contact data (name, email, shipping address, phone) to create/manage your account, answer questions, prevent fraud. Legal basis: contract; legitimate interests.
• Order & payment data (items, totals, delivery details, payment status; we do not store full card numbers) to take payment, make and deliver products, handle returns/warranty, comply with tax rules. Legal basis: contract; legal obligation; legitimate interests.
• Communications (emails, chats, tickets, metadata) to respond and keep records. Legal basis: legitimate interests.
• Marketing preferences (newsletter opt-ins) to send news/offers. Legal basis: consent; you can withdraw any time.

Please do not provide another person’s data unless you have permission to do so.

5) Amazon Orders (SP-API)

• For orders placed on Amazon, we obtain buyer name, ship-to address, and phone via Amazon SP-API solely to fulfil merchant-fulfilled orders (create labels, deliver, confirm shipment).
• No marketing, profiling, or resale of SP-API data.
• Security: data is encrypted in transit (TLS 1.2+) and at rest (AES-256); access is restricted by least-privilege roles, SSO and 2FA; PII is not written to logs.
• Sharing: only with our carriers (e.g., UPS, FedEx) to create labels and deliver.
• Retention: Amazon order PII is retained 30 days after shipment; encrypted backups are kept 35 days, then purged automatically.

6) Dropshipping / White-Label Services

Client responsibility. Clients are responsible for the lawful collection of their customers’ data, and for the accuracy and legality of all uploads (artwork, metadata, addresses, instructions). Clients must provide their own privacy notices and consents.

Processor processing. As a processor, we handle end-customer name, shipping address, phone, order details, and supplied artwork strictly to make, package, and ship products, and to provide support to the client. We do not determine purposes, and we do not use this data for marketing.

Restrictions. Clients must not upload special-category data (e.g., health, biometric) or infringing content.

Retention (dropshipping). Unless a contract states otherwise, fulfilment PII is kept 30 days after shipment (backups 35 days) for reconciliation/chargebacks, then purged. Records required by tax/accounting law may be kept longer.

DPA. A Data Processing Addendum is available on request and governs confidentiality, security, sub-processors, audits, and deletion.

7) Sharing with Third Parties (Processors)

We share data with trusted service providers under contract and only as needed:

• Payment processors (transactions/refunds);
• Carriers & logistics (label creation and delivery);
• Hosting & cloud infrastructure (servers, databases, backups);
• Email, chat & support tools;
• Security logging/monitoring & analytics (site reliability and fraud prevention).

We disclose data to public authorities where required by law or to establish, exercise, or defend legal claims.

8) International Transfers

Our primary hosting and many systems are located in the United States. If you are in the EEA/UK, this means your data may be transferred outside your jurisdiction. We use lawful safeguards, including the European Commission’s Standard Contractual Clauses (SCCs) and UK-approved equivalents, plus technical and organizational measures (encryption at rest and in transit, access controls, auditing) to protect your data.

9) Data Retention

We keep personal data only as long as necessary for the purposes above or to meet legal/accounting obligations, then delete or anonymize it.

• Amazon orders: 30 days (backups 35 days) → purge.
• Website & dropshipping orders: operational data until delivery and applicable warranty/return periods; invoice/ledger data retained as required by tax and accounting law.

10) Security

Production runs in private networks; databases have no public endpoints. Access requires SSO + 2FA and least-privilege RBAC. Data at rest uses AES-256; transfers use TLS 1.2+. Company devices are MDM-managed with full-disk encryption and EDR. Access is reviewed quarterly. PII is not logged; security logs are retained for auditing. We use synthetic/anonymized data in testing—no production PII in test.

11) Your Rights

Where applicable, you have rights to access, rectification, erasure, restriction, objection, portability, and to withdraw consent (for consent-based processing). You may lodge a complaint with your local supervisory authority. To exercise rights, contact us (Section 14).

12) Cookies

We use cookies for authentication, preferences, security, analytics, and advertising. Manage cookies via your browser or our banner. Blocking cookies may impact site functionality.

13) Changes to This Policy

We may update this policy from time to time. We will post the revised version here and, where appropriate, notify you by email or on-site message.

14) Contact

If a security incident involves Amazon Information, we will notify the platform as required by its policies and keep it updated until closure.