Zolvo Data Policy

Here you can read about our processing of your personal data in connection with the use of Zolvo.eu.

This notice describes how Zolvo, as the data controller, collects and processes your data in connection with the use of Zolvo.eu and the associated and connected online services.

Data Controller and Contact Information

• Zolvo A/S
• Borupvang 3
• 2750 Ballerup, Denmark
• +45 61 31 74 94
• info@zolvo.eu

Purposes and Legal Basis for Processing Your Personal Data

We process your personal data for the following purposes:

• Creating and managing your account, including processing your purchases through our website and delivering your goods
• Disclosing information to couriers for the purpose of delivering your goods
• Improving and developing our website, services, and products, including by creating anonymized statistics
• Sending service messages, market surveys, satisfaction surveys, customer surveys, and requests for user reviews
• Ensuring compliance with terms and conditions, including the ability to establish, defend, and enforce legal claims
• Complying with legal requirements, including accounting regulations

The legal basis for our processing of your personal data is as follows:

• Ad. 1. Our agreement with you to create and manage your account, including agreements on purchases via our website, cf. GDPR Article 6(b)
• Ad. 2. Our agreement with you for the delivery of your goods, cf. GDPR Article 6(b)
• Ad. 3. Our legitimate interest in improving and developing our website, services, and products, cf. GDPR Article 6(f)
• Ad. 4. Our legitimate interest in conducting surveys, etc., cf. GDPR Article 6(f)
• Ad. 5. Our legitimate interest in ensuring compliance with terms and conditions, including the ability to establish, defend, and enforce legal claims, cf. GDPR Article 6(f)
• Ad. 6. Our legal obligation to comply with the law, cf. GDPR Article 6(c)

Categories of Personal Data

Personal data that may be collected and processed include:

• Name, address, and contact information
• Other information about you for your account, including information about your purchase history, order overview, delivery location and time, most purchased items, etc.
• Information about your Digital Behavior collected via cookies
• Information related to your account, i.e., login information (email address and password)
• If you use a payment card, only our PCI Certified partner QuickPay will have access to your payment card information.

Categories of Recipients

We may, under certain circumstances, transfer your personal data to the following recipients as part of fulfilling the above purposes:

• Disclosures to couriers in connection with the delivery of your goods
• Transfers to IT providers as part of operations and support
• Personal data may be disclosed to third parties to a greater extent, e.g., if required by mandatory law or regulatory requirements, or disclosed to police, courts, lawyers, and auditors

Transfers to Recipients in Countries Outside the EU/EEA

We use the following providers, which may result in the transfer of personal data to countries outside the EU/EEA:

• Microsoft Corporation: Headquartered in the USA
• Google LLC: Headquartered in the USA, and transfers may occur to India
• Trustpilot A/S: Transfers may occur to the USA and Australia
• Facebook: Headquartered in the USA

The transfer basis for:

All the data processors listed above uses standard contractual clauses as the transfer basis, cf. GDPR Article 46.

Retention of Your Personal Data

We store your personal data as long as it is necessary for our purposes of processing. We have the following retention periods:

• Inquiries to us via email or phone are deleted when the purpose of retention no longer exists
• Competitions, events, loyalty programs, etc., are retained as long as there is a purpose for retention
• Newsletters and other marketing communications are retained until you unsubscribe from the newsletter or marketing communications
• We store receipts for your purchases for up to 72 months in accordance with accounting laws
• Your Digital Behavior data is retained until the user requests deletion
• Documentation of your acceptance of our terms, conditions, privacy policies, etc., is retained as long as there is a purpose for retention

Your Rights

Under the GDPR, you have a number of rights in relation to our processing of your data. You can read more about your rights in the Danish Data Protection Agency’s guidance on data subject rights, which can be found at www.datatilsynet.dk.

• You have the right to access the data we process about you, as well as a range of additional information about the processing, cf. GDPR Article 15.
• You have the right to have incorrect personal data corrected, cf. GDPR Article 16.
• In certain cases, you have the right to have personal data deleted before our standard general deletion occurs, cf. GDPR Article 17.
• In certain cases, you have the right to restrict the processing of your personal data to solely storage, cf. GDPR Article 18.
• If you have a particular reason, you have the right to object to our otherwise lawful processing of your personal data. Additionally, you have the right to object to the processing of your personal data for direct marketing purposes, including profiling, cf. GDPR Article 21.
• In certain cases, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, as well as to have these personal data transferred from one data controller to another without hindrance, cf. GDPR Article 20.
• You have the right to file a complaint with the Danish Data Protection Agency if you are dissatisfied with the way we process your personal data.

Changes

We reserve the right to make changes to this data policy. In the event of changes, the date and version number in the privacy policy will be updated. The current privacy policy will always be available on our website. If there are significant changes to our privacy policy, you will be informed via a service email.

[version 28-08-2023]