Personal data policy
1.1 This Privacy Notice is intended to provide you with information on how Zizzi Denmark ApS (”Zizzi”, ”we”, ”us”) collect and process your personal data when you shop on- or visit our website, www.zizzifashion.com (“website”)
1.2 We will only process your personal data in accordance with this Privacy Notice and applicable law to which we are subject, including the General Data Protection Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR") and national data protection laws.
1.3 Zizzi is the data controller in relation to your personal data. You can contact Zizzi by using the contact information specified in Section 9.
1.4 If you visit our pages, communicate, or otherwise interact with us on social media, such as Facebook and Instagram, please make sure to consult the specific Privacy Notices presented on the applicable social media. You should be aware that sometimes we may have a joint controllership with the publisher of the social media or platform in question.
2. Collection of personal data and the legal basis for processing
2.1 When you visit our website, we automatically collect data about you and the way you use the website. e.g., your browser type, cookies to determine what you are looking for, your IP-address including your network location and information about your computer.
2.1.1 The purpose is to optimise the functioning of the website and create the best and most targeted user experience for you – among other things through targeted marketing, including retargeting via Google and Meta. The processing is necessary for us to pursue our legitimate interests in improving the Website and to show you the best and most relevant offers.
2.1.2 The legal basis for the processing of this data is GDPR article 6(1) (f).
2.2 When you shop via the website, we also collect the data you provide. This includes e.g., your name, address, e-mail address, telephone number, payment method, information about what you buy, delivery preferences and your IP-address.
2.2.1 The purpose of collecting this data is primarily to be able to deliver the products you buy; we need the data to comply with the purchase agreement with you. In addition, we use the data to comply with legal requirements for bookkeeping and accounting. We also process your name and email in order to send you an invitation to evaluate the purchase experience. The IP-address is collected solely to serve our interest in preventing misuse.
2.2.2 The legal basis for the processing of this data is GDPR article 6(1)(b), (c) and (f).
2.3 When you contact our customer service, either by email, phone or chat, we collect the data you provide that is relevant for us to help you. This includes e.g., your name, address, e-mail, telephone number, order number/receipt details, information about what you may want to return/complain about and any questions you may have.
2.3.1 The purpose of collecting and processing this data is primarily to be able to comply with the purchase agreement with you, including to handle any returns or complaints, as well as our legitimate interest in providing good customer service and answering any questions you may have about our products, etc. In addition, we use the data to comply with legal requirements for bookkeeping and accounting.
2.3.2 The legal basis for the processing of this data is GDPR article 6(1)(b), (c) and (f).
2.4 When you join our customer club, Club Zizzi, you also give your consent to receive marketing from us via e-mail (newsletters, event invitations, etc.). When registering, you must provide your name, e-mail address and preferred store. In addition, you can choose whether you also want to provide your date of birth, address, mobile number, and consent to also receive communication by SMS.
As part of your membership, we also collect information about your use of the customer club benefits, participation in competitions and similar. We can compare this with information about your purchases and returns, for example, both online and in our physical stores.
2.4.1 The purpose is to manage your membership and provide you with the services and benefits associated with your membership of the customer club. In addition, the purpose is also to serve our interest in developing and optimizing Club Zizzi and to send you newsletters with special offers, invitations to events, contests, etc., including targeted marketing, which can also include special offers.
2.4.2 Registration for Club Zizzi is conditional upon your giving separate consent to receive electronic marketing. By doing so, you accept that we send you offers, inspiration, invitations to events and competitions etc. by e-mail. It is also possible to give consent to receive communications by SMS.
2.4.3 The legal basis for the processing of this data is GDPR Article 6(1)(b) and (f).
2.5 To the extent that we refer to our legitimate interest as the legal basis for the processing of personal data specified above, we have conducted a balancing test for those interests to ensure that our interest is not overridden by your interests or fundamental rights and freedoms. Please contact us by using the email provided in Section 9 below if you wish to receive more information on the balancing test.
2.6 If Zizzi should wish to process your personal data for purposes other than those for which the personal data were originally collected, we will provide you with information on this new purpose prior to any further processing.
