Privacy Policy

How we collect, use, and protect your information

Last updated: April 2026

1. Introduction

Maxilin (“we,” “our,” or “us”) is committed to protecting your privacy and your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website maxilinreview.com or use our services, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR, Regulation 2016/679) where applicable.

2. Data Controller

For the purposes of UK and EU data protection law, the data controller responsible for your personal data is:

Maxilin

Email: [email protected]

Website: maxilinreview.com

3. Information We Collect

Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

  • Subscribe to our newsletter
  • Fill out a contact or product enquiry form
  • Apply to become a Business Partner
  • Create or manage a Business Partner landing page
  • Request printed marketing materials

This information may include your name, email address, phone number, location, and other details you choose to provide.

Automatically Collected Information

When you visit our website, we automatically collect certain technical information, including:

  • IP address (used for approximate geolocation — country, region, city)
  • Browser type, version, and operating system
  • Pages visited, time spent, and referring website
  • Device type (mobile, tablet, desktop)
  • Anonymous session identifiers

4. Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

  • Consent — When you subscribe to our newsletter, submit a contact form, or opt in to marketing communications. You may withdraw consent at any time.
  • Contract — When processing is necessary to provide services you have requested, such as setting up a Business Partner landing page.
  • Legitimate interests — For website analytics, fraud prevention, and improving our services, where these interests are not overridden by your rights.
  • Legal obligation — Where we are required to process data to comply with applicable law.

5. How We Use Your Information

We use the information we collect to:

  • Respond to your enquiries and provide customer service
  • Send you newsletters and marketing communications (only with your consent)
  • Process Business Partner applications and manage landing pages
  • Analyse website traffic and improve our services
  • Detect and prevent fraud or misuse
  • Comply with legal obligations

6. Cookies and Tracking Technologies

We use cookies and similar technologies to track activity on our website and store certain information. We display a cookie consent banner when you first visit, and you may accept or decline non-essential cookies. You can also instruct your browser to refuse all cookies. For full details, please see our Cookie Policy.

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information with:

  • Service providers who assist us in operating our website, hosting, email delivery, and analytics (acting as data processors under written agreements)
  • Law enforcement or regulatory authorities when required by law or to protect our rights

8. Data Sharing with Business Partners

If you submit your details through a Business Partner landing page (e.g., maxilinreview.com/partnercode), your personal data — such as your name, email address, and phone number — will be shared with the relevant Business Partner who operates that landing page. Maxilin remains the data controller for this data. The Business Partner is a recipient of the data, not a data controller or processor.

Automatic deletion: Lead data collected through landing pages is automatically deleted from our systems after one month. Business Partners receive your information via email notification and their dashboard during this period, after which it is permanently removed from the Platform.

Business Partners are contractually required under our Terms and Conditions (Section 12) to handle any data they have received in compliance with UK GDPR and EU GDPR. They may only use your data to contact you about Maxilin products and opportunities. They must not sell, share, or misuse your information.

If you believe a Business Partner has misused your personal data, please contact us at [email protected] and we will investigate and take appropriate action, which may include suspending their account.

9. International Data Transfers

Our website hosting and certain service providers are based outside the United Kingdom and the European Economic Area (EEA), including in the United States. Where we transfer personal data internationally, we ensure appropriate safeguards are in place as required by UK GDPR and EU GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Secretary of State
  • Adequacy decisions — where the destination country has been recognised as providing an adequate level of data protection by the UK government or the European Commission
  • Any other appropriate safeguards permitted under Article 46 of both the UK GDPR and EU GDPR

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Landing page lead data — Automatically deleted after one month
  • Newsletter subscriptions — Until you unsubscribe or request deletion
  • Contact and product enquiries — Up to 24 months after resolution
  • Business Partner data — For the duration of the partnership and up to 24 months thereafter
  • Website analytics data — Up to 26 months

After these periods, personal data is securely deleted or anonymised.

11. Data Security

We implement appropriate technical and organisational security measures to protect your personal information, including encryption in transit (HTTPS), secure database access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. Your Rights Under UK GDPR and EU GDPR

Under UK and EU data protection law, you have the following rights regarding your personal data:

  • Right of access — Request a copy of the personal data we hold about you
  • Right to rectification — Request correction of inaccurate or incomplete data
  • Right to erasure — Request deletion of your personal data (the “right to be forgotten”)
  • Right to restrict processing — Request that we limit how we use your data
  • Right to data portability — Request your data in a structured, commonly used format
  • Right to object — Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one calendar month as required by UK GDPR.

13. Right to Lodge a Complaint

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority.

UK residents:

Information Commissioner’s Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

EU/EEA residents:

You may lodge a complaint with the data protection authority in your country of residence. A list of EU/EEA supervisory authorities is available at edpb.europa.eu.

We would appreciate the opportunity to address your concerns before you contact a supervisory authority, so please reach out to us first.

14. Children’s Data

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete it.

15. Newsletter Subscription

If you subscribe to our newsletter, we process your email address based on your consent. You can unsubscribe at any time by clicking the unsubscribe link in our emails or by contacting us directly. We will cease sending marketing emails promptly upon receiving your request.

16. EU GDPR — Additional Information for EU/EEA Visitors

If you are located in the European Union or European Economic Area, the following additional provisions apply to you under the EU General Data Protection Regulation (Regulation 2016/679):

  • Applicable law: Your personal data is processed in accordance with the EU GDPR. Where there is any conflict between this policy and the EU GDPR, the EU GDPR shall prevail for EU/EEA data subjects.
  • Lawful basis: The same lawful bases outlined in Section 4 apply under both UK GDPR and EU GDPR (consent, contract, legitimate interests, and legal obligation).
  • Cross-border transfers: Where your data is transferred outside the EEA, we rely on European Commission adequacy decisions or Standard Contractual Clauses (Module 1 or Module 2 as appropriate) to ensure adequate protection.
  • Right to lodge a complaint: You may complain to the supervisory authority in the EU/EEA Member State where you reside, work, or where the alleged infringement took place (see Section 12).
  • No EU representative: As Maxilin primarily operates from the United Kingdom, we do not currently have a designated EU representative under Article 27 of the EU GDPR. If this changes, we will update this policy accordingly.

For any EU GDPR-specific queries, please contact us at [email protected].

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a revised “Last updated” date. We encourage you to review this policy periodically.

18. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Email: [email protected]