Privacy Policy
Unless otherwise stated below, the provision of your personal data is neither legally or contractually required nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide the data has no consequences. This applies only insofar as no other indication is made in the following processing operations.
“Personal data” means any information relating to an identified or identifiable natural person.
Server log files
You can visit our websites without providing any information about yourself.
Each time you access our website, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log files (so-called server log files). The stored data includes, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider.
Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and in improving our offer.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s Standard Contractual Clauses.
Contact
Controller
Contact us if you wish. The controller responsible for data processing is: Lokman Kerim Türkmen, Burghard-Breitner-Straße 11, 6020 Innsbruck, Austria, Phone: +43 676 4422292, Email: info@zenimeclothing.com
Customer’s initial contact by email
If you proactively contact us by email for business purposes, we collect your personal data (name, email address, message text) only to the extent you provide it. Data processing serves the purpose of handling and responding to your contact request.
If the contact is for the performance of pre-contractual measures (e.g., advice on purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6(1)(b) GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in handling and responding to your request. In this case, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR.
We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Collection and processing when using the contact form
When using the contact form, we collect your personal data (name, email address, message text) only to the extent you provide it. Data processing serves the purpose of contacting you.
If the contact serves the performance of pre-contractual measures (e.g., advice on purchase interest, preparation of an offer) or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6(1)(b) GDPR.
If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in handling and responding to your request. In this case, you have the right to object at any time to processing under Art. 6(1)(f) GDPR on grounds relating to your particular situation. We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Collection and processing when sending images via upload
We provide an upload function for image files on our website. This allows you to send images to us via encrypted data transmission. By transmitting your images, we may collect your personal data (depiction of identifiable persons) only to the extent you provide it.
Processing serves the purpose of creating personalized products. The image you send serves as a template for the product and is used for that purpose (e.g., T-shirt printing). Processing is carried out on the basis of Art. 6(1)(b) GDPR and is necessary for the performance of a contract with you.
Your data may be forwarded to service providers used by us within the scope of order processing. There is no disclosure to other third parties.
We use the image you provide only in the context of providing the service. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.
Customer account – Orders
Customer account
When opening a customer account, we collect your personal data to the extent specified there. Data processing serves the purpose of improving your shopping experience and simplifying order processing. Processing is carried out on the basis of Art. 6(1)(a) GDPR (consent).
You can withdraw your consent at any time by notifying us, without affecting the lawfulness of processing carried out based on consent before its withdrawal. Your customer account will then be deleted.
Collection, processing and disclosure of personal data for orders
When placing an order, we collect and process your personal data only to the extent necessary to fulfill and process your order as well as to handle your inquiries. Provision of the data is required for the conclusion of the contract. Failure to provide the data means that no contract can be concluded. Processing is carried out on the basis of Art. 6(1)(b) GDPR and is necessary for performance of a contract with you.
Your data is forwarded, for example, to the shipping companies and dropshipping providers you select, payment service providers, service providers for order processing, and IT service providers. In all cases we strictly observe legal requirements. The scope of data transmission is limited to a minimum.
Your data may be transferred to third countries outside the EU, in particular to Canada and the USA, and processed there. For Canada, there is an adequacy decision by the EU Commission. For the USA, there is an adequacy decision by the EU Commission, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer is based on contractual obligations comparable to the EU Commission’s Standard Contractual Clauses.
Advertising
Use of the email address for sending newsletters
We use your email address, independent of contract processing, exclusively for our own advertising purposes to send newsletters, provided you have expressly consented. Processing is carried out on the basis of Art. 6(1)(a) GDPR (consent). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list.
Use of the email address for sending direct advertising
We use your email address, which we have received in the context of the sale of a good or service, for the electronic transmission of advertising for our own goods or services that are similar to those you have already purchased from us, insofar as you have not objected to this use. Provision of the email address is required for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in direct advertising. You can object to this use of your email address at any time by notifying us. The contact details for exercising your right to object can be found in the imprint. You can also use the link provided in the marketing email. This will not incur any costs other than the transmission costs according to the basic rates.
Use of Brevo PushOwl
We use Brevo (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany) as our email marketing service provider for sending newsletters within the framework of a data processing agreement.
When you subscribe to our newsletter, the information you provide (in particular your email address and, where applicable, your name) is transferred to and stored by Brevo. The processing of this data serves the purpose of sending newsletters and analyzing and optimizing our newsletter campaigns.
Emails sent through Brevo may contain technologies that enable the analysis of user behavior. This includes, in particular, measuring open rates and clicks on links contained within the email. In this context, technical information such as IP address, browser type, device type, and access time may be processed. Such analyses are carried out solely for the purpose of statistical evaluation and improvement of our services.
In addition, we use PushOwl to provide web push notifications. If you consent to receiving push notifications, technical identification data relating to your browser or device will be processed and stored in order to deliver these notifications. Push notifications may be statistically evaluated, for example with regard to delivery, opening, and interaction rates.
The processing of your data is based on your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future. The lawfulness of processing carried out prior to the withdrawal remains unaffected.
