We, Zapas as a platform focused on electronic commerce both nationally and internationally. The protection of personal data and privacy is always taken very seriously. Fully aware of the importance of personal data to you (or “users”), we will do our best to ensure the security and reliability of your personal data. To maintain your trust in us, we are committed to protecting your personal data by adhering to the following principles: legality, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and responsibility.
For any questions, suggestions or advice, contact us at:
This Policy will help you understand the following:
- How we collect and use your personal data
- How we share, transfer and publicly disclose your personal data
- How we protect your personal data
- How we process children’s personal data.
- How your personal data moves across borders
- How this Policy is updated
- How to contact us
Please read and understand this Policy carefully before using our products (or services).
- How we collect and use your personal data
Personal data means any information related to an identified or identifiable natural person (“data subject”); An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We will collect and use your personal data only for the following purposes:
- Information required regarding the use of Zapas services.
Our services contain certain basic functions, including making your purchases online, improving your experience with our services, and ensuring secure transactions. To perform such functions, we may collect and use the following information related to you:
- Zapas account information
You must use a Zapas account or a third-party social media account compatible with the Zapas platform to allow access and use of the Zapas platform. When you register or log in to the Zapas platform, you must provide the following account information to complete registration or login: an email address or the account and password registered in a third-party social media compatible with the Zapas platform.
- Communication information
To guarantee your communication with sellers in the course of the transaction, consultation and the taking of evidence of such communication history, the system of the Zapas platform will automatically collect and store your information in the Zapas platform servers. Unless we have to use or disclose such information as you explicitly require or in accordance with applicable laws, we will not use or disclose such information in any way.
Also, to better assist you in handling post-sale rights protection and services with respect to merchandise, you may need to provide us with your personal phone number to receive timely feedback on handling results and relevant information.
- Financial information
To use payment services, you must provide the following financial information to complete payments, ensure the security of transactions, and comply with applicable laws: billing address and bank account.
- Transaction information
To ensure the delivery of goods and services, you must provide the following information for the timely receipt of the goods/services and the consultation and verification of the status of the transaction: name, personal phone number, delivery address, transaction record and order information.
- IP address, device information, etc.
For your convenience in quickly searching for products that interest you, we may collect common data from the device you are using (hardware serial number, MAC address, unique device ID, etc.), language settings, IP address, and navigation on the site of each of your visits on the Zapas platform.
In addition, such information can also be collected and used for data analysis and study, from justified needs to offer personalized services and improve the quality of service, to improve the security of our service system, for a more precise prevention of fraud on phishing sites and to guarantee the security of your Zapas account.
- The above information you provide is authorized for our continued use, as long as you use our services.
When you request to close an account or justify deletion, we will stop using and deleting such information in accordance with applicable laws.
- Information you provide to us at your choice
To enhance your experience with our services, you may choose to provide the following personal information to purchase the following additional services. If you choose not to provide such personal data, your use of the core features of Zapas services will not be affected, but you may not be able to use such additional services or you may be required to complete certain information each time you use certain services.
- Personalized recommendation and sending of promotional and marketing information.
While using our services, at any time you can provide or choose to delete the following additional information that helps us offer more relevant services and experiences: name, gender, country/jurisdiction, date of birth, date of birth of spouse/parents, Important anniversaries, income levels, labels, third-party social media accounts, etc. Such information will be used to analyze your behaviors and preferences to personalize personalized services for you and to send you special offers, marketing information, advertisements or other information that you may be interested in.
- Other information
At your choice, you can comment on the products/services you buy. These comments will be used to shape the testimonials of the corresponding products for reference by other Zapas users and optimize the user experience of the relevant services.
- Prior Consent
We will request your prior consent if we intend to use such information for purposes other than those covered in this document or use the information for purposes other than the particular purposes for which it is collected.
To ensure the proper functioning of the website and meet your personalized demands, we will store a small file called Cookie on your computer or mobile devices. In general, the cookie includes identifiers, site name and some numbers and characters. By virtue of Cookie, the website can store your preferences or products in the cart and other data, in order to provide you with a preference setting to buy, help you optimize the selection and interaction of ads, help you judge your registration status and account security etc.
