Privacy policy

Last updated: May 2026

This Privacy Policy explains how Zalumo collects, uses, and protects your personal information when you visit zalumo.com or place an order with us. We're committed to handling your data carefully and transparently, in line with the EU General Data Protection Regulation (GDPR) and the UK GDPR.

Who we are

Zalumo is operated by XP Onderneming, registered in the Netherlands (KvK 95426477), Ten Katestraat 35, 6531 EE Nijmegen, Netherlands. For data-protection purposes, XP Onderneming is the controller of your personal information.

If you have any questions about your data or this policy, contact us at info@zalumo.com.

What we collect

  • Contact details — name, email address, shipping address, billing address, and phone number (when provided).
  • Order information — items purchased, payment method, transaction history, and any communications about your order.
  • Account information — username, password (stored encrypted), and saved preferences if you create an account.
  • Device and usage data — IP address, browser type, device identifiers, pages viewed, and how you interact with our site. Collected via cookies and similar technologies.
  • Marketing preferences — whether you've opted in to email or SMS marketing.

How we use your information

  • To fulfil your order — process payments, ship items, send confirmation and tracking emails, and handle returns or refunds.
  • To run our site — keep zalumo.com secure, prevent fraud, and improve performance.
  • To communicate with you — answer questions, respond to support requests, and send service notifications related to your account or orders.
  • For marketing — only if you've given consent. You can opt out any time using the unsubscribe link in our emails.
  • To meet legal obligations — such as tax records, accounting, and responding to lawful requests.

Legal bases for processing

  • Contract — to fulfil orders and provide customer support.
  • Legitimate interest — to secure our site, prevent fraud, and improve our service.
  • Consent — for marketing communications and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation — to keep tax and accounting records, comply with consumer-protection law, and respond to legal requests.

Who we share your information with

We only share what's necessary to run the store. Recipients include:

  • Shopify — our e-commerce platform, which hosts your account and processes orders. See Shopify's privacy policy.
  • Payment providers — to process card payments securely (Shopify Payments, Apple Pay, Google Pay, etc.).
  • Shipping carriers — to deliver your order. They receive your name, address, and contact details.
  • Email and SMS providers — to send order confirmations and (with consent) marketing.
  • Analytics and advertising partners — only with your consent. These help us understand how the site is used and reach new customers.
  • Authorities — when required by law (e.g. tax authorities, courts, regulators).

We never sell your personal information.

International transfers

Some of our service providers (including Shopify) may process your data outside the EEA or the UK. When that happens, we rely on safeguards such as the European Commission's Standard Contractual Clauses or equivalent UK transfer mechanisms, so your information stays protected.

How long we keep your data

We keep your personal information only as long as needed:

  • Order and tax records — at least 7 years, as required by Dutch tax law.
  • Account information — as long as your account is active. You can ask us to delete it at any time.
  • Marketing data — until you unsubscribe or withdraw consent.
  • Analytics data — typically 14 to 26 months, depending on the provider.

Your rights

Under the GDPR and UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Ask us to correct inaccurate data.
  • Ask us to delete your data ("right to be forgotten").
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Withdraw consent for marketing or non-essential cookies at any time.
  • Lodge a complaint with a supervisory authority — in the Netherlands this is the Autoriteit Persoonsgegevens; in Ireland the DPC; in the UK the ICO.

To exercise any of these rights, email info@zalumo.com. We'll respond within 30 days.

Cookies

We use cookies and similar technologies to keep the site working, remember your cart, understand how visitors use the site, and (with consent) show relevant advertising. Essential cookies don't require consent. You can manage non-essential cookies via the cookie banner at the bottom of the page or your browser settings.

Children's data

Zalumo is intended for adults. We don't knowingly collect personal information from anyone under the age of 16. If you believe a child has given us their data, please contact us and we'll delete it.

Security

We take reasonable technical and organisational measures to protect your information — encrypted connections (HTTPS), secure payment processing, access controls, and trusted infrastructure providers. No system is perfectly secure, but we work hard to keep your data safe.

Changes to this policy

We may update this Privacy Policy occasionally — for example, when laws change or we add new features. The "Last updated" date at the top will reflect the latest version. Material changes will be communicated via the site.

Contact

Questions, requests, or concerns about your data? Email us at info@zalumo.com.