Privacy policy

Last update: January 14, 2025

This Privacy Policy explains howZoe Sofia (the "Site", "we", "us" or "our") collects, uses and discloses your personal information when you visit, use our services or make a purchase from zoesofiashop.com (the "Site" ) or otherwise communicate with us about the Site (together, the "Services"). For the purposes of this Privacy Policy, "you," "your," and "yours" refer to you as a user of the Services, whether you are a customer, a website visitor, or another person whose information we have collected in accordance with this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to this Privacy Policy
We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal or regulatory reasons. We will post the revised Privacy Policy on the Site, update the "Last Updated" date, and take any other action required by applicable law.

How we collect and use your personal information
In order to provide the Services, we collect and have collected over the past 12 months personal information about you from a variety of sources, as set out below. The information we collect and use varies depending on how you interact with us.

In addition to the specific uses set forth below, we may use the information we collect about you to communicate with you, provide or improve the Services, comply with any applicable legal obligation, enforce applicable terms of service and protect or defend the Services, our rights and the rights of our users or others.

Personal information we collect
The types of personal information we obtain about you depend on how you interact with our Site and use our Services. When we use the term "personal information", we are referring to information that identifies you, relates to you, describes you or can be associated with you. The following sections describe the specific categories and types of personal information we collect.

Information we collect directly from you
Information you submit directly to us via our Services may include:

Contact information including your name, address, telephone number and e-mail address.
Order information including your name, billing address, shipping address, payment confirmation, e-mail and telephone number.
Account information including your username, password, security questions and other information used for account security purposes.
Customer service information including information you choose to include in your communications with us, for example when you send a message through the Services.
Some features of the Services may require you to provide certain information about yourself directly to us. You may choose not to provide this information, but this may prevent you from using or accessing these features.

Information we collect about your use of the Services
We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information relating to your interaction with the Services.

Information we obtain from third parties
Finally, we may obtain information about you from third parties, including suppliers and service providers who may collect information on our behalf, such as:

Companies that support our Site and Services, such as Shopify.
Our payment processors, who collect payment information (e.g., bank account information, credit or debit card information, billing address) to process your payment in order to fulfill your orders and provide you with the products or services you have requested, with a view to fulfilling the contract we have entered into with you. 
When you visit our Site, open or click on emails we send you, or interact with our Services or advertisements, we, or third parties we work with, may automatically collect certain information using online tracking technologies such as pixels, web beacons, software developer kits, third-party libraries and cookies.
Any information we obtain from third parties will be treated in accordance with this Privacy Policy. See also the section below, Website and Third-Party Links.

How we use your personal information
Provision of Products and Services. We use your personal information to provide you with the Services in order to perform our contract with you, including processing your payments, fulfilling your orders, sending you notifications related to your account, purchases, returns, exchanges or other transactions, creating, maintaining and managing your account, arranging shipping, facilitating any returns and exchanges, and other features and functionality related to your account. We may also enhance your shopping experience by allowing Shopify to match your account with other Shopify services you may choose to use. In this case, Shopify will treat your information as described in its Privacy Policy and Consumer Privacy Policy.
Marketing and Advertising. We may use your personal information for marketing and promotional purposes, for example to send marketing, advertising and promotional communications to you by e-mail, SMS or postal mail, and to show you advertisements for products or services. This may include using your personal information to better tailor the Services and advertising on our Site and other websites. If you reside in the EEA, the legal basis for these data processing activities lies in our legitimate interest in selling our products, in accordance with Art. 6 (1) (f) of the GDPR.
Security and fraud prevention. We use your personal information to detect, investigate or take action regarding possible fraudulent, illegal or malicious activities. If you choose to use the Services and create an account, you are responsible for maintaining the security of your account credentials. We strongly recommend that you do not share your username, password or other access information. If you believe your account has been compromised, please contact us immediately. If you reside in the EEA, the legal basis for these data processing activities lies in our legitimate interest in ensuring the security of our website for you and other customers, in accordance with Art. 6 (1) (f) of the GDPR.
Communicating with you and improving the Services. We use your personal information to provide you with customer service and improve our Services. This is in our legitimate interest in order to ensure our responsiveness, provide you with efficient services and maintain our business relationship with you in accordance with art. 6 (1) (f) of the RGPD.
Cookies
Like many websites, we use cookies on our Site. For specific information on the cookies we use in connection with the operation of our store with Shopify, go to https://www.shopify.com/legal/cookies. We use cookies to operate and improve our Site and Services (including to remember your actions and preferences), to perform analysis and better understand user interaction with the Services (in our legitimate interest to administer, improve and optimize the Services). We may also authorize third parties and service providers to use cookies on our Site in order to better tailor the services, products and advertising on our Site and other websites.

