Privacy policy

We're glad you're here! The protection of your personal data is very important to us. Below, we want to explain transparently what data we collect and what happens to it when you use our website.

1. Who We Are and How to Reach Us

The party responsible for processing your data on this website, in accordance with the General Data Protection Regulation (GDPR), is us:

Zuri Foods UG (haftungsbeschränkt) Klausenerstr. 59 66333 Völklingen Germany Email: hello@zurifoods.de

We are the ones who decide on the purposes and means of processing your personal data. If you have any questions about data protection, you can contact us at any time.

2. What Happens When You Visit Our Website?

a) Automatic Data Collection (Server Log Files)

When you visit our website for informational purposes only—meaning you don't register or actively send us information—our system automatically collects some technical data. Your browser transmits these so-called "server log files" to us. This includes:

  • The page you visited
  • The date and time of your visit
  • The amount of data transferred
  • The website you came from (referrer)
  • Your browser and operating system
  • Your IP address (usually anonymized)

This data is technically necessary for us to display the website to you in a stable and secure manner. The processing is based on our legitimate interest in the functionality and security of our website (according to Art. 6(1)(f) GDPR). We do not share this data or use it for other purposes, unless there is a concrete suspicion of unlawful use.

b) SSL/TLS Encryption

For your security and to protect your data, we use SSL or TLS encryption. You can recognize this by the "https://" and the small lock symbol in your browser's address bar. This ensures that the data you send to us (e.g., in orders) cannot be read by third parties.

3. Hosting & Content Delivery Network (CDN)

To ensure our website loads quickly and reliably, we work with external service providers.

a) Amazon Web Services (AWS)

Our host is Amazon Web Services, Inc. (410 Terry Avenue North, Seattle, WA 98109, USA). All data collected on our website is stored on their servers. We have a Data Processing Agreement (DPA) with AWS, which ensures that your data is protected and not shared without authorization. For data transfers to the USA, the EU-US Data Privacy Framework guarantees an adequate level of data protection.

b) Shopify

We use the Shopify system (Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland) for hosting and displaying our content. Data may also be transferred to Shopify Inc. in Canada. We also have a DPA with Shopify. For Canada, there is an adequacy decision from the EU Commission, which confirms a high level of data protection.

c) Cloudflare

To make our website even faster and more secure, we use the CDN from Cloudflare (Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA). This serves our legitimate interest in a stable and high-performing website (Art. 6(1)(f) GDPR). We have a DPA with Cloudflare. For data transfers to the USA, the EU-US Data Privacy Framework guarantees an adequate level of data protection.

4. Cookies: The Little Helpers in the Background

We use cookies to make your visit to our site as pleasant as possible. These are small text files that are stored on your device.

  • Session Cookies: These are automatically deleted after you close your browser.
  • Persistent Cookies: These remain on your device for a longer period and help us recognize your settings for your next visit.

Depending on their function, cookies are processed on different legal bases: for the performance of a contract (Art. 6(1)(b) GDPR), with your consent (Art. 6(1)(a) GDPR), or to protect our legitimate interests in a functional and user-friendly website (Art. 6(1)(f) GDPR).

You have full control! In your browser settings, you can choose whether you want to be informed about cookies, allow them only in individual cases, or generally reject them. Please note that the website may not be fully functional without cookies.

5. How You Can Contact Us

a) General Contact (e.g., via Email)

If you write to us via a contact form or email, we will store your data to process and respond to your request. The legal basis is our legitimate interest in communicating with you (Art. 6(1)(f) GDPR). If your request is aimed at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. Once your matter is resolved, the data will be deleted, provided there are no legal retention obligations.

b) Live Chat via Shopify Inbox

We offer a live chat from Shopify. The data processed here is either for initiating a contract (Art. 6(1)(b) GDPR) or based on our legitimate interest in effective customer support (Art. 6(1)(f) GDPR). This data is deleted after the matter is resolved. Pseudonymized user profiles may also be created to analyze and improve our service. You can object to this at any time. The data transfer is secured by a DPA and, for Canada, by an adequacy decision.

c) Review Reminders by Judge.me

If you give us your explicit consent (Art. 6(1)(a) GDPR), we will forward your email address to Judge.me Ltd. (London, United Kingdom) so they can ask you for a review. You can revoke this consent at any time with us or Judge.me. The data transfer is secured by a DPA and an adequacy decision for the United Kingdom.

