Data Protection Notice for Consumers
1 Objective and Scope
As a global operating group, Zippo Manufacturing Company, registered at 33 Barbour Street, Bradford, Pennsylvania 16701, United States and its group of affiliates and related companies (collectively, the “Zippo Group”), recognizes that it has a responsibility to provide adequate protection for your Personal Data. Zippo GmbH, Business Center, Groendahlscher Weg 87, 46446 Emmerich am Rhein, Germany, registration number 3065 („Gesellschaft“) and Zippo Group take this responsibility seriously and have taken appropriate steps to safeguard the Personal Data that the Company obtains about its consumers in the context of the products and services the Company offers to them and through its websites and other occasions.
This Notice contains information about the types and sources of Personal Data, the purposes and legal bases of the Processing, the Retention of the Personal Data and their Disclosure to Third Parties, International Data Transfers, Your Data Protection Rights and Contact Details.In particular circumstances indicated below, the Company is not solely but jointly responsible with other Zippo Group companies for the lawfulness of the Processing of your Personal Data.
For the definition of certain terms used in this Notice, please refer to Appendix 1. This Notice may be complemented by additional notices and policies, which provide more detailed information about particular Processing activities.
2 Personal Data Processed About You
The categories of Personal Data that the Company Processes about you, for the purposes described in Section 3, are:
2.1 Personal Data Collected Directly from You
The Company generally collects Personal Data directly from you (electronically, in writing, or verbal). The Company collects the below data by the way of website general inquiry forms and consumer phone calls. You also provide new, or updated or corrected Personal Data to the Company from time-to-time.
This information includes:
Personal Details, such as name, contact details including address, telephone number, e-mail address, gender;
Consumer Survey/Preferences, such as product preferences; purchase history; consumer engagement which you may participate in, where responses you may submit are generally aggregated but you may choose to provide comments and feedback associated with your contact information;
Participation in prize draws, competitions and sweepstakes, organized by the Company;
Transaction Data, such as when you purchase a product or service from us;
Warranty or other claims as well as product repair records;
General website and other enquiries and our responses
2.2 Personal Data the Company collects
The Company collects Personal Data from other Zippo Group companies. For example, the Company collects information regarding warranties, repairs or general enquiries that was provided to another Zippo Group company but is appropriate to be handled by the Company. In this circumstance, the two Zippo Group companies involved act as joint controllers. Additionally, as discussed in Section 6 and 7 below, the Company and other Zippo Group entities share Personal Data among themselves, for the purposes defined in the Section 3 below.
2.3 From Third Parties
Finally, the Company receives Personal Data from third parties who provide services to the Company, in particular warehouse & logistics provider, hosting services, web developer, search engine optimization services, social media services. The company receives the following categories of Personal Data in this respect:
- Personal Details, such as name, contact details including address, telephone number, e-mail address, gender, date of birth;
- Consumer Survey/Preferences, such as product preferences; purchase history; consumer engagement which you may participate in, where responses you may submit are generally aggregated but you may choose to provide comments and feedback associated with your contact information;
- Participation in prize draws, competitions and sweepstakes, organized by the Company;
- Transaction Data, such as when you purchase a product or service from us;
- General website and other enquiries and our responses.
3 Purposes and Legal Bases of the Processing of Personal Data
The Company Processes Personal Data for the following Purposes. Where applicable, we will point out, at the time of the data collection, if the provision of the Personal Data is a statutory or contractual requirement and whether you are obliged to provide the Personal Data and the possible consequences of failure to provide such data.
3.1 Direct Marketing This includes Processing Personal Data to: administer and engage you in competitions; sweepstakes; prize draws; send you newsletters or other direct marketing communications by e-mail.
Legal Bases: The Processing is justified based on statutory provisions that (1) Processing is based on the consumer’s consent; and (2) Processing is necessary for the Company or Zippo Group’s legitimate interests as stated above to send communications to consumers regarding the Company’s products or promotions.
