Privacy policy

PRIVACY POLICY Effective Date: May 4, 2026

At ZILK, we respect your privacy and are committed to protecting your personal data. This policy explains how we handle your information in compliance with the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (UAVG).

1. Data Controller

The entity responsible for your data is:

ZILK Soetendaal 14 1081BP Amsterdam, Netherlands KvK: 91992443 VAT: NL004929668B85 Contact: support@zilksleep.com

For privacy-related inquiries, please email support@zilksleep.com.

2. Information We Collect

  • Identity and Contact Data: name, shipping address, billing address, email, phone number
  • Account Data: username, password, preferences, order history
  • Financial Data: payment details processed securely through our payment gateways. We do not store full credit card numbers on our servers
  • Technical Data: IP address, browser type, device identifiers, and usage patterns collected through cookies and similar technologies
  • Marketing Data: your communication preferences and consent records
  • Communications Data: information you share when contacting customer support

3. How and Why We Use Your Data

We only process data when we have a legal basis under Article 6 GDPR:

  • To Fulfill Orders (contract performance, Art. 6(1)(b)): processing transactions, shipping products, managing returns, and providing customer support
  • To Improve Our Site (legitimate interest, Art. 6(1)(f)): analyzing site performance, preventing fraud, and securing our services. You may object to this processing at any time
  • Marketing (consent, Art. 6(1)(a)): sending newsletters and promotional communications only when you have explicitly opted in. You may withdraw your consent at any time, and withdrawal does not affect the lawfulness of processing carried out before withdrawal
  • Legal Compliance (legal obligation, Art. 6(1)(c)): meeting tax, accounting, and other regulatory requirements

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Third-Party Sharing

We share data with essential partners who process it on our behalf under data processing agreements:

  • E-commerce Platform: Shopify
  • Fulfillment: Tijdvrij Fulfilment
  • Shipping: PostNL and other local couriers
  • Payment Processors: Stripe, PayPal
  • Email and Marketing: Klaviyo
  • Analytics: Google Analytics

We may also disclose data when required by law, in response to valid legal requests, or in connection with a business transfer.

5. International Transfers

Your data may be processed in both the European Economic Area and the United States. Where data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses or other recognized safeguards under Chapter V of the GDPR. A copy of the relevant safeguards is available on request.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Order and transaction records: seven years, in line with Dutch tax and accounting requirements
  • Account data: for the duration of your active account, plus three years of inactivity
  • Marketing data: until you withdraw consent or unsubscribe
  • Customer support communications: up to three years after resolution
  • Technical and analytics data: up to 26 months

7. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Restrict or object to processing
  • Receive your data in a portable format
  • Withdraw consent at any time, where processing is based on consent
  • Lodge a complaint with a supervisory authority. In the Netherlands, the relevant authority is the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl)

To exercise any of these rights, email support@zilksleep.com. We will respond within one month, as required by Article 12 GDPR. We may need to verify your identity before processing your request.

8. Cookies

We use cookies and similar technologies to operate our site, analyze performance, and support marketing. Cookies fall into the following categories:

  • Strictly necessary: required for site functionality and checkout. These do not require consent
  • Analytics: help us understand how visitors use the site. Set only with your consent
  • Marketing: used to deliver relevant advertising. Set only with your consent

You can manage your preferences through our cookie consent banner or your browser settings. For full details, please see our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours and inform affected users without undue delay, in accordance with Articles 33 and 34 GDPR.

10. Children's Data

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The updated version will be posted with a revised effective date. Material changes will be communicated through our site or by email where appropriate.

12. Contact

For any questions, concerns, or to exercise your rights, please contact:

support@zilksleep.com ZILK, Soetendaal 14, 1081BP Amsterdam, Netherlands