Privacy policy

PRIVACY POLICY

Last updated: April 2026

1. Who We Are

Zylo ("we", "us", "our") operates the online store zyloskin.com. We are the data controller responsible for processing your personal information.

Contact: zyloskin@gmail.com

2. What Data We Collect

We collect the following categories of data:

Identification data: first name, last name, email address, phone number
Shipping/billing data: address, city, country, postal code
Payment data: securely processed by third-party providers (Shopify Payments/Stripe) — we do not store card details
Browsing data: IP address, browser type, pages visited, cookies
Account data: if you create an account on our site
Communications: messages sent via contact form or email

3. Why We Collect Your Data (Purposes and Legal Basis)

Processing and fulfilling orders — Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

Invoicing and accounting — Legal basis: Legal obligation (Art. 6(1)(c) GDPR)

Order-related communications — Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)

Marketing and newsletter — Legal basis: Consent (Art. 6(1)(a) GDPR)

Site improvement and analytics — Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

Fraud prevention — Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)

Legal compliance — Legal basis: Legal obligation (Art. 6(1)(c) GDPR)

4. Our Platform — Shopify

Our store is hosted on Shopify Inc. Shopify processes your data when you visit and make purchases on our site, including to provide services based on your interactions with other merchants and with Shopify. Your data may be shared with Shopify and third parties located in other countries in order to provide services to you.

For more details, please consult the Shopify Consumer Privacy Policy.

5. Cookies and Tracking Technologies

We use essential cookies and, with your consent, non-essential cookies (analytics, marketing). You can manage your preferences through the cookie banner displayed on your first visit.

Essential cookies — required for the site to function (no consent required)
Analytics cookies — understanding visitor behavior (consent required)
Marketing cookies — personalized advertising (consent required)

Shopify — e-commerce platform and data processing
Payment providers (e.g. Stripe/Shopify Payments) — transaction processing
Delivery providers — shipping and logistics
Email marketing providers — if you are subscribed to our newsletter
Public authorities — when legally required

We do not sell your personal data.

7. International Data Transfers

Your data may be transferred to and processed outside the European Economic Area (EEA), including in the United States (e.g. Shopify, Stripe). These transfers are carried out with appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

If you are a resident of the EU, EEA, or UK, you have the following rights:

Access — to know what data we hold about you
Rectification — to correct inaccurate data
Erasure — the "right to be forgotten"
Restriction — to limit how we process your data
Portability — to receive your data in a structured format
Objection — including to direct marketing
Withdrawal of consent — at any time, without affecting the lawfulness of prior processing

To exercise your rights, contact us at: zyloskin@gmail.com

You also have the right to lodge a complaint with your local supervisory authority. In Romania: ANSPDCP — www.dataprotection.ro

9. CCPA Rights (California, USA Residents)

If you are a California resident, you have the right to:

Know what personal data we collect and how we use it
Request deletion of your data
Opt out of the sale or sharing of your personal data for targeted advertising
Not be discriminated against for exercising these rights

To opt out of data sharing, please use the link available in the footer of our store.

10. How Long We Retain Your Data

Order data: 10 years (legal fiscal obligation)
Account data: for the duration of the account + 1 year after deletion
Marketing data: until consent is withdrawn
Cookies: according to the specific duration of each cookie

11. Security

We implement appropriate technical and organizational measures to protect your data, including SSL/TLS encryption, restricted data access, and certified partners (Shopify is PCI DSS certified).

12. Minors

Our site is not intended for persons under the age of 16. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this policy periodically. We will notify you by email or by posting a notice on our site. The date of the last update is indicated at the top of this document.

14. Contact

Zylo Email: zyloskin@gmail.com Website: zyloskin.com