Skip to content
Zackreturns
← Back to home

Privacy Policy

1. Privacy at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data collection on this website

Data processing on this website is carried out by the website operator (see “Notice concerning the controller”). Your data is collected, on the one hand, when you provide it to us (e.g. by e-mail) and, on the other hand, automatically or after your consent when you visit the website, through our IT systems (primarily technical data such as your browser, operating system, or the time of the page request). Some of this data is used to ensure the website is provided without errors; other data may be used to analyse your usage behaviour.

2. Hosting

We host the contents of our website with Vercel. The provider is Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA. When you visit our website, Vercel collects various log files, including your IP address. You can find details in Vercel's privacy policy: vercel.com/legal/privacy-policy. Vercel is used on the basis of Art. 6 (1) (f) GDPR (legitimate interest in a reliable presentation of the website); where consent was requested, on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG (German Telecommunications-Digital-Services Data Protection Act). Data transfers to the USA are based on the standard contractual clauses of the EU Commission.

3. General information and mandatory disclosures

Notice concerning the controller

The controller responsible for data processing on this website is:
CrossBox Digital LTD
Griva Digeni & K. Chatzopoulou 28
1066 Nicosia
Cyprus
Represented by: Stawros Koutis
E-mail: support@zackreturns.com · Phone: +357 22 516617

CrossBox Digital LTDis established in Cyprus (EU). The company's place of establishment alone does not result in any data transfer to a third country. Further details can be found in the Legal Notice.

Storage duration

Unless a more specific storage period is stated within this privacy policy, your personal data remains with us until the purpose for the data processing no longer applies. If you assert a justified request for erasure or withdraw your consent, your data will be deleted unless there are other legally permissible reasons for retaining it.

Legal bases

We process personal data on the basis of Art. 6 GDPR — in particular your consent (Art. 6 (1) (a) GDPR in conjunction with § 25 (1) TDDDG, e.g. for analytics and third-party services), for the performance of a contract or pre-contractual measures (point (b)), and on the basis of our legitimate interest in the secure, functional operation of this website (point (f)).

Your rights

You have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and objection (Art. 21). You can withdraw any consent you have given at any time with effect for the future (Art. 7 (3)). You also have the right to lodge a complaint with a data protection supervisory authority.

SSL or TLS encryption

For security reasons, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the address line of your browser changing from “http://” to “https://”.

4. Data collection on this website

Cookies and consent via Cookiebot

Our website uses cookies. Cookies are small text files and do not cause any damage to your device. Necessary cookies are technically required (legal basis: Art. 6 (1) (f) GDPR). Other cookies and services are only loaded after your consent. To obtain and manage your consent, we use Cookiebot, a service of Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark. Cookiebot stores your consent as proof. The legal basis is Art. 6 (1) (c) GDPR; we have concluded a data processing agreement with Usercentrics. You can withdraw or change your consent at any time via the cookie banner.

You can find the current, automatically maintained overview of the cookies in use in the following cookie declaration:

Server log files

The provider automatically collects and stores information in server log files (browser type and version, operating system, referrer URL, host name, time of the request, truncated IP address). Legal basis: Art. 6 (1) (f) GDPR (technically error-free presentation and security).

Contact by e-mail

If you contact us by e-mail (support@zackreturns.com), we process your details in order to handle your enquiry. Legal basis: Art. 6 (1) (b) or (f) GDPR.

5. Analytics tools

Google Analytics

After your consent, we use Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and enables an analysis of usage behaviour; IP anonymisation is activated, so your IP address is truncated. Data may be transferred to Google LLC in the USA (standard contractual clauses, EU-US Data Privacy Framework). Legal basis: Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. We have concluded a data processing agreement with Google. You can withdraw your consent at any time via the cookie banner.

Microsoft Clarity

After your consent, we use Microsoft Clarity. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Clarity analyses how the website is used (e.g. clicks, scrolling behaviour, heatmaps, and anonymised session recordings; inputs are masked by default) and only loads after you consent to the “Statistics” category in the cookie banner. Storage takes place via Microsoft Azure (USA); data may be transferred to the USA (Data Privacy Framework). Legal basis: Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. We have concluded a data processing agreement with Microsoft.

6. Plugins and tools

Calendly

We use Calendly for booking appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA. Calendly is only loaded after your consent or your active click (two-click solution). In the process, personal data is transferred to Calendly in the USA (standard contractual clauses, EU-US Data Privacy Framework). Legal basis: Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, as well as Art. 6 (1) (b) GDPR (pre-contractual measures). We have concluded a data processing agreement with Calendly.

7. Processing on behalf of merchants within the ZackReturns app

Where we process personal data of a merchant's shoppers within the ZackReturns application, the respective merchant is the controller and CrossBox Digital LTD is the processor. For this purpose, we conclude a data processing agreement (DPA) with the merchant pursuant to Art. 28 GDPR. The specific data the app processes, for which purposes and for how long, is described in the ZackReturns App Privacy Policy.

Objection to promotional e-mails

We hereby object to the use of the contact data published in fulfilment of our legal-notice obligation for the purpose of sending advertising and information materials that were not expressly requested.