Date of last revision: May 2022, updated to correspond with GDPR requirements
About this policy
At Digital Fabric Ltd (“Zadaa”, “we” or “us”) we take data protection seriously. We hope that you will take a moment to read this policy.
- What personal data we collect when you create an account for or use our Services
- How we may use and share your personal data in connection of our Services
- Your legal rights and how to exercise them
What Personal Data do we Process?
Zadaa collects two types of information from our Users: (i) User Data; and (ii) Technical Data. Although we do not normally use Technical Data to identify you as an individual or combine the technical data with your personal data, you can Zadaa collects three types of information from our Users: (i) User Data; (ii) Transaction Data and (ii) Technical Data. Although we do not normally use Technical Data to identify you as an individual or combine the Technical Data with your other personal data, you can sometimes be recognized from it. In such situations, Technical Data can also be considered personal data under applicable laws.
Within the Zadaa app we process the following User Data which is primarily received directly from you either in connection with your use of the Services or in connection with your interaction with us:
- Your full name
- Birth year
- Phone number
- E-mail address
- User account credentials
- Height, weight and body type (as reported by you)
- Clothing size information
- Possible communication with us or with other Users
- Your purchases on this site (item and value)
- Possible claims
- Delivery information and delivery status
- Possible use of campaign or promo codes
- Direct marketing opt-outs and opt-ins
Transaction Data processed in connection with the Services may include for example the following type of personal data:
- Payment history (sales and purchases, subscription fees and/or service fees, as applicable)
- Credit Card or bank account information (as applicable)
- Possible refunds
- Zadaa Cash Credits (as applicable)
Technical data is collected automatically through the Services and may include for example the following data:
- IP address
- Device type
- Operating system
- Time of visit
- Browsing patterns within the app or on our website
- Browser type and version
- Language settings
- Crash reports
We may also update and supplement personal data with information provided by third parties in accordance with applicable data protection laws.
Purposes and legal grounds of processing
We may collect and use Users’ personal data for the following purposes:
- To provide the Services and to comply with our General Terms of Service and Zadaa Plus Terms of Service, i.e. to ensure our ability to provide essential functionalities for and access to the Services and to personalize the user experience or to develop our Services, including by improving our algorithms, processes and service experience. In some cases, personal data may be processed for the purpose of carrying out contractual obligations towards the User. (legal ground: performance of a contract and legitimate interest)
- To fulfill our legal obligations, such as our bookkeeping obligations or to provide information to competent authorities (e.g. tax authorities). (legal ground: compliance with a legal obligation)
- For customer service, feedback and support (legal ground: legitimate interest and performance of a contract)
- To prevent fraud or other illegal activities or misuse of the Services and for security improvement and troubleshooting purposes (legal ground: legitimate interest)
- For statistical and analytical purposes, i.e. to detect trends concerning the use of our Services and to generate statistics for service development or analytical purposes (legal ground: legitimate interest)
- To process payments and transactions (legal ground: performance of a contract and compliance with a legal obligation)
- For direct marketing and advertising purposes (legal ground: legitimate interest)
Explaining the legal bases for processing personal data
To the extent personal data is processed based on a contract between us and the User, the legal basis shall be performance of contractual obligations. We may also process personal data based on our legal obligations or other legitimate interests, for example in connection with quality improvement, analytics, marketing and legal processes. Whenever using your data based on our legitimate interest, we shall carefully weigh our interest against your right to privacy.
In certain cases, you may be requested to grant your consent for the processing of your personal data. In this event, the legal ground for such processing is your consent. You may withdraw your consent at any time.
We do not under any circumstances process Users’ personal data for the purposes of automated individual decision-making, including profiling.
How long do we keep your data?
Zadaa does not store personal data longer than is legally permitted and necessary for the purposes specified above. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.
Once the data is no longer necessary, we delete or anonymize it as soon as reasonably possible.
Cookies and Local Storage Technologies
Our Services may use “cookies” and other industry standard local storage technologies and tools like pixel tags, web beacons and local shared objects (flash cookies) to enhance user experience and analyze the use of our Services.