3. How is your personal data collected
3.1 In most cases, we receive data from you when you visit our website or interact with us on social media, purchase our products, sign up as a member of our customer club, or otherwise communicate with us.
4. Disclosure of your personal data
4.1 We may disclose your personal data to third parties:
4.1.1 Information about your name, address, e-mail, telephone number and order number and specific delivery requests will be disclosed to PostNord, GLS, Bring, DHL, or another freight service that delivers your purchased goods to you.
4.1.2 If you make a purchase on our website, your payment may be processed by a payment service provider acting as an independent data controller.
4.1.3 If we are required or entitled by law to disclose your information, or if we determine that disclosure is necessary to establish, enforce or defend legal claims, protect your safety or the safety of others, investigate fraud, or respond to requests from public authorities or the police on suspicion of or in connection with the investigation of specific criminal offences.
4.2 Your data may be transferred to our external partners who process the data on our behalf. We use external partners for, among other things, technical operation, maintenance and improvement of the website, administration of sales and inventory management on our website, payment processing, customer support and service, sending out newsletters and invitations, administration of our interests on social media platforms, as well as targeted marketing, including retargeting, and for your rating of our company and products.
The companies we work with are our data processors and therefore subject to our instructions as they process data for which we are the data controller. The data processors may not process the data for purposes other than to fulfil the agreement with us, and they are subject to confidentiality. We have written data processing agreements with all those who process personal data on our behalf.
Among other things, we provide information about your name and email to TrustPilot so that an invitation to rate us on the TrustPilot website can be sent on our behalf. If you choose to make a review, TrustPilot becomes the data controller for the data provided.
5. Transfer of personal data to third countries
5.1 We will not transfer your personal data to recipients outside EU or EEA unless we have ensured compliance with GDPR Chapter V.
5.2 Some of our third-party service providers are established outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA. However, to ensure that your personal data receive an adequate level of protection we have ascertained that sufficient safety measures have been implemented to allow for the transfer, including where the European Commission have deemed the country to provide an adequate level of protection for personal data; or by use of specific contracts approved by the European Commission (Standard Contractual Clauses, “SCCs”) which give personal data essentially equivalent protection as it has in Europe.
5.3 We would like to highlight two of these, namely Google LLC. and Meta Platforms, Inc., both of which are based in the United States. To the extent that there is a transfer of your personal data to the United States, it is done on the basis of SCCs.
5.3.1 We disclose data such as email address, areas of interest and phone number to Facebook and Google for the purpose of targeting marketing on Facebook and other websites to you. In some cases, Facebook and Google will link this data with other data. This means that the data we share with them is used to target banners and/or text ads to you across the internet. This is called retargeting - but is not the same as direct marketing. We therefore consider that there is a legitimate interest in disclosing this data which outweighs your interest in not disclosing it.
5.3.3 Read more about Google's use of data here: https://policies.google.com/technologies/partner-sites
5.3.4 The transfer is made on the basis of GDPR article 6 (1) (f).
5.4 If you require further information about our data processors or other recipients established outside the EEA and the safety measures in place to allow for the transfer of personal data, you can request it from us – please send your request to us at firstname.lastname@example.org.
6. Your rights
6.1 To create transparency regarding the processing of your data, we as data controller must inform you of your rights.
6.2 The right of access by the data subject
6.2.1 You have the right to request information from us regarding the personal data we are processing about you, which purposes the processing serves, what categories of personal data and recipients of personal data there might be, as well as information on where the personal data has been obtained.
6.2.2 You have the right to receive a copy of the personal data that we process about you and to check that we are lawfully processing it. If you want a copy of your personal data, you must submit a written request to email@example.com. You may be asked to provide documentation for proof of identity.
6.3 The right to rectification
6.3.1 You have the right to request correction of your personal data that we hold about you. If you become aware that the personal data we process is inaccurate, we encourage you to contact us in writing which will enable you to have any incomplete or inaccurate data we hold about you corrected.
6.3.2 Data that we have collected in connection with your registration for our customer club, you have the opportunity to correct via your login to your user profile on the website.
6.4 The right to erasure (“the right to be forgotten”)
6.4.1 You may have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. To the extent the continued processing of your personal data is necessary, for example in order for us to comply with our legal obligations or for legal requirements to be established, enforced or defended, we are not required to delete your personal data.
6.5 The right to restriction of processing
6.5.1 You may have the right to request the restriction of processing of your personal data to consist only of storage. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
6.6 The right to data portability
6.6.1 You may have the right to obtain personal data that you have provided us with, in a structured, commonly used, machine-readable format and have the right to request a transfer of that data to another data controller.
6.7 The right to object
6.7.1 You have the right to object to our processing of your personal data at any time when it relates to our direct marketing efforts towards you. Including the profiling carried out in order to target our direct marketing, as this processing is carried out on the basis of our legitimate interests, see Section 2.1 and 2.4. If you do not want us to use your personal data for direct marketing and profiling, please remember to delete your cookies.
6.7.2 You have the right to object to our processing of your personal data at any time, for reasons relating to your personal life, where we are relying on a legitimate interest as legal basis for processing, cf. Section 2.1, 2.2, 2.3 and 2.4.
6.8 The right to withdraw consent
6.8.1 You have the right to withdraw any consent you have given to us for a particular processing of personal data at any time.
6.8.2 You also have the right at any time to withdraw your consent to receive electronic marketing communications by email and, where applicable, SMS, in connection with registration with the Customer Club.
You can do this either by logging in to your user account on the website, under "My Information", or via the unsubscribe link or instruction that you will find at the bottom of all emails and SMS’s from Zizzi. You can also unsubscribe by sending an email to firstname.lastname@example.org or by contacting customer service at xxxxxxx/link.
6.9 The right to lodge a complaint
6.9.1 You have the right at any time to lodge a complaint with a supervisory authority, in particular your local supervisory authority in the country where you live or work or where the alleged breach has taken place, if you are dissatisfied with the way in which we process your personal data.
6.9.2 In Denmark you can lodge a complaint with Datatilsynet, for example by email email@example.com or via phone +45 33 19 32 00. You can read more about how to lodge a complaint on Datatilsynet’s website here.
7. Data retention
7.1 Personal data about your use of our Website, cf. Section 2.1, will be deleted at the latest, when you have not used the website for 1 year.
7.2 Personal data that we have collected in connection with your registration and use of your Club Zizzi membership, cf. Section 2.4, we will automatically delete: a) if you have not had any updates or interaction for up to 1 year or b) 6 months after cancelling your membership in our customer club. We do this to prevent misuse of welcome discounts. However, we retain documentation on your consent for e-marketing up to two years after withdrawal.
7.3 Personal data collected in connection with purchases you have made on our website and your use of our customer service, as set out in Section 2.2-2.3, will generally be deleted 3 years after the end of the calendar year in which you made your purchase or contacted customer service. However, data may be stored for a longer period if we have a legitimate need for longer storage. This may be, for example, if it is necessary for legal claims to be established, asserted, or defended, or if retention is necessary for us to comply with legal requirements. Accounting records are kept for 5 years to the end of a financial year to comply with the requirements of the Danish Bookkeeping Act.
8. Data security
8.1 We have put in place appropriate security measures to prevent your personal data from accidental or unlawful destruction, loss, alterations, unauthorised disclosure(s) or misuse of, or access to personal data transmitted, stored or otherwise processed.
8.2 We have limited access to your personal data to employees and contractors who have a relevant and reasonably required need to access your personal data in order to perform their work.
9. Contact information
9.1 Zizzi Denmark ApS is data controller for the personal data, which are collected via the website.
9.2 If you have any questions regarding this Privacy Notice or wish to exercise your rights pursuant to Section 6, please use the contact information set out below:
10. Changes to this privacy notice
10.2 If you are a member of Club Zizzi you will also be informed about changes in the personal data by e-mail.
11.1 This is version  of Zizzi Denmark ApS’ Privacy Notice of 12.01.2023