GDPR Information

Last Updated: January 2025

This page provides information about your rights under the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA). We are committed to protecting your privacy and ensuring transparency about how we handle your personal data.

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on 25 May 2018. It gives individuals in the European Economic Area greater control over their personal data and how organizations use it.

At ZenitCraft, we respect your privacy rights and comply with GDPR requirements.

2. Data Controller Information

For the purposes of GDPR, the data controller is:

• Company Name: ZenitCraft (operated by Piggy Panda Inc)
• Website: zenitcraft.com
• Address: 52 Kensington Blvd, Smythes Creek VIC 3351, Australia
• Email: support@zenitcraft.com

We are responsible for deciding how and why your personal data is processed.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

3.1 Consent

When you provide explicit consent for us to process your data, such as:

• Subscribing to our newsletter
• Accepting cookies on our website
• Providing information through contact forms

3.2 Legitimate Interests

When processing is necessary for our legitimate interests, such as:

• Improving our website and services
• Analyzing website usage
• Preventing fraud and abuse
• Ensuring website security

3.3 Legal Obligation

When we must process data to comply with legal requirements.

3.4 Contract Performance

When processing is necessary to fulfill our obligations under a contract with you.

4. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

4.1 Right to Access

You have the right to request a copy of the personal data we hold about you. This includes:

• What personal data we process
• Why we process it
• Who we share it with
• How long we keep it
• Your rights regarding the data

We will provide this information free of charge within one month of your request.

4.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will correct your data within one month of your request.

To request correction, contact us at support@zenitcraft.com with details of the information that needs updating.

4.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances:

• The data is no longer needed for its original purpose
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• The data must be erased to comply with a legal obligation

Please note that we may need to retain certain information to comply with legal obligations.

4.4 Right to Restriction of Processing

You have the right to request that we limit how we use your personal data in certain situations:

• You contest the accuracy of the data
• Processing is unlawful but you don't want the data erased
• We no longer need the data but you need it for a legal claim
• You have objected to processing and we are verifying whether our legitimate grounds override your interests

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another service provider where technically possible.

This right applies when:

• Processing is based on your consent or a contract
• Processing is carried out by automated means

4.6 Right to Object

You have the right to object to processing of your personal data in certain circumstances:

• Processing based on legitimate interests or public interest
• Direct marketing (including profiling for direct marketing)
• Processing for scientific or historical research purposes

If you object, we will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

4.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significant effects concerning you.

We do not currently use automated decision-making processes that would significantly affect you.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

• Email: support@zenitcraft.com
• Subject Line: "GDPR Rights Request"
• Include: Your name, email address, and specific right you wish to exercise

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by two months and will inform you of the extension.

5.1 Verification Process

To protect your privacy, we may need to verify your identity before processing your request. We may ask for:

• Proof of identity (such as a copy of your ID)
• Additional information to locate your data
• Confirmation of your relationship with any accounts

5.2 Free of Charge

We will handle your requests free of charge. However, if requests are manifestly unfounded or excessive, we may charge a reasonable fee or refuse the request.

6. Withdrawing Consent

If we process your data based on consent, you have the right to withdraw that consent at any time.

6.1 How to Withdraw Consent

You can withdraw consent by:

• Unsubscribing from emails using the link in each message
• Adjusting cookie preferences in your browser settings
• Contacting us at support@zenitcraft.com

Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

7. Cookie Management

We use cookies on our website. You have the right to accept or reject cookies.

7.1 Cookie Consent

When you first visit our website, we display a cookie consent banner. You can choose to:

• Accept all cookies
• Decline non-essential cookies

7.2 Managing Cookies

You can manage cookies through:

• Your browser settings (delete or block cookies)
• Our cookie consent tool (if you change your mind)
• Contacting us to update your preferences

7.3 Types of Cookies We Use

• Essential Cookies: Required for website functionality (cannot be disabled)
• Analytics Cookies: Help us understand website usage (can be disabled)
• Preference Cookies: Remember your settings (can be disabled)

8. Data Protection Measures

We implement appropriate technical and organizational measures to protect your data:

8.1 Technical Measures

• Encryption of data in transit (SSL/TLS)
• Secure server infrastructure
• Regular security updates and patches
• Firewall and intrusion detection systems
• Access controls and authentication

8.2 Organizational Measures

• Staff training on data protection
• Data protection policies and procedures
• Regular security audits
• Incident response procedures
• Vendor management and due diligence

9. Data Transfers

If we transfer your data outside the European Economic Area, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules
• Other legally recognized transfer mechanisms

10. Children's Data

We take special care with children's data:

• We do not knowingly collect data from children under 13 without parental consent
• Parents can request access to, correction of, or deletion of their child's data
• We provide clear information about what data we collect and why
• We minimize data collection from children

If you believe we have collected data from a child without proper consent, contact us immediately at support@zenitcraft.com.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Notify affected individuals without undue delay if the breach poses a high risk
• Provide information about the breach, its likely consequences, and measures taken

12. Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

• Contact Information: 2 years from last contact
• Newsletter Subscriptions: Until you unsubscribe
• Analytics Data: 26 months in aggregated form
• Cookie Data: As specified in cookie settings
• Legal Obligations: As required by law

13. Third-Party Processors

We may use third-party service providers to process data on our behalf. When we do:

• We ensure they provide sufficient guarantees of GDPR compliance
• We have written contracts specifying their obligations
• We regularly review their security measures
• We ensure they only process data according to our instructions

14. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your data properly.

14.1 EU Supervisory Authorities

If you are in the EU, you can contact your national data protection authority. A list of authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

14.2 Contact Before Complaint

We encourage you to contact us first at support@zenitcraft.com so we can try to resolve your concerns directly.

15. Updates to This Information

We may update this GDPR information from time to time. Changes will be posted on this page with an updated date. Significant changes will be communicated through:

• Email notification to users who have provided contact information
• A notice on our website homepage

16. Contact Information

For any questions about GDPR or to exercise your rights, please contact us:

• Data Controller: ZenitCraft (Piggy Panda Inc)
• Email: support@zenitcraft.com (24-hour support)
• General Inquiries: info@zenitcraft.com
• Business Contact: contact@zenitcraft.com
• Postal Address: 52 Kensington Blvd, Smythes Creek VIC 3351, Australia

17. Additional Resources

For more information about GDPR and your rights:

• European Commission: Information about data protection - https://ec.europa.eu/info/law/law-topic/data-protection_en
• European Data Protection Board: Guidelines and resources - https://edpb.europa.eu/
• Your National Data Protection Authority: Contact details available through the links above

18. Language

This GDPR information is provided in English. If there is any inconsistency between the English version and a translated version, the English version shall prevail.

We are committed to protecting your privacy and respecting your GDPR rights. If you have any questions or concerns, please don't hesitate to contact us.