Where personal data is transferred to countries outside the European Union or the European Economic Area, such transfers are carried out in accordance with the safeguards provided under Art. 44 et seq. GDPR, including the use of Standard Contractual Clauses approved by the European Commission or an applicable adequacy decision.
Further information regarding Brevo's privacy practices:
https://www.brevo.com/legal/privacypolicy/
Further information regarding PushOwl's privacy practices:
https://www.pushowl.com/privacy
Payment service providers
Use of PayPal Check-Out
We use the PayPal Check-Out payment service of PayPal (Europe) S.à r.l. et Cie, S.C.A. (22–24 Boulevard Royal, L-2449 Luxembourg; “PayPal”). Data processing serves the purpose of enabling you to pay via the payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal, the data required for payment processing is transmitted to PayPal in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.
Cookies may be stored in this context which enable recognition of your browser. This data processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in offering a customer-oriented range of different payment methods. You have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation.
Credit card via PayPal, direct debit via PayPal & “Pay Later” via PayPal
For certain payment methods such as credit card via PayPal, direct debit via PayPal, or “Pay Later” via PayPal, PayPal reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, PayPal transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of default to make a balanced decision about the establishment, implementation, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures, and address data may be included in the calculation. Your interests worthy of protection are taken into account in accordance with legal requirements. Data processing serves the purpose of credit checking for contract initiation. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protection against payment default when PayPal makes an advance performance.
You have the right, on grounds relating to your particular situation, to object at any time to this processing based on Art. 6(1)(f) GDPR by notifying PayPal. Provision of the data is required for the conclusion of the contract with the payment method you have chosen. Failure to provide the data means that the contract cannot be concluded with the payment method you selected.
Third-party providers
When paying using a third-party provider’s payment method, the data required for payment processing is transmitted to PayPal. This processing is carried out on the basis of Art. 6(1)(b) GDPR. To carry out this payment method, the data may then be forwarded by PayPal to the respective provider. This processing is carried out on the basis of Art. 6(1)(b) GDPR. Local third-party providers can include, for example:
-
Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)
-
giropay (Paydirekt GmbH, Stephanstr. 14–16, 60313 Frankfurt am Main, Germany)
Purchase on account via PayPal
When paying by purchase on account, the data required for payment processing is first transmitted to PayPal. To carry out this payment method, the data is then forwarded by PayPal to Ratepay GmbH (Franklinstraße 28–29, 10587 Berlin; “Ratepay”) in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR. Ratepay may carry out a credit check based on mathematical-statistical procedures (probability or score values) using credit agencies as described above. Data processing serves the purpose of credit checking for contract initiation. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protection against payment default when Ratepay makes an advance performance. For more information on data protection and which credit agencies Ratepay uses, see https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.
Further information on data processing when using PayPal can be found in PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Use of the payment service provider Stripe
We use the Stripe payment service of Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Data processing serves the purpose of enabling you to pay via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6(1)(b) GDPR.
Stripe reserves the right to obtain a credit report based on mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received about the statistical probability of default to make a balanced decision about the establishment, implementation, or termination of the contractual relationship. The credit report may contain probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical procedures, and address data may be included. Your interests worthy of protection are taken into account in accordance with legal requirements. Data processing serves the purpose of credit checking for contract initiation. Processing is carried out on the basis of Art. 6(1)(f) GDPR due to our overriding legitimate interest in protection against payment default when Stripe makes an advance performance.
You have the right, on grounds relating to your particular situation, to object at any time to this processing based on Art. 6(1)(f) GDPR by notifying Stripe. Provision of the data is required for the conclusion of the contract with the payment method you have chosen. Failure to provide the data means that the contract cannot be concluded with the payment method you selected. All Stripe transactions are subject to the Stripe Privacy Policy, available at https://stripe.com/de/privacy.
Cookies
Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that enables the unique identification of the browser when the website is accessed again.
Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and the transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we point out that you may then not be able to use all functions of this website to their full extent.
You can find out how to manage (and disable) cookies in the most important browsers at:
Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Technically necessary cookies
Unless otherwise stated in this privacy policy, we only use these technically necessary cookies for the purpose of making our offer more user-friendly, effective, and secure. In addition, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again after a page change.
The use of cookies or comparable technologies is based on Section 25(2) TDDDG. The processing of your personal data is based on Art. 6(1)(f) GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our offer. You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you.
Use of Shopify's Consent Management Tool
We use the consent management tool provided by Shopify International Ltd. to manage and document the consent you provide regarding the use of cookies and similar technologies on our website.
This tool enables you to grant, refuse, or withdraw consent for the processing of personal data at any time with effect for the future. Your preferences are stored so that they can be recognized and applied during future visits to our website.
In this context, information regarding your consent status, the time of your decision, device and browser information, as well as an anonymized or shortened IP address may be processed.
The processing is carried out for the purpose of complying with legal obligations relating to the requirements of the GDPR and applicable ePrivacy regulations pursuant to Art. 6(1)(c) GDPR.
Further information regarding Shopify's privacy practices can be found at:
https://www.shopify.com/legal/privacy
Ad tracking
Use of the Meta Pixel
We use the Meta Pixel of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; “Meta”).