We will not use the cookie for any purpose other than this Policy. You can manage or delete cookies according to your preferences. For relevant details, see AboutCookies.org. You can delete all cookies stored on the computer, since most web browsers have the function of avoiding cookies. If you do, you must change the user settings in person each time you visit our website. For relevant details on how to change browser settings, visit the following link. If your server is not in the list, contact us, we will provide technical guidance:
<Safari> and <Opera>
- Web beacon and pixel tag
In addition to Cookies, we will apply web beacons, pixel tags and other similar technologies to the website. For example, the email we send you may include a URL that links to the content of our website. If you click on that link, we can track your click to help us understand your product or service preferences and improve customer services. In general, the website beacon is a type of transparent image embedded in the website or email. By virtue of the pixel tag in the email, we can know if the email is open or not. If you do not want this method to track you, you can unsubscribe from the mailing list at any time.
- Do not track
Several web browsers have the Do Not Track feature that can issue the Do Not Track request to websites. Currently, the main Internet standardization organizations have not established relevant policies on how websites deal with such a request. However, if your browser starts using Do Not Track, all of our websites will respect your choice.
- Third party data processor
In accordance with our own business demands, we will entrust your personal data to a third-party data processor in a form that complies with GDPR requirements, in order to provide better customer service, ensure transaction security, and enhance the user experience. For example, the data processor may help us verify your identity and conduct a background investigation, police investigation, fraud prevention and risk assessment to ensure the security of your account and the security of transactions, and help us provide you with a logistics service so that you can receive the corresponding goods/services, among others, in a timely manner. To see the list of data processors and their category, and the scope, purpose and method of shared information, among others. We entrust your personal data to the data processor only for legal, adequate, necessary, specific and clear purposes, and we process the personal data necessary only for the provision of the service. We will make every effort to monitor the data processor to fully comply with the entrustment agreement for legal processing, to ensure that your rights can be guaranteed to the fullest extent.
- Public disclosure
- We will publicly disclose your personal data only in the following situations:
- Obtain your explicit consent;
- Disclosure based on laws: We may publicly disclose your personal data if required by applicable laws, legal procedures, lawsuits or government authorities.
- How we protect your personal data
- We have used security protection measures that meet industry standards to protect the personal data you provide and to prevent unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your personal data. For example, your browser is under SSL encryption protection when you exchange data (such as credit card information) with the “service”; In the meantime, we will provide https secure browsing methods to the Zapas website; we will use the encryption technique to guarantee the confidentiality of the data and store personal and non-personal data separately; we will use a reliable protection mechanism to prevent the data from suffering hostile attacks; we will implement an access control mechanism to ensure that only authorized personnel have access to personal data;
- We will take all reasonable and feasible measures to ensure that irrelevant personal data is not collected. We will store your personal data only within the period necessary to achieve the objectives established in this Policy, except for the extension of the reservation period or as permitted by law.
- We will periodically update and make public the relevant contents of the security risk, the evaluation of the security impact of personal data and other reports. You can access said content by visiting the pages of https://zapas.online/
- As the Internet is not an absolutely safe environment in which emails, instant messages and other methods of exchanging Zapas users. During this communication process, the personal data that you voluntarily provide or describe may be disclosed to others. We strongly recommend that you do not send personal data using this method. Use a complex password to help us protect your account so that it is secure.
- We will do our best to guarantee the security of any information you send us. We will assume the corresponding legal responsibilities if your legal rights and interests are compromised due to unauthorized access, public disclosure, manipulation or damage of the information as a result of our damaged physical, technical or management safeguards.
- In the event of a leak of personal data, we will inform you, in accordance with the laws and regulations, our contact information, the basic situation of the security event and the possible impacts, the actions we adopt or will be adopted, relevant suggestions for prevention and autonomous risk reduction, remedies for you among others in a timely manner. We will inform you of the relevant situation for the event by email, letter, call, notification and other forms in a timely manner, or in the event that it is difficult to inform the subjects of personal data one by one, we will publish the announcement in a manner reasonable and effective.