Local storage technologies and tools may also be placed on your device by our third-party partners and service providers. The Services may also contain advertisements served by third parties that deliver third-party cookies or other tracking technologies to your device so your online activities across third-party sites or online services can be tracked for advertising purposes. We have no access to or control over the third party cookies and technologies. The Network Advertising Initiative provides opt-out mechanisms from some behavioral online advertising: http://www.networkadvertising.org/choices/. Users located in the European Union can learn of their rights relating to online advertising at www.youronlinechoices.eu.
The Services uses Google Analytics and other web analytics services to compile reports on visitor usage and to help us improve the Services. For an overview of Google Analytics, please visit http://www.google.com/analytics/. You can opt-out of Google Analytics with this browser add-on tool: https://tools.google.com/dlpage/gaoptout
Data Disclosures and International Transfers
We shall not share your’ personal data within our organization, unless strictly necessary to perform our Services. We may further share personal data with our external trusted business partners and affiliates solely under the following circumstances:
For legal reasons
We may share personal data with third parties outside of our organization if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Zadaa, our Users or the public in accordance with the law. When possible, we will inform you about such transfer and processing.
To authorized service providers
For other legitimate reasons
With explicit consent
We may share personal data with third parties outside of our organization for other reasons than the ones mentioned above, when we have your explicit consent to do so. You have the right to withdraw your consent at any time.
In addition to disclosing personal data, we may disclose aggregated or other anonymous data to third parties for advertising and user analytics purposes.
We may process or transfer your personal data in and to any country where we operate or where we have employees or service providers or partners, including countries outside the European Union or the European Economic Area. Such processing, transfer and assignments will be carried out in compliance with applicable law. In cases where the level of data protection may not be deemed adequate by the European Commission, we always, by applying contractual and other measures, ensure that adequate protection for your personal data is provided as required by applicable laws, for personal data transfers to third countries. If you wish to know more about international transfers of your personal data, you may contact us via the contact details given below.
We will only send you direct marketing content if you have opted in to receiving it.
In any case you have the right to prohibit us from using your personal data for direct marketing purposes by contacting us In any case you have the right to prohibit us from using your personal data for direct marketing purposes by contacting us or by using the unsubscribe possibility offered in connection with our newsletter.
Safeguarding your Data
We do our best to keep your data safe and secure. We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, pseudonymization and access right systems. We regularly test our systems, and other assets for security vulnerabilities.
Should despite of the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.
Right to Access
You have the right to know what personal data we have stored about you by sending us a written request to the address indicated below.
Right to Correct
You also have the right to have incorrect/unprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us on the address indicated below. In case you consider your personal data collected by us to be inaccurate, or you wish your personal data to be erased in a case where the processing of your personal You also have the right to have incorrect/unprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us on the address indicated below. In case you consider your personal data collected by us to be inaccurate, or you wish your personal data to be erased in a case where the processing of your personal data has been deemed unlawful, or the personal data is no longer necessary, or you have objected to the processing and the existence of legitimate grounds for processing are being verified, you may request restriction of processing of your personal data.
Right to erasure
You may also ask us to erase your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.
Right to withdraw your consent
You have the right to opt out of receiving electronic direct marketing communications from us by clicking on the opt-out link provided in all marketing communications we send you, and choosing not to receive marketing communications from us in the future. You also have the right to prohibit us from using your personal data for direct marketing purposes, market research and profiling by contacting us on the addresses indicated below. In case your personal data is processed based on your consent, you have the right to withdraw your consent for such processing.
Please note that in case you prohibit us from processing your personal data, we may not be able to continue to provide the Services to you.
Users may object to the processing of personal data if such data are processed for other purposes than those necessary for the provision of the Service to the User or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.
Users may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our site.
In certain cases users may have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.
How to use these rights
These rights may be used by sending a letter or secure e-mail to us on the addresses set out above, including the following information: name, address, phone number and a copy of a valid ID.
We may request the provision of additional information necessary to confirm the identity of the data subject. We may charge a reasonable administrative processing fee in case less than 12 months have passed since your last data request.
We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection.
In Finland, the local supervisory authority is the Data Protection Ombudsman (https://www.tietosuoja.fi).
The Services are not intended for users under the legal age of 16. We do not knowingly collect any personal data from children under this age.
Digital Fabric Oy
Business ID 2688054-4
Address Saukonpaadenranta 20 A 17, 00180 Helsinki Finland