Zorch takes the privacy and security of your personal information very seriously. We are committed to the responsible use of any information you provide us. We highly value all of our customers and want to provide you with a secure online experience.
Zorch complies with U.S. Safe Harbor privacy principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce’s Safe Harbor program.
If you have any questions about this Policy, please feel free to contact us through our website or write to us at:
500 W. Madison Street, Suite 1550
Chicago, IL 60661
This Privacy Statement describes how we collect and use your information, and gives you options as to how we use it. We suggest that you review this Privacy Statement periodically as we may update it from time to time. This policy was last updated on October 21, 2019.
What kind of data is collected?
When you voluntarily make a purchase through a Zorch eStore or website, we collect information that you provide such as your name, email address, postal address, phone number, account password, and other information necessary to process your order. You may decline to submit personal information to any of our services, in which case Zorch may not be able to offer those services to you. Credit card and other payment account information may be collected and are maintained securely in an encrypted form by Chase Paymentech, a third-party processor.
When you visit our website, we collect your Internet service provider’s address, the webpage from which you came, and a record of your activity on our site. We also collect the information you provide to us when you register, activate an account, fill out a survey or questionnaire, or contact us. You may either opt in or opt out of certain services offered on the website. This may limit your use of certain services.
If you are shopping with Zorch and are having difficulty adding product to your shopping bag or completing your order, please check your privacy settings in your browser. If you do not wish to change your privacy settings to “Medium” and you are currently using the “Medium High” or “High” settings, you may choose to override your current cookie handling practices for individual sites that you specify, including zorchit.com and zorch.com.
How is your data used?
The information we receive allows us to personalize our product offerings and your experience. It also enables us to process your purchases, confirm orders, customize the content and layout of our pages, notify you about updates to our websites and products, and provide you with information.
The information you supply to us is added to our client database. You may receive periodic contact from us about new products and services, discounts, surveys, promotions, or upcoming events.
We use third party companies (Zorch Supplier Partners) to help us provide our products and services (such as producing, decorating, and fulfilling orders or hosting our secure servers for our software systems), to assist us in managing customer information, to fulfill promotions, and to communicate with you. Some of these companies are given access to some or all of the information you provide to us. These companies are contractually restricted from using your information in any manner other than in helping us to provide you with the products and services available from Zorch. We do not sell your information to any third parties, and do not have any third-party links or advertisements featured on our sites.
We may share information with governmental agencies or other companies assisting us in fraud prevention or investigation. We may do so when: (1) permitted or required by law, or (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions, or (3) investigating fraud which has already taken place. The information is not provided to these entities or companies for marketing purposes.
Here are some examples of security measures we use to protect your personal information:
- Usernames and passwords are required to make a purchase on all of our eStores.
- We use encryption technology, Secure Sockets Layer (SSL), to protect personal information in certain areas of our websites during transport across the Internet. The presence of SSL encryption may be indicated by https in the browser URL or the image of a closed lock or solid key in the browser window. These indications may not be present in mobile services that use SSL.
- Any credit card information provided is secured via tokenization process (which obscures the actual credit card data, making unauthorized use impossible).
Additional protections to guard customer data include IP controls to access systems, physical security, and security needed to maintain PCI compliance.
In order to most efficiently serve you, credit card transactions and order fulfillment are handled by established third party banking, processing agents, and distribution institutions. They receive the information needed to verify and authorize your credit card or other payment information and to process and ship your order.
Your information is kept on password protected, limited access servers. Wherever possible and applicable, Zorch servers reside behind a corporate firewall that maintains controls on access to the system from both our internal network and the Internet.
Additionally, as we do not market our services or websites to children, we do not collect personal information from children under the age of 13.
Zorch Compliance with GDPR - FAQ
Zorch also complies with the European Union’s GDPR (General Data Protection Regulation), which is the most significant legislative change in European data protection laws since the EU Data Protection Directive (Directive 95/46/EC), introduced in 1995. The GDPR seeks to strengthen the security and protection of personal data in the EU and serve as a single piece of legislation for the entire EU.
Zorch supports the GDPR, and has ensured all Zorch services comply with its provisions. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security, and compliance in the industry.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European privacy law that went into effect on May 25, 2018. The GDPR replaces the EU Data Protection Directive, also known as Directive 95/46/EC, and applies a single data protection law throughout the EU.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
Who does GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
What is our role under GDPR?
Zorch acts as a data controller for the EU customer information we collect to provide our products and services, and to offer timely customer support. This customer information includes things such as customer name and contact information.
What have we done to comply with GDPR?
We have conducted an extensive analysis of our operations to ensure we comply with the requirements of GDPR. We have reviewed our products and services, customer terms, privacy notices, and arrangements with third parties for compliance with GDPR. We believe that we are fully compliant with the applicable rules and procedures currently dictated by GDPR.
What personal data do we collect and store from our customers?
We store and collect data that customers have given us voluntarily. For example, in our role as data controller, we may collect and store contact information (such as name, email address, phone number, or physical address) when customers register on our sites or make a purchase. We, and our network of Zorch Supplier Partners, only use the data voluntarily provided by our customers to provide services such as fulfilling orders, customer service, etc. – we do not use customer data for external marketing purposes.
Users are able to make any applicable changes/edits to their information (i.e. password, addresses, etc.) using the “My Account” section on the eStore or by contacting Zorch using the information provided in the “Contact Us” area of this site.
Do we transfer data internationally?
The GDPR replicates the Data Protection Directive restrictions on transferring data outside the EU and prohibits the export of personal data outside of the EU to non-EU recipients unless the export meets certain criteria.
Our headquarters and servers all reside within the United States. No data is transferred outside of the United States.
How do we handle deletion requests from customers?
Customers may deactivate their account and request that all personal data we have collected and stored is deleted by either calling or emailing Zorch using the information provided in the “Contact Us” section of this site. However, information related to order history may be maintained in secured back-up files/archives for legal, accounting, and customer service purposes.
If a customer wishes to delete their account with Zorch, they will no longer receive communication from us unless there is an issue related to customer service for an existing order.
All Zorch employees and Zorch Supplier Partners have been versed in all required policies pertaining to information security and privacy laws, such as GDPR, and we have ensured our own internal procedures are also compliant with these regulations.
Zorch Compliance with California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a California state law (effective January 1, 2020) that enhances privacy rights and consumer protections for California residents.
If you are a resident of the state of California, you have the right to:
- Know what personal data Zorch collects about you
- Know whether your personal data is sold or disclosed (and to whom)
- Say no to the sale of personal data
- Access your personal data
- Request Zorch delete any of your personal information
- Receive equal service and price (i.e. not be discriminated against for exercising your privacy rights) from Zorch
Feel free to contact us for any reason, including a request to be added to or taken off a list, or if you have any questions or concerns.
500 W. Madison Street, Suite 1550
Chicago, IL 60661