ZAYN
ZAYN

Privacy Policy

Last updated: 21 December 2025

1. Introduction

Welcome to Zayn Gear ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our e-commerce services.

This policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We act as the data controller for the personal data we process.

2. Data Controller

Zayn Gear
Email: zayngears@gmail.com
For any data protection queries, please contact us using the details above.

3. Information We Collect

We collect different types of information depending on how you interact with our services:

3.1 Information You Provide Directly

  • Account Information: Name, email address, password (encrypted), phone number, and profile picture
  • Order Information: Shipping address, billing address, payment details, and order history
  • Communication Data: Messages, feedback, reviews, and customer support inquiries
  • Preferences: Wishlist items, product preferences, and marketing communication preferences

3.2 Information from Third-Party Authentication Providers

When you choose to sign in using third-party services, we receive the following information:

Google Sign-In

  • Google Account ID (unique identifier)
  • Email address
  • Display name
  • Profile picture URL

Facebook Sign-In

  • Facebook User ID (unique identifier)
  • Email address
  • Display name
  • Profile picture URL

3.3 Automatically Collected Information

  • Device Information: IP address, browser type and version, operating system, device type
  • Usage Data: Pages visited, time spent on pages, click patterns, referral sources
  • Location Data: Approximate location based on IP address
  • Cookie Data: Session cookies, authentication tokens, and preference cookies

4. Analytics and Tracking

We use analytics services to understand how visitors interact with our website and to improve our services:

Google Analytics

We use Google Analytics to collect anonymous usage statistics. This includes page views, session duration, bounce rates, traffic sources, and user demographics. Google Analytics uses cookies to track user behaviour. You can opt-out by installing the Google Analytics Opt-out Browser Add-on.

Customer Behaviour Analytics

We track customer behaviour to provide personalized recommendations, including:

  • Product viewing patterns and purchase history
  • Shopping cart activity and abandoned cart analysis
  • Wishlist additions and product interest signals
  • Search queries and filter preferences
  • Seasonal trend detection for relevant promotions

5. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

PurposeLegal Basis
Processing orders and paymentsContractual necessity
Account creation and managementContractual necessity
Customer supportContractual necessity / Legitimate interest
Analytics and service improvementLegitimate interest
Personalized recommendationsLegitimate interest
Marketing communicationsConsent
Fraud preventionLegitimate interest / Legal obligation
Legal complianceLegal obligation

6. Order and Transaction Data

When you place an order with us, we collect and process the following information:

6.1 Order Processing

  • Product details and quantities ordered
  • Shipping address and contact information
  • Payment method (Cash on Delivery or future payment options)
  • Order status and tracking information
  • Delivery confirmation and timestamps

6.2 Order History Retention

We retain order history for legitimate business purposes including warranty claims, returns processing, and legal compliance. Order records are kept for a minimum of 6 years in accordance with UK tax regulations.

6.3 Delivery Partners

We share necessary order and delivery information with our logistics partners to fulfil your orders. This includes your name, delivery address, phone number, and order details.

7. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

  • Service Providers: Hosting services (Vercel), database services (Supabase), analytics providers (Google Analytics)
  • Authentication Providers: Google and Facebook for social sign-in functionality
  • Delivery Partners: Courier and logistics companies for order fulfilment
  • Payment Processors: Future payment gateway providers (bKash, Nagad, card processors)
  • Legal Authorities: When required by law or to protect our legal rights

We ensure all third parties are bound by appropriate data processing agreements and provide adequate security measures for your data.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside the UK, including the United States (where our service providers such as Vercel and Supabase are located). Where such transfers occur, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO
  • Adequacy decisions where applicable (countries deemed to provide adequate protection)
  • Binding Corporate Rules for transfers within corporate groups

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

Data TypeRetention Period
Account informationUntil account deletion + 30 days
Order and transaction records6 years (legal requirement)
Analytics data26 months (Google Analytics default)
Customer support communications3 years
Marketing consent recordsUntil consent withdrawn + 6 years

10. Your Rights Under UK GDPR

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Request limitation on how we process your data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at zayngears@gmail.com. We will respond to your request within one month.

11. Data Deletion for Social Login Users

If you signed up or logged in using a social authentication provider (Google or Facebook), you can request deletion of your data at any time.

How to Delete Your Data

Option 1: Email Request

Send an email to zayngears@gmail.com with the subject "Data Deletion Request". Include the email address associated with your account. We will process your request within 30 days.

Option 2: Account Settings (Coming Soon)

You will be able to delete your account directly from your account settings page. This feature is currently under development.

What Gets Deleted

  • Your account profile information (name, email, profile picture)
  • Shopping cart and wishlist items
  • Product reviews and ratings
  • Browsing preferences and personalization data

What We Retain

As required by law, we retain order and transaction records for 6 years for tax and legal compliance purposes. This data is anonymized where possible.

Removing Facebook Connection

To revoke Zayn Gear's access to your Facebook data, visit your Facebook App Settings and remove Zayn Gear from your connected apps. Then contact us to delete your account data from our systems.

12. Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience:

Essential Cookies

Required for website functionality including authentication, shopping cart, and security. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website (Google Analytics). You can opt-out of these.

Preference Cookies

Remember your preferences such as language, theme (dark/light mode), and display settings.

Third-Party Cookies

Set by third-party services such as Google and Facebook for authentication and analytics purposes.

13. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication mechanisms including OAuth 2.0
  • Regular security assessments and updates
  • Access controls and employee training
  • Secure hosting with Vercel and Supabase

14. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a new "Last updated" date. We encourage you to review this policy periodically.

16. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Zayn Gear
Email: zayngears@gmail.com

Back to Home