- In addition, we will inform on our own initiative the elimination of the security event of personal data in accordance with the requirements of the supervision department.
- Your Rights
In accordance with the laws, regulations, rules and its established practices, we guarantee that you can exercise the following rights over your personal data:
- Right of access
You have the right to access your personal data described in Article 1 and Article 2 of this Policy through the configuration of your personal account, except for the exceptions provided by laws and regulations. The information you can access includes, but not limited to, the types of personal data we collect and process, the purpose of processing such personal data (and the consequences for not providing such personal data), the basis for legitimacy, the facts of leaving the country, the storage period, the right and the channel to file a complaint, and we will inform you about the specific logic of the data profile if we use your personal data for the data profile.
If you cannot access your personal data through the approaches mentioned above, please feel free to email us at firstname.lastname@example.org. We will respond to your access request within 30 days.
For other personal data generated during the process of using our products or services, as long as it does not cost us too much, we will provide you with electronic copies of your personal data in accordance with GDPR requirements. If you want to exercise your right of access to data, send an email to email@example.com.
- Correction of inaccurate or incomplete personal data
You can correct or complement some of your personal data through the configuration of your personal account. You have an obligation to update your personal data in a timely manner.
Correction of certain special information probably cannot be done by yourself. You can contact us through various contact details published in this Policy or on the Zapas platform. We will respond to your request for access within 30 days. To ensure the security of your account, we may ask you to verify your identity.
- Delete your personal data
- You can ask us to delete your personal data in the following cases:
- Relevant data is no longer necessary for the purpose of collection or processing, and we lack the legal basis to continue processing your personal data;
- You no longer accept or refuse to allow us to process your personal data, and we lack the legal basis to continue processing your personal data;
- Our processing of personal data violates laws and regulations;
- Your data involves data from any child;
- You no longer use our products or services, or have closed your account;
- We no longer provide products or services for you.
- If we decide to respond to your request for deletion, we will inform the third party that we have been in charge of processing your personal data as far as possible and we will require said third parties to delete your personal data in a timely manner, unless otherwise indicated. contrary. provided by laws and regulations, or such third parties have obtained your independent authorization.
- Notwithstanding the foregoing, to resolve disputes, enforce user agreements, and comply with technical requirements related to safe operation, we may still retain certain data for a reasonable time to the extent permitted by law.
- Withdraw consents and processing restrictions
- For the personal data that you have allowed us to collect and process, you can withdraw your consent at any time through your account settings or send an email to firstname.lastname@example.org indicating what consent you want to revoke. When you have withdrawn your consent, we will no longer process the relevant personal data. However, your decision to withdraw your consent will not affect the legality of the personal data processing previously carried out based on your authorization.
- In addition, in some jurisdictions, applicable law may give you the right to limit how we use your personal data, including:
- Doubts about the accuracy of your personal data;
- The processing of personal data is illegal, and you only request to restrict the use of your personal data and object to the deletion of your personal data;
- We no longer need your personal data for processing, but you need such information in order to file a complaint or respond to a complaint;
- You object to our processing of your personal data on the basis of public or legitimate interests and you oppose waiting for verification whether the aforementioned public interests or the legitimate interests of Zapas outweigh your own interests.
- Right of refusal
- In some jurisdictions, applicable law may authorize you to require Zapas not to process your personal data for a specific purpose (including identifying behavioral analysis, direct marketing purposes, etc.), even though such processing is based on legitimate interests. If you object to such processing, we will no longer process your personal data for these purposes unless we can prove that such processing has compelling and reasonable cause, or that such processing is necessary for the establishment, exercise or safeguarding of legal rights.
- If your personal data is processed for direct marketing purposes, you can refuse to allow Zapas to process your data for direct marketing purposes at any time through the boot settings on the relevant advertising screen or by sending an email to email@example.com.
- Cancel an account
- You can cancel the Zapas account that you have registered at any time, you can visit the page https://zapas.online/ to cancel your account yourself or send an email to firstname.lastname@example.org asking us to cancel your Zapas account We may ask you to verify your identity to ensure the security of your account.
- After canceling your account, we will stop providing services to you and delete your personal data within the time limit stipulated by the applicable laws according to your request, unless the laws and regulations establish it or when you have reached an agreement with us.
- Obtaining a copy of personal data
- You have the right to send us a written request to obtain a copy of your personal data through the contact information published in this Policy.
- We may also directly transmit your copy of personal data to a third party designated by you in accordance with your requirements and existing communication technology on the condition that it is technically feasible, such as matching data interfaces. If said third party refuses to receive the copy of your personal data, resulting in a transmission failure, you must coordinate with said third party on your own and Zapas will not be responsible for the transmission failure.
- Restrict automatic decision-making of the information system (data image)
- Based on the personal data collected legally under authorization, automatic decisions (for example, the impulse of commercial information) taken by means of the labeling or image processing carried out through non-artificial automatic decision-making technologies, such as the information system and algorithm will be subject to its legal restrictions. In some business functions, we can only make decisions based on an artificial automatic decision-making mechanism, such as the information system and algorithm. When these decisions significantly influence your legal rights and interests, you have the right to ask us to explain or reject our continued provision of such an image tagging or processing service, and we will provide you with appropriate remedies in accordance with the law.
- Responding to your previous request
- To ensure security, you may need to submit a written request or prove your identity. We may ask you to verify your identity before processing your request.
- We will respond within 30 days. If you are not satisfied, you can also file a complaint as provided in Article 0 of this Agreement.
- For your reasonable request, we do not charge any fee at the beginning, but we will charge a certain cost for repeated requests beyond the reasonable limit, as the case may be. We may reject those repeated requests without cause, requests that require too much technical means (for example, the development of a new system or fundamental change in existing practice is necessary) or that pose risks to the legal rights and interests of others, or requests extremely unrealistic (for example, the information stored on the backup tape).
- We will not be able to respond to your request as required by laws and regulations, in the following situations:
- Directly related to national security and national defense security;
- Directly related to public safety, public health and the main public interests;
- Directly related to the criminal investigation, prosecution, trial, execution of sentences, etc.
- There is sufficient evidence to prove your subjective malice or abuse of rights;
- Responding to your request will result in serious damage to your legitimate rights and interests or those of other persons or organizations.
- Involving trade secrets;
- Other circumstances specified by applicable laws.
- How we process children’s personal data.
- Our products, websites and services are for adults only. Children should not create their own user accounts. We will not collect or use data about children if we are informed.
- We consider anyone under the age of  to be a child, despite the different definitions of children according to local laws and customs.
- Once we discover that we have collected personal data about children without the prior and verifiable consent of their parents, we will try to delete the relevant data as soon as possible.
- How your personal data is transferred across borders
In principle, the personal data collected and generated by us will be stored in Spain. We will make every effort to provide adequate guarantees for the transfer of your personal data and to satisfy your exercise of your rights and access to effective legal remedies.
- The main changes referred to in this Policy include, among others:
- Important changes in our service model. For example, the purpose of processing personal data, the type of personal data processed, the use of personal data, etc.
- Important changes in our ownership structure, organizational structure, among others. Such as, change of owner caused by business adjustments, bankruptcies and mergers and acquisitions, and others;
- Changes in the main objects of personal data delegated to be processed;
- Changes in the main objects of publicly disclosed personal data;
- Important changes in your rights to participate in the processing of personal data and how it is exercised;
- In the face of changes in our department responsible for dealing with the security of personal data, contact information and complaints channels;
- Given the high risks indicated in the personal data security impact evaluation report.
- We will also archive the previous version of this Policy for your reference.
- How to contact us
- In general, we will respond within [30 days]. If you are not satisfied with our response, especially if you believe that our acts of personal data processing have caused damage to your legal rights and interests, you can also contact the relevant [EU data protection authority or committee] for help.