Most browsers automatically accept cookies by default, but you can choose to set your browser to delete or reject cookies through your browser controls. Please keep in mind that deleting or blocking cookies may adversely affect your user experience and cause certain Services, including certain general features and functionality, to malfunction or become unavailable. In addition, blocking cookies may not completely prevent the way we share information with third parties such as our advertising partners. 

Our website also recognizes the Global Privacy Control (GPC) signal, which allows you to refuse certain uses or disclosures of your information. If you inform us of your preference via the GPC signal, we will treat that signal as a valid request to opt-out of sharing or targeted advertising for the associated browser or device and, if we are able to associate the device sending the signal with a Shopify account, we will also apply that request to the account. To find out more about Global Privacy Control, you can go to https://globalprivacycontrol.org/. In addition to the Global Privacy Control signal, we do not recognize other "Do No Track" signals that may be sent from your web browser or device.

How we disclose personal information
In certain circumstances, we may disclose your personal information to third parties for contract performance, legitimate purposes and other reasons subject to this Privacy Policy. These may include:

Suppliers or other third parties who perform services on our behalf (e.g. IT management, payment processing, data analysis, customer service, cloud storage, order processing and shipping).
Business and marketing partners to provide you with services and advertising. Our business and marketing partners will use your information in accordance with their own privacy notices.
When you ask us to disclose or otherwise consent to us disclosing certain information to third parties, for example to ship products to you or via your use of social media widgets or ID integrations, with your consent.
With our affiliates or within our group of companies, in our legitimate interest of running a successful business.
In connection with a business transaction such as a merger or bankruptcy, to comply with applicable legal obligations (including responding to subpoenas, search warrants and similar requests), to enforce applicable terms of service and to protect or defend the Services, our rights and the rights of our users or third parties.
Over the past 12 months the following categories of personal information and sensitive personal information about users for the purposes described above, under the headings "How we collect and use your personal information" and "How we disclose personal information":

Category Categories of recipients
Identifiers such as basic contact details and certain order and account information
Categories of personal information listed in the California Customer Records Act, such as basic contact information and certain order and account information
Business information such as order information, purchase information and customer service information
Internet or similar network activity, such as usage data
Geolocation data such as locations determined by IP address or other technical measures
Suppliers and third parties who provide services on our behalf (such as Internet service providers, payment processors, order processing partners, customer service partners and data analysis providers)
Sales and marketing partners
Affiliates
We do not use or disclose sensitive personal information without your consent or for the purpose of inferring characteristics about you.

With your consent, we share personal information in order to carry out advertising and marketing activities, as follows.

We have "sold" and "shared" (as these terms are defined in applicable law) personal information during the previous 12 months for the purpose of carrying out advertising and marketing activities, as follows.

Categories of personal information Categories of recipients
Identifiers such as name, e-mail address and telephone number Sales and marketing partners
Business information such as records of products or services purchased Business and marketing partners
Usage data Sales and marketing partners
Third-party websites and links
Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites that are not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions of use. We do not guarantee and are not responsible for the privacy or security of these sites, including the accuracy, completeness or reliability of any information found on these sites. Information you provide on public or semi-public areas, including information you share on third-party social networking platforms, may also be visible to other users of the Services and/or users of such third-party platforms, without limiting our or any third party's use thereof. The fact that we include such links does not in itself imply an endorsement of the content of said platforms or their owners or operators, except in the situations set out in the Services.