Meta and we are joint controllers for the data collection that takes place when the service is integrated and the transmission of this data to Meta. The basis for this is an agreement on joint processing of personal data between us and Meta, which sets out the respective responsibilities. The agreement is available at https://de-de.facebook.com/legal/terms/businesstools. According to this, we are particularly responsible for fulfilling the information obligations under Art. 13, 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach concerns our obligations under the joint processing agreement. Meta is responsible for enabling data subject rights under Art. 15–20 GDPR, complying with the security requirements of Art. 32 GDPR with regard to the security of the service, and complying with the obligations under Art. 33, 34 GDPR insofar as a personal data breach concerns Meta’s obligations under the joint processing agreement.
The application serves the purpose of targeted, interest-based advertising to visitors to the website on the social networks Facebook and Instagram. For this purpose, the Meta remarketing tag is implemented on the website. When you visit the website, a direct connection to the Meta servers is established. This transmits to the Meta server which of our pages you have visited. Meta assigns this information to your personal Facebook and/or Instagram user account. When you visit the Facebook or Instagram social networks, you will then be shown personalized, interest-based ads.
The application also serves the purpose of creating conversion statistics. In this way, we learn the total number of users who clicked on one of our ads and were redirected to a page provided with a conversion tracking tag, as well as what actions are taken after being redirected to this website. However, we do not receive any information that would allow us to personally identify users.
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the TADPF. Meta is certified under the TADPF and is therefore committed to complying with European data protection principles.
Processing of your personal data is carried out with your consent on the basis of Art. 6(1)(a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can deactivate the “Custom Audiences” remarketing function here. Further information on the collection and use of data by Meta, your rights in this regard and options for protecting your privacy can be found in Meta’s privacy policy at https://www.facebook.com/about/privacy/ (https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0).
Plugins and other
Use of social plugins
We use social network plugins on our website. The integration of social plugins and the data processing that takes place serves the purpose of optimizing the advertising for our products.
When social plugins are integrated, a link is established between your computer and the servers of the social network providers and the plugin is displayed on the page by notification to your browser, provided you have expressly consented. In doing so, both your IP address and the information about which of our pages you have visited are transmitted to the providers’ servers. This applies regardless of whether you are registered or logged in to the social network. Transmission also takes place for users who are not registered or not logged in. If you are simultaneously connected to one or more of your social network accounts, the collected information can also be assigned to your corresponding profiles. When using the plugin functions (e.g., clicking the button), this information is also assigned to your user account. You can prevent this assignment by logging out of your social media accounts before visiting our website and before activating the buttons.
The use of cookies or comparable technologies is carried out with your consent on the basis of Section 25(1) sentence 1 TDDDG in conjunction with Art. 6(1)(a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6(1)(a) GDPR. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
The following social networks are integrated via social plugin on our website. Further information on the scope and purpose of the collection and use of data as well as your rights in this regard and options for protecting your privacy can be found in the providers’ linked privacy policies.
Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Meta Platforms Ireland and we are joint controllers for the data collection that takes place when the service is integrated and the transmission of this data to Facebook. The basis for this is an agreement on joint processing of personal data between us and Meta Platforms Ireland, which sets out the respective responsibilities, available at https://www.facebook.com/legal/controller_addendum. According to this, we are particularly responsible for fulfilling the information obligations under Art. 13, 14 GDPR, for complying with the security requirements of Art. 32 GDPR with regard to the correct technical implementation and configuration of the service, and for complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach concerns our obligations under the joint processing agreement. Meta Platforms Ireland is responsible for enabling data subject rights under Art. 15–20 GDPR, complying with the security requirements of Art. 32 GDPR regarding the security of the service, and complying with the obligations under Art. 33, 34 GDPR, insofar as a personal data breach concerns Meta Platforms Ireland’s obligations under the joint processing agreement.
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the TADPF. Meta is certified under the TADPF and is therefore committed to complying with European data protection principles.
Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy/.
Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):
https://help.instagram.com/155833707900388
Your data may be transferred to the USA. For the USA, there is an adequacy decision by the EU Commission, the TADPF. Meta is certified under the TADPF and is therefore committed to complying with European data protection principles.
Data subject rights and storage period
Storage period
After complete contract processing, the data is initially stored for the duration of the warranty period, then—taking into account statutory, in particular tax and commercial retention periods—stored and subsequently deleted after the retention period has expired, unless you have consented to further processing and use.
Rights of the data subject
If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, rectification, erasure, restriction of processing, data portability.
You also have the right to object under Art. 21(1) GDPR to processing based on Art. 6(1)(f) GDPR, as well as to processing for direct marketing purposes.
Right to lodge a complaint with a supervisory authority
Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful.
Right to object
If the personal data processing listed here is based on our legitimate interests under Art. 6(1)(f) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to such processing with effect for the future.
After an objection, processing of the affected data will be ceased, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
If the processing of personal data is for direct marketing purposes, you may object to such processing at any time by notifying us. After an objection, we will cease processing the affected data for direct marketing purposes.