Language

Cart

Your cart is empty

Privacy policy & cookies

1. GENERAL PROVISIONS

  • This Privacy and Cookies Policy sets out the rules for the processing of personal data and the use of cookies by ZEST WORLD spółka z ograniczoną odpowiedzialnością, with its registered office in Poznań (60-142), ul. Promienista 132, entered into the National Court Register (KRS) under number 0001140910, NIP: 7792580085, REGON: 540281446 (hereinafter referred to as the “Administrator”, the “Company”, or “ZEST”).
  • The Administrator processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and all other applicable legal provisions.
  • Contact regarding personal data processing: support@zest-world.com.
  • ZEST has not appointed a Data Protection Officer; all matters related to data protection should be addressed to the e-mail address indicated above.
  • Use of the website www.zest-world.com and making purchases is voluntary; providing personal data is voluntary, although in some cases it is necessary to conclude a contract (e.g. order fulfilment).

2. DEFINITIONS

For the purposes of this Policy:

  • Personal data – information relating to an identified or identifiable natural person.
  • User / Customer – a person visiting the website or making a purchase.
  • Online store / Website – www.zest-world.com.
  • Cookies – text files stored on the User’s device.
  • Profiling – processing of data to evaluate User preferences, without making decisions producing legal effects.

3. SCOPE OF PROCESSED DATA

The Administrator may process the following categories of data:

  • identification and contact data (first name, last name, address, e-mail, phone number),
  • customer account data (e-mail, encrypted password, order history),
  • delivery and billing data (address, invoicing data, VAT ID where applicable),
  • payment data (transaction identifiers; card data are processed exclusively by operators: PayPo, tpay, Apple Pay, card operators),
  • data from contact forms and correspondence,
  • complaint and return data,
  • technical data (IP address, device and browser type, server logs),
  • data from cookies and analytical and marketing technologies.

4. PURPOSES, LEGAL BASES AND RETENTION PERIODS

Personal data are processed for the following purposes:

  • performance of a sales contract – legal basis: Art. 6(1)(b) GDPR; period: until limitation of claims (3–6 years) plus accounting periods (5 years),
  • customer account management – legal basis: Art. 6(1)(b) GDPR; period: until account deletion,
  • handling enquiries and complaints – legal basis: Art. 6(1)(b) or (f) GDPR; period: for the duration of the case plus up to 6 years,
  • newsletter and marketing communication – legal basis: Art. 6(1)(a) GDPR (consent); period: until consent is withdrawn,
  • marketing, analytics and personalisation (GA4, Signals, GTM, Meta Pixel, Google Ads, TagFly, Multi Feed) – legal basis: consent under Art. 6(1)(a) or legitimate interest under Art. 6(1)(f) GDPR to the extent permitted by law; period: in accordance with cookie settings, usually 1–24 months,
  • security and fraud prevention – legal basis: Art. 6(1)(f) GDPR; period: 12–24 months or until limitation of claims,
  • accounting and tax obligations – legal basis: Art. 6(1)(c) GDPR; period: as required by law, usually 5 years.

5. DATA RECIPIENTS

Data may be disclosed to the following categories of entities:

  • the e-commerce and hosting platform Shopify,
  • technology and analytics providers such as Google (GA4, Signals, GTM, Google Ads), Meta (Meta Pixel, Meta Product Feed), TagFly and Multi Feed,
  • payment operators PayPo, tpay, payment card providers and Apple Pay,
  • courier companies,
  • accounting firms and law firms,
  • IT service providers and mailing tools.

The Administrator discloses data only to the extent necessary to achieve a given purpose.

6. COOKIE CONSENT MECHANISMS

The Website uses the following categories of cookies:

  • necessary,
  • functional,
  • analytical,
  • marketing.

Upon the first visit, a cookie banner is displayed enabling:

  • granting consent or refusal,
  • granular selection of cookie categories,
  • changing or withdrawing consent at any time,
  • no pre-defined consents and no cookie wall.

Cookies requiring consent are not activated before consent is given. Consents are recorded by the cookie management system.

7. DATA TRANSFERS OUTSIDE THE EEA

Some service providers, such as Shopify, Google and Meta, may process data outside the European Economic Area. Data transfers are carried out exclusively using:

  • Standard Contractual Clauses,
  • an adequacy decision,
  • other safeguards provided for in Articles 46–49 GDPR.

The Administrator may conduct a Transfer Impact Assessment where required. Users may obtain additional information about safeguards by contacting the Administrator.

8. PROFILING

ZEST may use profiling for marketing purposes, including:

  • product recommendations,
  • remarketing activities.

Profiling does not result in decisions producing legal effects for the User. The User may object to profiling by sending a message to support@zest-world.com.

9. RIGHTS OF DATA SUBJECTS

The User has the right to:

  • access their data,
  • rectification,
  • erasure (the right to be forgotten),
  • restriction of processing,
  • data portability,
  • objection to processing, including profiling,
  • withdrawal of consent at any time,
  • lodging a complaint with the President of the Personal Data Protection Office (UODO).

Requests may be sent to support@zest-world.com.

10. DATA PROCESSING AGREEMENTS

The Administrator concludes data processing agreements with entities processing data on its behalf, in particular with:

  • Shopify
  • Google
  • Meta
  • TagFly
  • Multi Feed
  • PayPo
  • tpay, card operators and Apple Pay
  • courier companies
  • accounting firms and law firms.

Each processor guarantees the application of security measures compliant with Art. 28 GDPR.

11. RETENTION PERIODS SUMMARY

Personal data are stored as follows:

  • customer account data – until account deletion,
  • order data – 3–6 years plus 5 years for accounting purposes,
  • complaint data – up to 6 years,
  • newsletter data – until consent is withdrawn,
  • server logs – 12–24 months,
  • cookie data – according to the cookie lifespan,
  • marketing data from Meta and Google Ads – until consent is withdrawn or in line with the provider’s policy.

12. SECURITY MEASURES

The Administrator applies technical and organisational measures such as:

  • encrypted transmission (SSL/TLS),
  • server security measures,
  • access control,
  • password encryption,
  • backups,
  • security audits,
  • logging of processing operations.

13. POLICY CHANGES

The Administrator may update the Policy in the event of changes in regulations, tools, processing methods or supervisory authority requirements. The new version will be published on the Website.

14. CONTACT

For matters relating to personal data processing, please contact: support@zest-world.com.

 

 

PROBABLY YOUR N

W FAVOURITE