Children's data
The Services are not intended for use by children, and we do not knowingly collect any personal information from children. If you are the parent or guardian of a child who has provided us with personal information, you may contact us using the contact details below to request its deletion.

As of the effective date of this Privacy Policy, we are not aware that we "share" or "sell" (as those terms are defined in applicable law) any personal information of persons under the age of 16.

Security and storage of your information
Please be aware that no security measure is perfect or inviolable, and that we cannot guarantee "absolute security". Furthermore, any information you send to us may not be secure in transit. We recommend that you do not use unsecured channels to send us sensitive or confidential information.

How long we keep your personal information depends on various factors, such as whether or not we need the information to maintain your account, provide the Services, comply with legal obligations, resolve disputes or enforce other applicable contracts and policies.

Your rights
Depending on where you live, you may have some or all of the rights listed below in relation to your personal information. However, these rights are not absolute and may only apply in certain circumstances, and we may in some cases refuse your request as permitted by law.

Right of access/knowledge: You may have the right to request access to the personal information we hold about you, including details of how we use and share your information.
Right of deletion: You may have the right to request that we delete the personal information we hold about you.
Right of correction: You may have the right to request that we correct the personal information we hold about you.
Right of portability: You may have the right to receive a copy of the personal information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
Right to refuse sale, sharing or targeted advertising: You may have the right to ask us not to "sell" or "share" your personal information or to refuse the processing of your personal information for purposes considered "targeted advertising", as defined in privacy laws. Please note that, if you visit our Site while the Global Privacy Control opt-out preference signal is enabled, depending on your location, we will automatically treat this as a request to opt-out of "selling" or "sharing" information for the device and browser you use to visit the Site.
Restriction of processing: You may have the right to ask us to stop or restrict our processing of personal information.
Withdrawal of consent: Where we rely on your consent to process your personal information, you may have the right to withdraw such consent.
Appeal: You may have the right to appeal our decision if we refuse to process your request. You can do this by responding directly to our refusal. 
Managing communication preferences: We may send you promotional e-mails which you can opt-out of receiving at any time by using the unsubscribe option displayed in our e-mails. If you unsubscribe, we may continue to send you non-promotional e-mails, such as those relating to your account or orders you have placed.
You may exercise any of these rights where indicated on our Site or by contacting us using the contact details below.

We will not discriminate against you if you exercise any of these rights. We may need to collect information from you to verify your identity, such as your e-mail address or account information, before giving a substantive response to the request. In accordance with applicable law, you may appoint an authorized representative to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof that you have authorized the agent to act on your behalf, and we may require you to verify your identity directly with us. We will respond to your request as soon as possible, as required by applicable law.

Claims
If you have any complaints about the way we handle your personal information, please contact us using the details provided below. If you are not satisfied with our response to your complaint, depending on where you live, you may have the right to appeal our decision by contacting us using the contact details provided below, or to lodge your complaint with your local data protection authority. For the EEA, you will find a list of the supervisory authorities responsible for data protection here.

International users
Please note that we may transfer, store and process your personal information outside the country in which you live. Your personal information is also processed by employees and by third-party service providers and partners in these countries.

If we transfer your personal information outside Europe, we will use recognized transfer mechanisms such as the European Commission's standard contractual clauses or any equivalent contract issued by the UK competent authority, as appropriate, unless the data transfer is to a country deemed to provide an adequate level of protection.

Contact
If you have any questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of your rights, please call or e-mail us at info@zoesofiashop.com or contact us at 310 North Gould Street, STE R, Sheridan, WY, 82801, US.

For the purposes of applicable data protection laws and unless explicitly stated otherwise, we are the controller of your personal information.