📜 MaaBasket Store Privacy Policy  
(Simplified for Users | GDPRCompliant)  

1. Data We Collect  
Personal Data:  
  Name, email, phone number, delivery address.  
  Payment details (processed via Stripe/PayPal, not stored by us).  
Usage Data:  
  App interactions, order history, device type (e.g., iOS/Android).  
  Location data (only with consent, for delivery tracking).  

2. Why We Collect It  
To process orders, enable deliveries, and provide customer support.  
To personalize offers (e.g., discounts on frequently bought items).  
To comply with legal obligations (e.g., tax records).  

3. Legal Basis (GDPR)  
Contractual Necessity: Data needed to fulfill orders (e.g., address).  
Consent: For marketing emails or location access (optin required).  
Legitimate Interest: Fraud prevention, app improvement.  

4. Data Sharing  
Third Parties:  
  Delivery partners (only necessary order details).  
  Payment processors (Stripe/PayPal) – encrypted transactions.  
  Never sold to advertisers or data brokers.  

5. User Rights (GDPR)  
Access/Download: Request a copy of your data.  
Correct/Delete: Update or erase your profile.  
OptOut: Unsubscribe from marketing emails (link in every email).  
Withdraw Consent: Disable location tracking in app settings.  

6. Security Measures  
Encryption: All data transmitted via HTTPS.  
Access Control: Staff trained in GDPR compliance.  
Breach Protocol: Notify users within 72 hours if risk occurs.  

7. Data Retention  
Orders: 6 years (tax compliance).  
Inactive Accounts: Deleted after 2 years.  

8. Contact  
Data Protection Officer: dpo@maabasket.store  
Complaints: Lodge with Irish Data Protection Commission.