Privacy Policy

Last updated: 1st January 2026

1. Introduction

zephyrlattice AG ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website or use our Buy Now Pay Later services.

This policy applies to all personal data we collect through our website, services, and business operations. By using our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller Information

The data controller for your personal information is:

3. Data Collection

The data we collect includes personal information that you provide directly to us and information that we collect automatically when you use our services. We collect the following types of personal data:

  • Contact Information: Name, email address, phone number, postal address
  • Business Information: Company name, business registration details, industry type
  • Technical Information: IP address, browser type, device information, usage data
  • Communication Data: Records of your communications with us, including emails and support tickets
  • Payment Information: Financial data necessary for processing BNPL transactions

4. How We Use Your Information

We use your personal data for the following purposes and under the following legal bases:

How we use your information depends on the services you use and your relationship with zephyrlattice. We process your personal data to:

  • Provide and maintain our BNPL services
  • Process transactions and manage payment plans
  • Communicate with you about our services
  • Provide customer support and technical assistance
  • Comply with legal obligations and regulatory requirements
  • Improve our services and develop new features
  • Protect against fraud and ensure security

5. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please refer to our Cookie Policy.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our business
  • Legal Requirements: When required by law, regulation, or legal process
  • Business Transfers: In connection with mergers, acquisitions, or asset sales
  • Consent: With your explicit consent for specific purposes

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Customer data: For the duration of our business relationship plus 7 years for legal compliance
  • Marketing data: Until you withdraw consent or for 3 years of inactivity
  • Technical data: For 2 years for security and analytical purposes
  • Communication records: For 5 years for customer service and legal purposes

8. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to certain types of processing, including direct marketing
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training.

11. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly.

12. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) if you believe we have not handled your personal data appropriately.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date above. We encourage you to review this policy periodically.

14. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide our BNPL services and fulfil our contractual obligations
  • Legitimate Interests: For business operations, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: For marketing communications and optional services where consent is required