3.2 Warranty, Product Repairs and Product Liability
This includes Processing Personal Data to: address any warranty and guarantee questions and claims, and track any quality and product issues and defend and protect our interests in case of a dispute or legal claim.
Legal Bases: The Processing is justified based on statutory provisions that (1) Processing is necessary for the performance of a contract to which you are a party; (2) the Company is required to comply with a legal or statutory obligation in the EU or a Member State, including product safety; or (3) Processing is necessary for the Company’s or Zippo Group’s legitimate interests to handle and address such claims, to defend our interests in case of a dispute or legal claim, to control and improve the quality of our products and to comply with consumer and customer expectations.
3.3 General Inquiries and Communication with You
This includes Processing Personal Data to: process and respond to consumer inquiries.
Legal Bases: The Processing is justified based on statutory provisions that (1) Processing is necessary for the performance of a contract to which you are a party; (2) Processing is necessary for the Company or Zippo Group’s legitimate interests as stated above.
3.4 Network and Information Security; Technical Support
This includes Processing Personal Data to: ensure network and information security and to provide technical support within the Zippo Group.
Legal Bases: The Processing is justified based on statutory provisions that (1) the Company is required to comply with a legal or statutory obligation in the EU or a Member State; and (2) Processing is necessary for the Company or Zippo Group’s legitimate interests to monitor access to the Company’s computer network for the purpose of preventing cyber-attacks.
3.5 Fraud Prevention
This includes Processing Personal Data to: prevent fraud, including with respect to ensuring that the identity of consumers who place inquires or requests can be verified.
Legal Bases: The Processing is justified based on statutory provisions that (1) the Company is required to comply with a legal or statutory obligation in the EU or a Member State; and (2) Processing is necessary for the Company or Zippo Group’s legitimate interests to prevent fraud.
3.6 Personal Data Retention
The Company retains Personal Data collected as reasonably necessary to fulfill the purposes for which Personal Data is collected and to comply with legal obligations.
It is our general policy to retain certain Personal Data of consumers for the length of the warranty period, or until the termination of any legal dispute, but in no event for longer than strictly necessary.
4 Disclosure of Personal Data
Personal Data are shared within the Zippo Group (i.e. intra-group) or with third parties. In some cases, the below companies collect Personal Data directly from you on the Company’s behalf.
The Company shares Personal Data about you within the Zippo Group depending on the purpose of Processing, for all the Purposes described in Section 3 of this Notice. The Zippo Group affiliates are: Zippo Manufacturing Company, 33 Barbour Street, Bradford, Pennsylvania 16701, United States; Zippo GmbH, Business Center, Groendahlscher Weg 87, 46446 Emmerich am Rhein, Germany; Zippo SAS, 15 place de la Nation, 75011 Paris, France; and Zippo UK Limited, 1.05 Barley Mow Centre, 10 Barley Mow Passage, London W4 4PH, England.
4.2 Third Parties
We also share Personal Data with service providers, in particular warehouse & logistics provider, hosting services, web developer, search engine optimization services, social media services to fulfill the Purposes on the Company’s behalf. The service providers are bound by law and/or contract to protect the confidentiality and security of Personal Data, and to only use Personal Data to provide requested services to the Company in accordance with applicable law.
The Company also shares data with other companies, vendors and business partners to perform functions for it, whereby these companies are themselves responsible to determine the purposes and/or means of the Processing and for the lawfulness of the Processing.
The Company discloses Personal Data to buyers, their lawyers or professional advisors, courts, tribunals, opposing or other related parties to the proceedings and their professional advisors, where needed to affect the sale or transfer of business assets, to enforce our rights, protect our property, or protect the rights, property or safety of others. The Company will also disclose Personal Data when required to do so by law, such as in response to a subpoena, including to law enforcement agencies, tribunals and courts in countries where Zippo Group operates.
