top of page

Processing of personal data

SHIPPING

Privacy Policy Regarding the Processing of Personal Data

Ensuring the right to personal data protection is a fundamental commitment for ZXS SHOP S.R.L., and therefore, we will dedicate all necessary resources and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as with any other applicable legislation within Romania. Since one of the essential principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer, and protect your personal data when interacting with us regarding our products and services, including through our website.

We reserve the right to update and modify this Privacy Policy periodically to reflect any changes in the way we process your personal data or any changes in legal requirements. In case of such changes, we will display the updated version of the Privacy Policy on our website, so please check the content of this Privacy Policy periodically.

Who We Are and How to Contact Us

ZXS is the commercial name of ZXS SHOP S.R.L., a Romanian legal entity, with its registered office located in Turdaș, no. 1A, Hunedoara County, with registration number in the Trade Register ROONRC.J20/643/2019, and unique fiscal identification code 40837443 (hereinafter “ZXS” or “we”). Under data protection legislation, we are the data controller when processing your personal data.

As we are always open to hearing your opinions and providing any additional information you may need regarding the processing of your data, we encourage you to contact the ZXS SHOP Data Protection Officer at the email address data.protection@zxsshop.ro or by mail or courier to the registered office address – with the mention: Attention Data Protection Officer.

Categories of Personal Data We Process

In general, we collect your personal data directly from you, so you have control over the type of information you provide us. For example, we receive information from you as follows:

  • When you create a ZXS account, you provide us with: email address, first name, and last name.

  • On your personal page (My Account) on the ZXS platform, you can add additional information such as: nickname, mobile phone number, landline number, delivery addresses, alternative email address, bank card details, etc.

  • When you place an order, you provide us with information such as: desired product, first name and last name, delivery address, billing details, payment method, phone number, bank card details, etc.

We may also collect and process certain information about your behavior while visiting our website or using our smartphone application to personalize your online experience and provide you with offers tailored to your profile. You can find more details about this in the section concerning processing purposes below.

On our website and in the smartphone application, we may store and collect information in cookies and similar technologies, as detailed in our Cookie Policy.

We do not collect or process sensitive data, which is included in special categories of personal data under the General Data Protection Regulation. Additionally, we do not wish to collect or process data of minors under the age of 16.

Purposes and Legal Bases for Processing

We will use your personal data for the following purposes:

  • To Provide ZXS Services for Your Benefit

    This general purpose may include, as applicable, the following:

    • a) Creating and managing your account within the ZXS platform;

    • b) Processing orders, including order receipt, validation, shipment, and billing;

    • c) Handling cancellations or issues related to an order, purchased goods, or services;

    • d) Returning products according to legal provisions;

    • e) Refunds for products according to legal provisions;

    • f) Providing support services, including answering your questions regarding your orders or ZXS goods and services.

    Processing your data for these purposes is mostly necessary for the conclusion and execution of a contract between ZXS and you. Additionally, certain processing activities related to these purposes are mandated by applicable legislation, including fiscal and accounting legislation.

  • To Improve Our Services

    We always aim to provide you with the best online shopping experience. To this end, we may collect and use certain information about your behavior as a buyer, invite you to complete satisfaction surveys after completing an order, or conduct, directly or with the help of partners, market studies and research.

    We base these activities on our legitimate interest in conducting commercial activities, always ensuring that your fundamental rights and freedoms are not adversely affected.

  • For Marketing

    We want to keep you informed about the best offers for products/services that interest you. To this end, we may send you any type of message (such as: email/SMS/phone/mobile push/web push/etc.) containing general and thematic information, information about similar or complementary products to those you have purchased, information about offers or promotions, information regarding products added to the “My Account/Cart” section or that you have shown interest in purchasing, as well as other commercial communications such as market research and surveys. We may also display personalized recommendations on the website and in the smartphone application. To provide you with relevant information, we may use certain data about your buyer behavior (e.g., viewed products/wishlist items/purchased items) to create a profile. We ensure that these processing activities respect your rights and freedoms and that decisions made based on this data do not have legal effects on you or significantly affect you in a similar manner.

    In most cases, we base our marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by:

    • Changing the settings in your client account in the “My Subscriptions” section;

    • Accessing the unsubscribe link provided in the messages you receive from us; or

    • Contacting ZXS using the contact details described above.

    In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. Whenever we use information about you for our legitimate interest, we take all necessary measures to ensure that your fundamental rights and freedoms are not adversely affected. However, you can always request, using the means described above, that we stop processing your personal data for marketing purposes, and we will comply with your request.

  • To Defend Our Legitimate Interests

    There may be situations where we use or disclose information to protect our rights and commercial activity. This may include:

    • Measures to protect the website and ZXS platform users from cyber-attacks;

    • Measures to prevent and detect fraud attempts, including disclosing information to competent public authorities;

    • Measures to manage various other risks.

    The general legal basis for these types of processing is our legitimate interest in defending our commercial activity, ensuring that all measures taken balance our interests with your fundamental rights and freedoms.

    Additionally, in certain cases, we base our processing on legal provisions, such as the obligation to ensure the security of goods and values as required by applicable legislation.

How Long We Retain Your Personal Data

As a general rule, we will store your personal data as long as you have an account on the XZS-shop.com platform. You may request the deletion of specific information or the closure of your account at any time, and we will comply with these requests, subject to retaining certain information even after account closure, where applicable legislation or our legitimate interests require it.

Who We Disclose Your Personal Data To

Depending on the case, we may disclose or grant access to certain of your personal data to the following categories of recipients:

  • Courier service providers;

  • Payment/banking service providers;

  • Marketing/telemarketing service providers;

  • Market research service providers;

  • Insurance companies;

  • IT service providers;

  • Other companies with which we may develop joint market offering programs for our goods and services.

If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to public authorities.

We ensure that access to your data by third parties is done in compliance with legal provisions regarding data protection and confidentiality, based on contracts concluded with them.

In Which Countries We Transfer Your Personal Data

Currently, we store and process your personal data within Romania.

However, we may transfer certain personal data of yours to entities located in the European Union or outside the European Union, including to countries that the European Commission has not recognized as having an adequate level of personal data protection.

We will always take measures to ensure that any international transfer of personal data is managed carefully to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where applicable, other safeguards, such as Standard Contractual Clauses issued by the European Commission or certification schemes, such as the Privacy Shield for personal data transferred from the EU to the United States.

You can contact us at any time using the contact details provided above to learn more about the countries to which we transfer your data, as well as the safeguards we have in place for these transfers.

How We Protect the Security of Your Personal Data

We are committed to ensuring the security of personal data through the implementation of appropriate technical and organizational measures in line with industry standards.

Your personal data transmission is protected using state-of-the-art encryption algorithms, and we store it on secure servers while ensuring data redundancy.

Despite the measures taken to protect your personal data, we highlight that transmission of information over the Internet or other public networks is not entirely secure, and there is a risk that data may be viewed and used by unauthorized third parties. We cannot be responsible for such vulnerabilities of systems not under our control.

What Rights You Have

The General Data Protection Regulation grants you a number of rights regarding your personal data. You can request access to your data, rectify any errors in our files and/or object to the processing of your personal data. You also have the right to complain to the competent supervisory authority or seek judicial remedies. Depending on the case, you may also benefit from the right to data portability, restriction of processing, or the right to be forgotten.

To exercise your rights or if you have any questions regarding the processing of your personal data, please contact us using the contact details provided above. We will respond to your requests as soon as possible and in accordance with legal provisions.

Please note the following if you wish to exercise these rights:

Identity. We take the privacy of all records containing personal data seriously. For this reason, please submit your requests regarding such records using the email address associated with your ZXS account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.

Fees. We will not charge a fee to exercise any right regarding your personal data, unless your request for information is unfounded, repetitive, or excessive, in which case we may charge a reasonable amount under such circumstances. We will inform you of any fees applied before processing your request.

Response Time. We aim to respond to any valid requests within a maximum of one month, unless the request is particularly complex or if you have made multiple requests, in which case we will respond within a maximum of two months. We will notify you if we need more than one month. We might ask you to specify exactly what you want to receive or what concerns you. This will help us act more quickly and shorten the response time to your request.

Third-Party Rights. We are not required to comply with a request if it negatively affects the rights and freedoms of other data subjects.

Right of Access

You have the right to obtain confirmation from us as to whether or not your personal data is being processed. If that is the case, you have the right to access the following information:

  • The purposes of the processing;

  • The categories of personal data concerned;

  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;

  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

  • The existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data, or to object to such processing;

  • The right to lodge a complaint with a supervisory authority;

  • Where the personal data is not collected from you, any available information as to its source.

Right to Rectification

You have the right to request the rectification of inaccurate personal data concerning you without undue delay. Considering the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Erasure (Right to be Forgotten)

You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we have the obligation to erase personal data without undue delay when one of the following applies:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

  • You withdraw consent on which the processing is based, and there is no other legal ground for the processing;

  • You object to the processing and there are no overriding legitimate grounds for the processing;

  • The personal data has been unlawfully processed;

  • The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;

  • The personal data has been collected in relation to the offer of information society services.

Right to Restriction of Processing

You have the right to obtain from us restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;

  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

  • We no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise, or defense of legal claims;

  • You have objected to processing, pending the verification whether our legitimate grounds override your rights, interests, and freedoms.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller without hindrance from us, where:

  • The processing is based on consent or a contract; and

  • The processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on our legitimate interests or those of a third party, including profiling based on those provisions. In such cases, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

You also have the right to object at any time to processing of personal data concerning you for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

Right to Lodge a Complaint

If you consider that the processing of your personal data infringes the General Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

Right to an Effective Remedy

Without prejudice to any other administrative or judicial remedy, you have the right to an effective remedy if you consider that your rights under the General Data Protection Regulation have been infringed as a result of the processing of your personal data which does not comply with the Regulation.

Complaints

You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the supervisory authority for data protection are as follows:

National Supervisory Authority for Personal Data Processing

B-dul G-ral. Gheorghe Magheru no. 28-30, Sector 1, postal code 010336, Bucharest, Romania

Phone: +40.318.059.211 or +40.318.059.212

Email: anspdcp@dataprotection.ro

Without affecting your right to contact the supervisory authority at any time, please contact us beforehand, and we promise to make every effort to resolve any issues amicably.

bottom of page