Loading...
Back to home

ZUKO PRIVACY POLICY

Scroll Down

Privacy Policy

Last Updated: September 9, 2025

Effective Date: September 9, 2025

Introduction

ZUKO Ltd. ("ZUKO", "we", "us" or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website or services, in accordance with applicable privacy laws. We adhere to the strict requirements of the EU General Data Protection Regulation (GDPR) and Switzerland's Federal Act on Data Protection (FADP), as well as relevant laws in the United States (including the California Consumer Privacy Act as amended by the CPRA). We also take into account age-specific privacy protections, such as the U.S. Children's Online Privacy Protection Act for users under 13.

Data Controller

For the purposes of European and Swiss data protection law, the data controller of your personal information is ZUKO Ltd., World Trade Center, Av. Gratta-Paille 2, 1018 Lausanne, Switzerland. If you have any questions about this policy or your personal data, you can contact us at privacy@zu-ko.com.

This Privacy Policy is designed to be clear and accessible. We may provide translations in other languages (including French, German, Italian, etc.) for the convenience of users in Switzerland and the EU, to meet transparency requirements. In case of any conflict between different language versions, the English version will prevail (unless otherwise required by local law).

Personal Data We Collect

We collect various types of personal data from and about users of our site:

Information You Provide Directly

When you make a purchase or create an account, we will ask for information such as your name, billing and shipping address, email address, phone number, and payment details. This information is necessary to process transactions and deliver products. If you contact us with questions or support requests, we will collect whatever information you choose to provide in that communication (e.g. your email or phone and the content of your inquiry). You may also provide information if you subscribe to our newsletter or marketing communications (such as your email address and preferences).

Account Data

If our site offers user account registration, we will collect login credentials (such as username and password). Please choose a strong password and keep it confidential. Account creation is optional unless required to place an order (if we allow guest checkout, you can purchase without an account).

Automatically Collected Data

When you visit our website, certain data is collected automatically by our systems or service providers. This may include your IP address, device type, browser type, operating system, referring URLs, and usage information such as pages viewed, links clicked, and the dates/times of access. We also use cookies and similar tracking technologies to collect information about your interactions with the site (see Cookies and Tracking below for details). This data helps us ensure the site is functioning properly, to analyze traffic, and to personalize your experience (e.g. remembering items in your shopping cart).

Transaction and Order Information

Details of products you have ordered, order dates/times, amounts paid, and payment confirmation details are recorded for order fulfillment and accounting. (For payment card information, as noted, we generally use a third-party processor so we may only store a token or partial information, not the full card number).

Location Data

We do not actively track your precise geolocation. However, your IP address may give a general indication of your location (e.g. city or country). We use this to detect potential fraud, to display the correct currency/language, or to comply with region-specific requirements (for example, to show proper privacy notices or age gates as required by different jurisdictions).

We do not collect any sensitive personal data about you unless necessary and with your explicit consent. "Sensitive" data includes things like racial or ethnic origin, political opinions, religious beliefs, health information, biometric data, or the like. We do not need such data for our services (except perhaps if you voluntarily provided health-related info in a specific inquiry, which we would only use to address that inquiry and not store unnecessarily). We also do not intentionally collect any data about criminal convictions or offenses.

How We Use Your Personal Data

We use the collected data for the following purposes, and we ensure we have a valid legal basis for each use:

To Fulfill Orders and Provide Services

We process your personal data primarily to process transactions and deliver the products or services you requested. This includes using your name and address to ship your order, your email to send order confirmations and updates, and your payment information to obtain payment. The legal basis for this processing is the performance of a contract with you (Article 6(1)(b) GDPR) — we need the data to fulfill our obligations in the sale contract.

Account Administration

If you have an account, we use your data to maintain and secure your account, to authenticate you when you log in, and to provide you with account features (like viewing order history). Legal basis: performance of contract (if you created an account as part of service) and/or our legitimate interest in providing a user-friendly account system.

Communication

We may use your contact details (email, phone) to communicate with you about your orders (transactional emails, shipping notifications) or to respond to your inquiries and requests. These communications are part of our contract service to you or our legitimate interest in providing good customer service.

Marketing (with Consent)

If you opt in to receive marketing communications (e.g. newsletter), we will use your email to send you news, offers, or product updates. You can unsubscribe at any time. For existing customers, where allowed by law, we may send occasional product recommendations relating to similar products you purchased, but you will always have a clear opportunity to opt out. The legal basis for sending direct marketing is your consent (Article 6(1)(a) GDPR) for emails you explicitly subscribed to, or legitimate interest (Article 6(1)(f) GDPR) for customer relationship management — in either case, we will comply with e-privacy laws requiring opt-in or opt-out as applicable. We will not spam you or share your email with third-party marketers without permission.