6. Comment Function

If you leave a comment, we store your text, the name you chose, the time of creation, and your IP address. This is done for security reasons and to be able to identify the person responsible in case of legal violations. The legal bases for this are Art. 6(1)(b) and (f) GDPR. We reserve the right to delete unlawful comments.

7. Your Customer Account

When you open a customer account with us, we process the data you provide to perform the contract with you (Art. 6(1)(b) GDPR). You can see which data is required in the respective form. You can have your customer account deleted at any time by sending us a message. Your data will then be deleted, provided that all contracts have been fulfilled and there are no legal retention obligations.

8. Advertising and Newsletters

a) Subscribing to the Email Newsletter

When you sign up for our newsletter, we use the double opt-in procedure. This means you will only receive our newsletter after you have confirmed your subscription via a link in a confirmation email. With this confirmation, you consent to the use of your data (Art. 6(1)(a) GDPR). You can unsubscribe at any time via the link in the newsletter or by sending us a message.

b) Email Newsletter for Existing Customers

If you have made a purchase from us, we may send you offers for similar products by email based on our legitimate interest in direct marketing (Art. 6(1)(f) GDPR). Of course, you can object to this at any time without incurring any costs other than the basic transmission costs. A corresponding notice is included in every email.

c) Newsletter Dispatch via Shopify Email

We use Shopify Email to send our newsletters. With your consent (Art. 6(1)(a) GDPR), Shopify can also statistically evaluate the success of our campaigns (e.g., open rates). you can object to this at any time. A DPA and the regulations for data transfer to Canada protect your data.

d) Back-in-Stock Notifications

You can be notified by email when a sold-out item is available again. Here too, we use the double opt-in procedure based on your consent (Art. 6(1)(a) GDPR). You can unsubscribe at any time.

e) Abandoned Cart Reminders

If you interrupt your purchase, you can receive a one-time email reminder about your shopping cart. This only happens with your explicit consent via the double opt-in procedure (Art. 6(1)(a) GDPR). You can also unsubscribe from this at any time.

f) Postal Advertising

Based on our legitimate interest (Art. 6(1)(f) GDPR), we reserve the right to send you interesting offers by mail. You can object to the use of your data for this purpose at any time.

9. Data Processing for Your Order

a) Sharing with Service Providers

To process your order (delivery and payment), we pass on your data to the assigned shipping and payment service providers. This is necessary for the performance of the contract (Art. 6(1)(b) GDPR).

b) Shipping Providers (DHL, DPD, Hermes)

If you consent during the ordering process (Art. 6(1)(a) GDPR), we will pass your email address and/or phone number to the selected shipping provider (DHL, DPD, or Hermes) so they can inform you about the delivery time or coordinate it with you. Without your consent, we only provide your name and address. You can revoke your consent at any time.

c) Payment Service Providers (Klarna, Mollie, PayPal, Sofort, Shopify Payments)

We offer various payment providers. Depending on the payment method you choose, your payment data (name, address, bank details, etc.) will be passed to the respective provider for processing (Art. 6(1)(b) GDPR). For certain payment methods (e.g., purchase on account via Klarna), the provider may conduct a credit check to protect its legitimate interests (Art. 6(1)(f) GDPR). You have the right to object to this processing, but this may result in the payment method no longer being available.

d) Cancellation of Subscriptions

For contracts for ongoing services (e.g., subscriptions), we offer a simple electronic cancellation option. The data collected in this process is processed to handle the cancellation and to fulfill our legal obligations (Art. 6(1)(b) and (c) GDPR).

10. Web Analytics and Marketing

For the following services, we obtain your explicit consent via our cookie consent tool (Art. 6(1)(a) GDPR). Without your consent, these services will not be activated. You can revoke your consent at any time for the future.

a) Google Analytics 4

We use Google Analytics 4 (Google Ireland Limited) to analyze the behavior of our visitors and improve our website. Your IP address is shortened to exclude direct personal identification. Demographic characteristics or cross-device analyses (Google Signals, UserIDs) may also be created if you have made the corresponding settings in your Google account.

b) Google Tag Manager

This tool helps us manage various web applications and tracking services on our site. The Tag Manager itself does not process personal data but forwards your IP address to Google upon activation.

c) Hotjar

With Hotjar (Hotjar Ltd., Malta), we analyze user behavior on our website in a pseudonymized way, for example, by creating heatmaps that show where users click or scroll.

d) Meta Pixel (Facebook & Instagram)

We use the Meta Pixel (Meta Platforms Ireland Limited) to measure the success of our ads on Facebook and Instagram and to show you more relevant advertising there.

e) Google Ads Remarketing & Conversion Tracking

With Google Ads, we show you interest-based advertising on other websites (Remarketing). We also measure how successful our ads are by tracking whether a click on an ad leads to an action on our website (Conversion Tracking).

f) Microsoft Advertising

Similar to Google Ads, we use Microsoft's technology to show you interest-based advertising in the Microsoft advertising network based on your previous visit to our site.

g) Google Marketing Platform (GMP)

GMP helps us to display relevant ads and to analyze the performance of our advertising campaigns.

h) TikTok Pixel

With the TikTok Pixel, we measure the success of ads we run on TikTok and analyze the actions users take on our site after a click.

For all mentioned services where data is transferred to the USA, the EU-US Data Privacy Framework ensures an adequate level of data protection. We have signed Data Processing Agreements with all providers.

11. Other Functionalities and Services

a) Login With Amazon

We offer you the convenience of registering on our site with your Amazon account. If you use this function, certain data from your Amazon profile will be transmitted to us with your explicit consent (Art. 6(1)(a) GDPR) to create your customer account.

b) Google Web Fonts

For an appealing and uniform presentation of texts on our website, we use Google Web Fonts. This only happens with your explicit consent (Art. 6(1)(a) GDPR). Your IP address is transmitted to Google in the process.

c) Google reCAPTCHA

To protect our forms from spam and automated bots, we use Google reCAPTCHA. This is based on our legitimate interest in the security of our website (Art. 6(1)(f) GDPR). If cookies are used, this only happens with your consent.

d) Google Customer Reviews

After a purchase, we may ask if you would like to participate in a survey for Google Customer Reviews. If you consent (Art. 6(1)(a) GDPR), we will transmit your email address to Google so that you can receive a review request.

e) Shopsync for Shopify

We use the "Shopsync" app to synchronize our customer data between Shopify and the newsletter service "Mailchimp". This serves our legitimate interest in the efficient management of our contacts (Art. 6(1)(f) GDPR) or is based on your explicit consent (Art. 6(1)(a) GDPR).

12. Cookie Consent Tool

To obtain and manage your consent for cookies and other technologies, we use a "cookie consent tool." When you first visit our site, a window will appear where you can select exactly which data processing you agree to. Your choice is stored in a technically necessary cookie. This serves to fulfill our legal obligations (Art. 6(1)(c) GDPR).

13. Your Rights – You Are in Control

Under the GDPR, you have comprehensive rights regarding your data:

  • Right of Access (Art. 15 GDPR): You can request information at any time about the data we have stored about you.
  • Right to Rectification (Art. 16 GDPR): If your data is incorrect, you can request its correction.
  • Right to Erasure ("Right to be Forgotten") (Art. 17 GDPR): You can request the deletion of your data, provided there are no legal reasons against it.
  • Right to Restriction of Processing (Art. 18 GDPR): You can request that the processing of your data be restricted.
  • Right to Notification (Art. 19 GDPR)
  • Right to Data Portability (Art. 20 GDPR): You can request to receive your data in a machine-readable format.
  • Right to Withdraw Consent (Art. 7(3) GDPR): You can withdraw consent you have given at any time for the future.
  • Right to Lodge a Complaint (Art. 77 GDPR): If you believe that we are not processing your data correctly, you can lodge a complaint with a supervisory authority.

14. Your Right to Object

If we process your data based on our legitimate interest, you have the right to object to this processing at any time for reasons arising from your particular situation.

If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

If your data is used for direct marketing purposes, you can object at any time without giving reasons. We will then immediately stop processing your data for advertising purposes.

15. How Long We Store Your Data

We only store your data for as long as it is necessary for the respective purpose or as required by legal retention periods (e.g., from commercial or tax law).

  • Data based on your consent is stored until you withdraw your consent.
  • Data necessary for the performance of a contract is deleted after legal deadlines expire.
  • Data based on our legitimate interest is stored until you object, unless we have compelling legitimate grounds for continued storage.

Afterward, the data is routinely deleted.