Tech Brothers, trading as Zorva (hereinafter: "Zorva", "we", "us", "our"), established at, 16 Am Hauptbahnhof Frankfurt am Main, Germany, is the controller within the meaning of the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) for the processing of personal data via the website zorva.eu.
1. Contact details of the data controller
Tech Brothers (trading as Zorva)
Am Hauptbahnhof 16
60329 Frankfurt am Main, Germany
E-mail: info@zorva.eu
IHK: 97085545 | W-IDNR: 867904835
For questions about this privacy policy or exercising your rights, you can contact us using the details above.
2. Which personal data do we process?
We process the following categories of personal data:
2.1 Data that you provide to us yourself
- First and last name
- Address details (street, house number, postcode, city, country)
- Email address
- Phone number
- Payment details (processed by our payment service provider; we do not store credit card numbers)
- Any communication content (questions, complaints, reviews)
2.2 Automatically collected data
- IP address
- Browser type and version
- Device type and operating system
- Date and time of visit
- Visited pages and click behavior
- Referring website (referrer URL)
- Cookie identifiers (see our Cookie Policy)
3. Purposes and legal grounds for processing
We process personal data on the basis of the following legal grounds under Article 6 of the GDPR:
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Execution of your order and delivery | Performance of the agreement (Article 6(1)(b)) |
| Payment processing | Performance of the agreement (Article 6(1)(b)) |
| Customer service and communication | Performance of the agreement (Article 6(1)(b)) |
| Legal obligations (accounting, tax) | Statutory obligation (Article 6(1)(c)) |
| Improvement of website and services | Legitimate interest (Article 6(1)(f)) |
| Fraud and abuse prevention | Legitimate interest (Article 6(1)(f)) |
| Marketing and newsletters | Consent (Article 6(1)(a)) |
| Placing non-essential cookies | Consent (Article 6(1)(a)) |
4. Retention periods
We do not retain personal data longer than necessary for the purposes for which it was collected:
- Order details and invoices: 7 years after the financial year (statutory tax retention obligation)
- Customer account data: up to 2 years after the last activity, then anonymized or deleted
- Communication data (customer service): 2 years after resolution
- Newsletter preferences: until unsubscribe + maximum 30 days
- Analytical data: maximum 26 months (anonymized)
- IP addresses in server logs: maximum 90 days
5. Recipients and processors
We only share personal data with third parties when this is necessary for the performance of the agreement or when we are legally obliged to do so. We never sell your data to third parties.
Categories of recipients:
- Payment service providers: for processing payments
- Delivery services: for delivering your order
- Hosting providers: for hosting our website and storing data
- Analytics service providers: for analyzing website usage (anonymized where possible)
- Tax and Customs Administration and government agencies: when legally required
We enter into a data processing agreement with all processors in accordance with Article 28 of the GDPR.
6. Transfer outside the EEA
We strive to process personal data within the European Economic Area (EEA). If transfer to a country outside the EEA is necessary, we ensure that appropriate safeguards are in place, such as:
- An adequacy decision of the European Commission (Article 45 GDPR)
- Standard Contractual Clauses (SCCs) of the European Commission (Article 46(2)(c) GDPR)
- Binding Corporate Rules (BCRs) (Article 47 GDPR)
7. Your rights under the GDPR
Pursuant to the GDPR, you have the following rights regarding your personal data:
- Right of access (Article 15): You can request a copy of the personal data that we process about you.
- Right to rectification (Article 16): You may request us to correct incorrect or incomplete data.
- Right to erasure / right to be forgotten (Article 17): You may request us to delete your personal data.
- Right to restriction of processing (Article 18): You may request us to restrict the processing of your data.
- Right to data portability (Article 20): You may request us to transfer your data to you or another controller in a structured, commonly used, and machine-readable format.
- Right of objection (Article 21): You may object to the processing of your personal data based on legitimate interest, including profiling. You may object to processing for direct marketing at any time.
- Right to withdraw consent (Article 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of the prior processing.
- Right not to be subject to automated decision-making (Article 22): You have the right not to be subject to a decision based solely on automated processing that produces legal effects.
You can send your requests to info@zorva.eu. We will respond to your request within 30 days, in accordance with the GDPR. We may ask you to verify your identity before processing your request.
8. Security
Zorva takes appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage (in accordance with Article 32 GDPR). Measures include, among others:
- SSL/TLS encryption on all pages
- Encrypted storage of sensitive data
- Limited access on a need-to-know basis
- Regular security updates and checks
- Data processing agreements with all sub-processors
9. Data breaches
In the event of a data breach that is likely to pose a risk to your rights and freedoms, we will report this to the Data Protection Authority within 72 hours (in accordance with Article 33 GDPR). If the data breach is likely to pose a high risk, we will also inform you directly (in accordance with Article 34 GDPR).
10. Cookies and tracking
We use cookies and similar technologies. Non-essential cookies are only placed with your explicit consent, in accordance with the ePrivacy Directive (Directive 2002/58/EC) and the German Telecommunications Act. Read our full Cookie Policy for more information.
11. Minors
Our website and services are not directed at persons under the age of 16. We do not knowingly collect personal data from persons under the age of 16. If you suspect that we have collected personal data from a minor without the consent of a parent or guardian, please contact us at info@zorva.eu so that we can delete this data.
12. File a complaint with the supervisory authority
If you have a complaint about the way we handle your personal data, we would be happy to discuss it with you. In addition, you always have the right to lodge a complaint with the supervisory authority:
Federal Commissioner for Data Protection and Freedom of Information (BfDI)
P.O. Box 1211, 53102 Bonn, Germany
Website: https://www.bfdi.bund.de
13. Changes to this privacy policy
Zorva reserves the right to amend this privacy policy. The most current version is always available on our website. In the event of material changes, we will inform you via email or a notice on our website. We recommend that you consult this policy regularly.