Analytics and Improvements

We use usage data and cookies to understand how our site is used and to improve it. This may include analyzing which pages are popular, how users navigate, and detecting technical issues. This processing is based on our legitimate interest in administering and improving our services. Where analytics cookies are non-essential, we will obtain consent via the cookie banner per applicable law.

Personalization

We might use data such as your browsing history or region to personalize content on the site — for example, showing you product recommendations or local currency/language. This is done to enhance user experience, based on legitimate interest and/or consent via cookies where required.

Fraud Prevention and Security

We may process personal data (like IP, order history, payment info) to screen for fraudulent transactions or security threats to our site. This is in our legitimate interests to protect our business and customers. For example, we might use automated tools to flag suspicious orders (unusually large orders, mismatch in card and address country, etc.) and then have staff review them.

Legal Obligations

In some cases we need to process data to comply with laws — for instance, retaining transaction records for tax and accounting purposes, or disclosing information if required by law enforcement or regulators. The legal basis here is compliance with a legal obligation (Article 6(1)(c) GDPR). For example, in Switzerland and many jurisdictions, financial records must be kept for a certain number of years; similarly, consumer protection laws (like product safety rules or recall requirements) might necessitate keeping contact info to notify customers if needed.

We will not use your personal data for purposes that are incompatible with those above without notifying you and obtaining your consent if required. We do not engage in automated decision-making, including profiling, that produces legal effects or similarly significant effects for you, without human involvement. Any automated processing (e.g., basic personalization or fraud scoring) is either not impactful on your rights or will include human review.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies (such as web beacons or pixels) to provide, customize, and improve the user experience:

What Cookies Are

Cookies are small text files that websites place on your device's browser. They serve various functions: some are necessary for the site to work (e.g. remembering your shopping cart or login session), others help us understand site usage or allow us to offer you personalized content, and some may be used for advertising or social media features.

Types of Cookies We Use

Essential Cookies: These are required for basic site functionality (for example, to remember that you are logged in, or to retain your cart items as you shop). Without these, the website might not function correctly.

Analytics Cookies: We use these to collect information about how visitors use our site (pages visited, time on page, etc.). We might use third-party analytics tools (like Google Analytics) but configured in compliance with GDPR (e.g., IP anonymization where appropriate). This helps us improve the site.

Preference Cookies: These remember your preferences (like language or region selection) so we can present the site accordingly.

Advertising/Marketing Cookies: As of now, we do not have third-party ads on our site, but if we ever use remarketing or social media integrations, those partners may set cookies to track engagement and show you relevant ads elsewhere. If used, such cookies would only be set with your consent, in regions where consent is required (EU/Swiss law requires opt-in for non-essential cookies).

Cookie Consent

When you first visit our site from the EU, Switzerland, or other regions with cookie laws, you will see a cookie banner. Non-essential cookies (like analytics or marketing cookies) will not be set unless you consent to them. You can manage your cookie preferences at any time through our cookie settings link (e.g., in the footer) or by adjusting your browser settings to refuse cookies (however, blocking all cookies might impair some site features).

Do-Not-Track

Our site honors browser "Do Not Track" signals or global privacy control settings as required by certain laws. If such a signal is detected, we will treat it as an opt-out of cookies where applicable (for example, California's CCPA regulations recognize Global Privacy Control for opt-out of sale/sharing).

For more detailed information on the cookies we use, you can refer to our Cookie Policy (if available) or contact us. By continuing to use our site with cookies enabled (after consenting where required), you agree to our use of cookies as described.

Disclosure of Personal Data

We value your privacy and share personal data only as necessary with trusted parties, and only for the purposes outlined below. We do not sell your personal information to unrelated third parties for profit.

The circumstances in which we may share data include:

Service Providers

We use third-party companies to help us operate our business and the site. For example:

  • Shipping partners: postal or courier services will receive your name and delivery address (and phone/email, if required for delivery updates) to deliver your orders.
  • Payment processors: as mentioned, your payment details go directly to our payment processor (such as Stripe, PayPal, or others) who handle the transaction securely. They are not allowed to use your data for other purposes.
  • IT and cloud infrastructure: we may host our website or databases on third-party servers (which could be located in Switzerland, the EU, the US, or other jurisdictions — see International Data Transfers below). These providers may technically have access to data for storage or backup purposes, but we have agreements in place to ensure they protect your data.
  • Analytics or marketing tools: if we use third-party analytics (like Google Analytics) or email marketing platforms, those providers will process some personal data (like your site usage or email address for newsletters) on our behalf. They act under our instructions and are bound by data processing agreements to only use the data for our specified purposes and to safeguard it.

Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand). For instance, if consumer protection authorities or data protection regulators request information during an inquiry, we will comply as legally required. We may also disclose data if we believe in good faith that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of ZUKO, (iii) act in urgent circumstances to protect the personal safety of users or the public, or (iv) protect against legal liability.

Business Transfers

If ZUKO goes through a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets, user personal data might be among the assets transferred. We will ensure any such transfer is subject to suitable confidentiality and privacy commitments. If a change of ownership occurs, the successor organization will be bound by this Privacy Policy with respect to your personal data, unless and until it is amended and you are notified or consent is obtained as required by law.

Again, we do not sell personal information (meaning we do not provide your data to third parties for their own marketing or other uses in exchange for money). Also, we do not share data in a way that would be considered a "sale" or "share" under California law (CCPA/CPRA) unless you opt-in. If that ever changes, we will implement the appropriate opt-out mechanism (such as a "Do Not Sell or Share My Personal Information" link) and honor global privacy signals as required.

International Data Transfers

ZUKO is based in Switzerland, but we operate in multiple regions and use service providers around the world. Consequently, your personal data may be transferred to and stored in countries other than your own, including Switzerland, countries in the European Union (EU), and the United States. We want to be transparent about where data may reside or be accessible:

Data Storage Locations

Our primary servers are located in Switzerland and/or the EU. However, we may also use cloud services or providers in the United States. Additionally, if you are in Europe and we need to communicate with you via an email service or process a payment, that data might transit through or be stored in the US or other countries. We list here the countries/regions where personal data might be processed: Switzerland, countries in the European Union/EEA, and the United States of America. (This list may be updated if our infrastructure changes; we will ensure the Privacy Policy reflects all countries to which data is transferred, as required by Swiss law.)

Data Protection for Transfers

Whenever we transfer personal data out of Switzerland or the EU to a country that is not deemed by the relevant authority to have adequate data protection laws, we will ensure appropriate safeguards are in place. For example:

  • Transfers from the EU/EEA are governed by the European Commission's Standard Contractual Clauses (SCCs) or another lawful transfer mechanism, unless the destination country is officially recognized as providing adequate protection under EU law.
  • Transfers from Switzerland follow the Swiss data export requirements, which may include using the EU SCCs with Swiss-specific amendments and obeying Swiss adequacy decisions.
  • We also assess on a case-by-case basis whether additional technical or contractual measures are needed to ensure transferred data is protected (for instance, encryption in transit and at rest, commitments from recipients to challenge unlawful government access, etc., consistent with EU and Swiss guidance post-Schrems II).

By using our site or providing us with information, you acknowledge that your personal data may be transferred to and processed in jurisdictions other than your own. However, rest assured that we take active steps to protect your privacy in all locations and that any international transfer of your personal data will be done in compliance with applicable privacy laws.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or disclosure. These measures include, for example:

  • Using SSL/TLS encryption for data transmission on our website (you should see a lock icon in your browser when submitting personal or payment information through our forms, indicating encryption in transit).
  • Storing sensitive information (like passwords) in hashed or encrypted form. We never store plain text passwords. Payment information is handled by PCI-DSS compliant processors.
  • Restricting access to personal data to employees and service providers who need it to perform their duties, and subjecting them to confidentiality obligations.
  • Regularly updating and patching our systems, and employing firewalls and intrusion detection systems to prevent unauthorized access.
  • Maintaining backup procedures and the ability to restore data in case of an incident, as well as practices to physically and electronically secure our hardware.

Despite our efforts, please understand that no website or Internet transmission is completely secure. We cannot guarantee absolute security of data, and any transmission of personal information is at your own risk. In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant authorities as required by law (e.g., we will follow GDPR and FADP requirements to inform the supervisory authority and users, and in the U.S., any applicable state breach notification laws).

You also play a role in protecting your information. Please use a strong, unique password for our site (if you create an account) and do not share it. If you suspect any unauthorized access to your account or data, contact us immediately.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, as described above, and to satisfy any legal, accounting, or reporting requirements.

  • For example, order information (including personal data in invoices, receipts, transaction records) will be kept for the period required by tax and accounting laws — in Switzerland, this is typically 10 years for financial records, and similar durations may apply in other jurisdictions.
  • Information related to customer support inquiries will be retained as long as needed to resolve your issue and for a short period thereafter in case of follow-up.
  • If you have an account with us, we will keep your account information until you deactivate the account or after a period of inactivity. If you wish to delete your account, you can contact us to request deletion (see Your Rights below).
  • If you subscribed to marketing communications, we will retain your contact info for that purpose until you opt out or unsubscribe, at which point we will remove your contact from our marketing list (except for minimal information kept to record that you opted out, so we don't contact you again).
  • Web analytics data is typically retained for a shorter period (for instance, we might keep log data for security/analysis for 90 days, and aggregate analytics reports indefinitely, but those reports don't directly identify individuals).

When we no longer have a legitimate need or legal obligation to retain your personal data, we will securely delete or anonymize it. We may retain anonymized or aggregated data (which no longer identifies any individual) for research or statistical purposes indefinitely without further notice.

Your Rights and Choices

Your Rights under GDPR / FADP (EU/Swiss users)

If you are in the European Union, EEA, Switzerland, UK or other jurisdiction with similar data protection laws, you have certain rights regarding your personal data. These include:

  • Right to Access: You can request confirmation of whether we are processing your personal data, and if so, request a copy of the data and information about how it's used.
  • Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected.
  • Right to Erasure: You can ask us to delete your personal data in certain circumstances (commonly known as the "right to be forgotten").
  • Right to Restrict Processing: You have the right to request that we limit the processing of your data in certain situations.
  • Right to Data Portability: You can request a copy of certain data in a machine-readable format, and/or to have us transmit it to another controller where technically feasible.
  • Right to Object: You may object to our processing of your personal data when the basis is our legitimate interests, including objection to direct marketing profiling.
  • Right to Withdraw Consent: If we rely on your consent for any processing, you have the right to withdraw that consent at any time.

Your Rights under CCPA (California residents)

If you are a resident of California, USA, state law provides you with the following rights:

  • Right to Know: You can request that we disclose what personal information we have collected about you.
  • Right to Delete: You can request that we delete personal information we have collected from you.
  • Right to Opt-Out of Sale/Sharing: As noted, we do not sell personal data.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
  • Right to Correct: Under the CPRA amendments, you have the right to request correction of inaccurate personal information we hold about you.

To exercise any of these rights, please contact us via the contact information provided in this policy. We may need to verify your identity before fulfilling the request. We will respond to your request within one month, or notify you if we need additional time.

We are committed to upholding your rights. If you believe we have not addressed your concerns adequately, you also have the right to lodge a complaint with a data protection supervisory authority.

Children's Privacy

Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 years old. The Children's Online Privacy Protection Act (COPPA) in the U.S. imposes requirements on websites that collect data from children under 13, including obtaining verifiable parental consent. ZUKO does not intend for any part of our site to be used by children in this age group. If you are under 13, please do not provide any personal information on this site.

We also respect youth privacy in other jurisdictions. If we learn that we have inadvertently collected personal information from a user under 13 (or under the applicable age of consent in your country, which is 13-16 in most EU countries), we will take prompt steps to delete that information from our records unless we are legally obligated to retain it. If you are a parent or guardian and believe your child under 13 may have provided personal information to us, please contact us so we can investigate and delete any such data.

Note for minors above 13: If you are between 13 and 18, you should only use the site with permission from a parent or guardian, because transactions may create legal obligations for you and we require that you are able to fulfill them. Certain regions (like some EU countries) may require parental consent for processing personal data of children under 16 for online services. While our policy is not to offer services directly to those under 16 without guardian consent, if you are 16 or 17 and use the site (for example, with parental purchase), we will handle your data as described here and you (or your guardian) still have all the rights outlined in Your Rights above.

Updates to this Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we do so, we will post the updated policy on our website and update the "Last Updated" date at the top. If the changes are significant, we may also notify you by email or by prominent notice on the site. We encourage you to review this page periodically to stay informed about how we are protecting your information.

Your continued use of the website or our services after any update to this Privacy Policy will signify your acceptance of the changes. If you do not agree to any updated terms, you should stop using the site and can request us to remove your personal data as per your rights.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you can reach our privacy team at:

  • Email: privacy@zu-ko.com

We will be happy to assist you and will do our best to respond promptly to your inquiry.

By using the ZUKO website or services, you acknowledge that you have read and understood these Terms of Service and Privacy Policy. We take legal compliance seriously and aim to provide a trustworthy experience to all our customers in Switzerland, Europe, the United States, and worldwide. These documents will be made available in multiple languages (e.g., English, French, German, Italian, etc.) to meet regional requirements and ensure transparency for all users.

Thank you for trusting ZUKO. If you have any further questions or need clarification on any point, please contact us. Your business and your privacy are important to us.

Benefits
Unique Design
Premium Support

Contact

Say hi

You already know Why you're here.

Seventeen conversations worth having.

Begin yours: hello@zu-ko.com

All the fields are required. By sending the form you agree to the Terms & Conditions and Privacy Policy.