5 International Transfers of Personal Data
Due to the global nature of our operations, some of the recipients mentioned in Section 5 are located in countries outside the European Economic Area (EEA), which do not provide an adequate level of data protection. International transfers will be to countries where Zippo Group companies have offices, including the United States of America. The transfer of your Personal Data outside the EEA takes place on the basis of our Data Transfer Agreement(s), which is based on standard data protection clauses adopted by the European Commission and in accordance with applicable law.
5.2 Third Parties
Some of the third parties with whom we share Personal Data are also be located outside the EEA. Certain third countries have been officially recognized by the European Commission as providing an adequate level of protection. You can find the list of these countries at the following address: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. Transfers to third parties located in other third countries outside the EEA take place using an acceptable data transfer mechanism, such as the Privacy Shield for transfers to self-certified US organizations, the EU Standard Contractual Clauses, Binding Corporate Rules, approved Codes of Conduct and Certifications or in exceptional circumstances on the basis of permissible statutory derogations.
Please contact Zippo GmbH, Business Center, Groendahlscher Weg 87, 46446 Emmerich am Rhein, Germany. Tel +49 (0) 28 22 – 7 134 100. Email firstname.lastname@example.org if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.
6 Your Data Protection Rights
Under the conditions set by applicable data protection laws, you may exercise the following rights regarding your Personal Data in respect of and against each controller (see also Section 8 on who to contact to exercise those rights):
You have the right to obtain from us confirmation if Personal Data is being processed and other information about our Processing as well as a copy of your Personal Data.
You have the right the request the rectification of inaccurate Personal Data and to have incomplete data completed.
You have the right to object to the Processing of your Personal Data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that Processing. In addition, you have the right to object at any time where your Personal Data are processed for direct marketing purposes.
You may receive your Personal Data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit them to other data controllers without hindrance. This right only exists if the Processing is based on your consent or a contract and the Processing is carried out by automated means.
You may request to restrict Processing of your Personal Data if (i) you contest the accuracy of them – for a period we need to verify your request; (ii) the Processing is unlawful and you oppose the erasure of them and request restriction instead; (iii) we no longer need them, but you tell us you need them to establish, exercise or defend a legal claim; or (iv) you object to Processing based on public or legitimate interest – for a period we need to verify your request.
You may request to erase your Personal Data if they are no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal ground for the Processing exists, you objected and no overriding legitimate grounds for the Processing exist, pro Processing Is unlawful, or erasure is required to comply with a legal obligation.
6.7 Right to lodge a complaint
You also have the right to lodge a complaint with a supervisory authority, in particular in EU Member State of your residence, place of employment, or the location where the issue that is the subject of the complaint occurred.
6.8 Right to refuse or withdraw consent
Please note that in case we ask for your consent to Processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any Processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.
7 Contact Details
The Company’s contact details:
Address: Zippo GmbH, Business Center, Groendahlscher Weg 87, 46446 Emmerich am Rhein, Germany
E-mail address: email@example.com
Phone: +49 (0) 28 22 – 7 134 100
If you wish to exercise any of the afore-mentioned rights (see Section 8) or if you have any questions regarding this Notice or the roles and responsibility of any of the Zippo Group companies where they act as joint controllers including their contractual arrangement in this respect, please direct your request to:
Name: Zippo GmbH To the attention of Christian Wolfgram – Data Subject Request Address:
Business Center, Groendahlscher Weg 87, 46446 Emmerich am Rhein, Germany, E-mail address: firstname.lastname@example.org with email header Data Subject Request
8 Updates to this Notice
The Company may update this Notice from time to time by posting a new version on the Company’s website, at the URL on which this Notice is posted.
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Data Protection Laws
means the GDPR and respective national laws.
includes full-time consumers, part-time consumers, temporary consumers, reinstated consumers, rehired consumers and retired and former consumers.
means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).
means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
means any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means (e.g., computers), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction