Polityka prywatności
DOTZSO — Last Updated: July 2026
📋 At a Glance
We take your privacy seriously. This policy explains what personal data we collect, how we use it, and your rights. Key points:
- We only collect data necessary to process your orders and improve your experience
- We never sell your personal information to third parties
- You can request access to, correction of, or deletion of your data at any time
- We use industry-standard encryption to protect your payment information
1. Who We Are
DOTZSO (“we”, “us”, or “our”) operates the website dotzso.com (the “Site”). We are a provider of diamond painting kits and related craft supplies, shipping to customers in the United States and Canada.
Our website address is: https://dotzso.com
If you have any questions about this Privacy Policy or our data practices, you can contact us at:
- Response Time: Within 24 hours (Mon–Fri, 9 AM – 6 PM EST)
2. What Personal Data We Collect
We collect personal data that you provide to us directly, as well as data collected automatically when you use our Site. Below is a detailed breakdown:
2.1 Data You Provide Directly
| When You… | Data Collected |
|---|
| Place an order | Name, email address, shipping/billing address, phone number, payment information (credit card details are tokenized and processed by our payment gateway — we do not store full card numbers) |
| Create an account | Name, email address, password (encrypted), order history |
| Contact us or submit a form | Name, email address, and any information you include in your message |
| Subscribe to marketing | Email address, name (optional) |
| Leave a product review | Name (displayed publicly), email address (not displayed), review content, and optionally a photo |
2.2 Data Collected Automatically
| Type | Details |
|---|
| Browsing data | IP address, browser type and version, operating system, device type, pages viewed, time spent on pages, referring URL, and exit pages |
| Cookies & tracking | Session identifiers, shopping cart contents, login status, preferences (see Section 5 for full Cookie Policy) |
| Order analytics | Products viewed, products added to cart, purchase completion, abandoned cart data |
3. How We Use Your Data
We use the personal data we collect for the following purposes:
| Purpose | Legal Basis |
|---|
| Order processing & fulfillment — to process payments, ship products, send order confirmations, and provide customer support | Contractual necessity |
| Account management — to create and maintain your account, track order history | Contractual necessity / Consent |
| Customer service — to respond to inquiries, handle returns and refunds | Legitimate interest |
| Marketing communications — to send promotional emails, special offers, and product recommendations (only with your consent) | Consent |
| Site improvement — to analyze usage patterns, fix bugs, and improve user experience | Legitimate interest |
| Fraud prevention & security — to detect and prevent fraudulent transactions and protect our Site | Legitimate interest / Legal obligation |
| Legal compliance — to comply with applicable laws, regulations, and legal requests | Legal obligation |
4. Who We Share Your Data With
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share your data only with trusted service providers who help us operate our business:
| Service Provider | Category | Data Shared |
|---|
| Payment gateways (PayPal, Stripe, Shopify Payments, etc.) | Payment processing | Name, billing address, payment amount, card token (full card numbers are never stored on our servers) |
| Shipping carriers (USPS, UPS, FedEx, DHL, etc.) | Order fulfillment | Name, shipping address, phone number (for delivery purposes) |
| Hosting provider (Hostinger) | Website hosting | All site data stored on their servers (protected by their security measures) |
| Email service provider | Email delivery | Email address, name, order details (for transactional emails) |
| Analytics providers (Google Analytics, if enabled) | Site analytics | Anonymized browsing data, IP address (truncated) |
| Spam detection service | Security | Comment content, IP address, user agent (for reviews and comments) |
We may also disclose your data if required by law, court order, or governmental regulation, or to protect our legal rights.
5. Cookies
Cookies are small text files placed on your device when you visit our Site. We use cookies to make our Site function properly and to improve your experience.
