GDPR Compliance Policy

GDPR Compliance Policy – gozoo.store

1. Data controller

The controller of personal data for the website gozoo.store is:

ASEL Sp. z o.o.
 ul. Jaszowiecka 10 / 121
 02-934 Warsaw
 Poland

E-mail: support@gozoo.store

 

 

2. Legal basis for processing

Personal data is processed in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Polish data protection law, based on:

  • Article 6(1)(b) GDPR – performance of a contract (e.g., order processing, account creation).

  • Article 6(1)(c) GDPR – compliance with legal obligations (e.g., tax and accounting duties).

  • Article 6(1)(a) GDPR – consent (e.g., newsletter subscription, marketing cookies).

  • Article 6(1)(f) GDPR – legitimate interests (e.g., fraud prevention, system security, customer service).

 

 

3. Principles of data processing

The controller ensures that personal data is:

  • Processed lawfully, fairly, and transparently.

  • Collected for specified, explicit, and legitimate purposes.

  • Limited to what is necessary for the purposes.

  • Accurate and kept up to date.

  • Stored only as long as necessary.

  • Protected by appropriate technical and organizational measures.

 

 

4. Data subject rights

Users of gozoo.store have the right to:

  • Access their personal data.

  • Rectify inaccurate data.

  • Request erasure (“right to be forgotten”).

  • Restrict processing.

  • Data portability.

  • Object to processing carried out on the basis of legitimate interests.

  • Withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

Requests regarding personal data may be sent to: support@gozoo.store

 

 

5. Data sharing

Personal data may be shared only with entities necessary to provide our services, including:

  • Payment providers (e.g., Shopify Payments, PayPal).

  • Logistics partners (Apaczka).

  • Accounting and legal services.

  • IT and hosting providers (Shopify).

Some providers may process data outside the EEA (e.g., Shopify servers in Canada/USA). In such cases, transfers are safeguarded by adequacy decisions (Canada) or Standard Contractual Clauses (SCCs) approved by the European Commission.

 

 

6. Data security

We apply technical and organizational measures such as encryption, pseudonymization, secure access controls, and system monitoring to protect personal data against unauthorized access, alteration, or loss.

 

 

7. Supervisory authority in Poland

Users may lodge a complaint with the supervisory authority in Poland:

Prezes Urzędu Ochrony Danych Osobowych (UODO)
 Website: www.uodo.gov.pl

 

 

8. Updates

This GDPR Compliance Policy may be updated periodically to reflect changes in law, technology, or our business practices. Updates will be published on gozoo.store.