Privacy Policy
Datenschutzerklärung gemäß DSGVO
Data Controller
The controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
What Data We Collect
Depending on how you interact with our site, we may process the following categories of personal data:
| Category | Examples | Source |
|---|---|---|
| Contact data | Name, email address, phone number | Provided by you |
| Billing & shipping data | Address, country, postcode | Provided by you at checkout |
| Order data | Products purchased, order value, order status | Generated on purchase |
| Payment data | Card type, last 4 digits (tokenised) | Processed by Stripe / PayPal |
| Account data | Username, password (hashed) | Provided by you (optional) |
| Usage data | IP address, browser type, pages visited, referrer | Automatically via server logs |
| Device data | Device type, OS, screen resolution | Automatically via browser |
| Communication data | Support emails, contact form messages | Provided by you |
Why We Process Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Processing and fulfilling orders | Art. 6(1)(b) – Contract performance |
| Sending order confirmations & eSIM delivery | Art. 6(1)(b) – Contract performance |
| Processing payments | Art. 6(1)(b) – Contract performance |
| Customer support & communication | Art. 6(1)(b) – Contract / Art. 6(1)(f) – Legitimate interest |
| Legal obligations (tax, retention) | Art. 6(1)(c) – Legal obligation |
| Fraud prevention & security | Art. 6(1)(f) – Legitimate interest |
| Website analytics (if applicable) | Art. 6(1)(a) – Consent |
| Marketing emails (if opted in) | Art. 6(1)(a) – Consent |
Hosting – Hostinger
This website is hosted by Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus. When you visit our website, your browser automatically transmits technical data to our server, including your IP address, browser type, operating system, referrer URL, and the date and time of the request.
This data is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest in operating a technically secure website) and is automatically deleted after 30 days unless required for security investigations.
Hostinger acts as a data processor under Art. 28 GDPR. A Data Processing Agreement (DPA) is in place. For details, see Hostinger's Privacy Policy.
Online Shop – WooCommerce
Our online shop is built with WooCommerce, a plugin for WordPress by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. WooCommerce processes personal data to manage orders, cart sessions, and customer accounts.
WooCommerce sets technically necessary cookies to maintain cart state and session. These do not require consent as they are strictly required for the service.
Data processing is based on Art. 6(1)(b) GDPR (contract performance). Automattic is EU–US Data Privacy Framework certified. See Automattic's Privacy Policy.
Payment Processing
Stripe
For card payments (Credit/Debit Card, Apple Pay, Google Pay) we use Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. When you pay by card, Stripe processes your payment data directly and securely. We only receive a tokenised reference and the last four digits of your card — we never store full card numbers.
Legal basis: Art. 6(1)(b) GDPR. See Stripe's Privacy Policy.
PayPal
For PayPal Express payments we use PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you select PayPal at checkout, you will be redirected to PayPal's platform where their own privacy policy applies.
Legal basis: Art. 6(1)(b) GDPR. See PayPal's Privacy Policy.
Google Services
Google Fonts
This website loads fonts from Google Fonts (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland). When fonts are loaded, your IP address is transmitted to Google. We use server-side font loading where possible to minimise this. Legal basis: Art. 6(1)(f) GDPR.
Google Places API
Our checkout uses the Google Places API (Google Ireland Ltd.) for address autocomplete on billing and shipping fields. When you begin typing an address, your partial input is sent to Google's servers to return suggestions. No address data is stored by us beyond what you submit in the order form. Legal basis: Art. 6(1)(b) GDPR.
Cookies & Local Storage
We use the following types of cookies and browser storage:
| Cookie / Storage | Purpose | Type | Retention |
|---|---|---|---|
| woocommerce_cart_hash | Stores cart contents hash | Necessary | Session |
| woocommerce_items_in_cart | Indicates items in cart | Necessary | Session |
| wp_woocommerce_session_* | Customer session data | Necessary | 2 days |
| wordpress_logged_in_* | Authentication (logged-in users) | Necessary | Session |
| sessionStorage (esim_*) | Client-side product data cache | Necessary | Session |
| _stripe_* | Stripe fraud prevention | Necessary | Up to 1 year |
Your Rights Under GDPR
Under Arts. 15–22 GDPR you have the following rights regarding your personal data:
To exercise any of these rights, contact us at privacy@zyroam.com. We will respond within 30 days as required by Art. 12 GDPR.
How Long We Keep Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Order & billing records | 10 years | § 147 AO (German Tax Code) |
| Customer account data | Until deletion request | Art. 17 GDPR |
| Server / access logs | 30 days | Security, Art. 6(1)(f) |
| Support correspondence | 3 years after last contact | Limitation period § 195 BGB |
| Payment data (tokenised) | Per Stripe / PayPal retention | Contract & legal obligation |
Changes to This Policy
We may update this Privacy Policy as our services evolve or legal requirements change. The date at the top of this page reflects the most recent revision. We recommend reviewing this page periodically. For material changes that affect your rights, we will notify you by email if you have an account with us.