5.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Example |
|---|
| Essential / Functional | Required for the Site to function — shopping cart, checkout, login | Session to 2 years | WooCommerce cart cookie, WordPress login cookie |
| Preferences | Remember your choices — language, currency, login “Remember Me” | Up to 1 year | Screen options cookie, language preference cookie |
| Analytics | Understand how visitors use our Site — page views, time on site | Up to 2 years | Google Analytics cookies (if installed) |
| Marketing | Track ad performance and show relevant ads (if advertising is active) | Up to 90 days | Facebook Pixel, Google Ads cookies (if installed) |
5.2 Managing Cookies
You can control and delete cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored on your device
- Block all cookies or specific types of cookies
- Delete all cookies when you close your browser
Please note that disabling essential cookies may prevent you from completing purchases or accessing certain features of our Site.
For more information about managing cookies, visit www.allaboutcookies.org.
6. Comments & Product Reviews
When visitors leave comments or product reviews on our Site, we collect the data shown in the submission form, as well as the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to determine if you are using it. The Gravatar service privacy policy is available at: https://automattic.com/privacy/. After approval of your comment or review, your profile picture (if linked to Gravatar) is visible to the public in the context of your comment.
If you upload images as part of a product review, you should avoid uploading images with embedded location data (EXIF GPS) included. Other visitors can download and extract any location data from images on the website.
7. Embedded Content from Other Websites
Articles and product pages on this Site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you visited the other website directly.
These external websites may:
- Collect data about you
- Use their own cookies
- Embed additional third-party tracking
- Monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website
8. How Long We Retain Your Data
| Data Type | Retention Period |
|---|
| Account information | Until you delete your account, or after 3 years of inactivity |
| Order records | 7 years (for tax and legal compliance) |
| Comments & reviews | Indefinitely (so we can recognize and approve follow-up comments automatically) |
| Contact form submissions | 2 years from last communication |
| Marketing consent | Until you withdraw consent or unsubscribe |
| Analytics data | 26 months (anonymized after 14 months) |
9. Your Rights Over Your Data
Depending on your location, you may have the following rights regarding your personal data:
| Right | What It Means |
|---|
| Access | You can request a copy of the personal data we hold about you |
| Correction | You can ask us to correct inaccurate or incomplete data |
| Deletion | You can request that we erase your personal data (subject to legal retention requirements) |
| Data portability | You can request your data in a structured, machine-readable format |
| Objection | You can object to our processing of your data for direct marketing or legitimate interests |
| Withdraw consent | Where processing is based on consent, you can withdraw it at any time |
For California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete, the right to opt-out of the sale or sharing of personal information (though we do not sell personal data), and the right to non-discrimination for exercising these rights.
For EU/EEA residents (GDPR): You have the rights listed above plus the right to lodge a complaint with your local data protection supervisory authority.
To exercise any of these rights, please contact us at DOTZSO.us@gmail.com. We will respond to your request within 30 calendar days. We may need to verify your identity before processing your request.
10. How We Protect Your Data
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- Encryption: All data transmission between your browser and our Site is encrypted using SSL/TLS (HTTPS)
- Payment security: Payment card data is tokenized and processed through PCI-DSS compliant payment gateways — we never store full credit card numbers on our servers
- Access control: Access to personal data is restricted to authorized personnel who need it to perform their job functions
- Regular updates: Our platform (WordPress, WooCommerce, and all plugins) is regularly updated to patch security vulnerabilities
- Monitoring: We use security monitoring to detect and prevent unauthorized access attempts
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
11. International Data Transfers
DOTZSO operates globally. Your personal data may be transferred to and processed in countries other than your country of residence, including the United States and other locations where our service providers operate.
When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by relevant authorities
- Data processing agreements with all service providers
- Technical measures such as encryption during transit
12. Children’s Privacy
Our Site is not intended for children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.
13. Third-Party Links
Our Site may contain links to third-party websites, plugins, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policy of every website you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will:
- Post the updated policy on this page
- Update the “Last Updated” date at the top of the policy
- For material changes, notify registered users by email or through a notice on our Site
We encourage you to review this policy periodically. Your continued use of our Site after changes are posted constitutes acceptance of the updated policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
This Privacy Policy was last updated in July 2026. It replaces and supersedes all previous versions.