Login

Language

Cart

Your cart is empty

Privacy Policy

Privacy Policy (GDPR-Compliant)

Introduction
We, ZOËS Cosmetics, take the protection of your personal data seriously. This Privacy Policy explains how we collect, use, and protect your information when you visit our website or purchase our products. It applies to all users within the European Union (EU) and the European Economic Area (EEA).

1. Controller

The controller responsible for the processing of your personal data is:

ZOËS Cosmetics
Owner: Zoë Stäheli
Address: Baileystraat 13 8013 RV Zwolle
E-Mail: info@zoes-cosmetics.com

2. Data We Collect

a) Device Information

When you visit our website, we automatically collect certain information about your device, including your IP address, browser type, time zone, and information about the cookies installed on your device.

b) Order Information

When you place an order, we collect:

  • Name

  • Billing and shipping address

  • Payment information (e.g., credit card details)

  • Email address

  • Phone number (optional)

c) Newsletter / Marketing (if applicable)

If you subscribe to our newsletter, we will collect and process your email address for this purpose.

3. Purpose and Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 GDPR:

  • Contract performance (Art. 6(1)(b)): to process your order, payment, shipping, and customer service.

  • Legitimate interests (Art. 6(1)(f)): to detect fraud, maintain website security, improve our services, and for limited direct marketing.

  • Consent (Art. 6(1)(a)): for newsletters, cookies/analytics, or other optional marketing.

4. Sharing of Data

We share your personal data only as necessary:

  • With service providers such as Shopify (platform), payment processors, and shipping companies.

  • With Google Analytics to analyze website usage (see Google’s Privacy Policy: https://policies.google.com/privacy).

If we transfer personal data outside the EU/EEA (e.g., to the USA or Canada), we ensure appropriate safeguards are in place, such as the EU-US Data Privacy Framework or Standard Contractual Clauses.

5. Retention Period

We store your personal data only for as long as necessary:

  • Order and invoice data: 10 years (required by tax and commercial law).

  • Customer accounts: until you request deletion.

  • Newsletter data: until you withdraw your consent.

6. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

You also have the right to file a complaint with your local supervisory authority. For example:

  • In Germany: Berliner Beauftragte für Datenschutz und Informationsfreiheit

  • In the Netherlands: Autoriteit Persoonsgegevens

  • In France: CNIL

7. Cookies & Tracking

We use cookies and similar technologies:

  • Essential cookies (for site functionality) – no consent required.

  • Analytics/Marketing cookies – only with your prior consent via our cookie banner.

You can withdraw consent at any time.

8. Data Security

We apply appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

10. Contact

If you have any questions or wish to exercise your rights, please contact us at:

Email: info@zoes-cosmetics.com
ZOËS. 

Baileystraat 13 8013 RV, Zwolle The netherlands