Zenzzen® Privacy Policy

1. Introduction and Data Controller Information

Who is the Controller of Your Personal Data?

The Controller of your personal data is:

• Name: Justyna de Bure Marketing i PR
• Address: Zurawia 21 St., 05-503 Gloskow, Poland
• Contact Email: hello@zenzzen.com
• Contact for GDPR/Privacy Matters: privacy@zenzzen.com

What is this Privacy Policy?

This Policy defines the rules for processing and protecting the personal data of Users visiting the website www.myzenzzen.com and those who use future services and devices under the Zenzzen® brand.

2. Data Processed on the Website (Waitlist and Contact)

When you visit www.myzenzzen.com, we process data related to your interaction with the website, primarily focusing on the Waitlist sign-up and Contact forms.

• Waitlist Sign-up: If you join the waitlist, we collect your Email Address. This data is processed based on your explicit consent (Art. 6(1)(a) GDPR). The purpose is to register your interest, send you updates on product development, invitations for beta-testing, and early-bird pricing offers. We retain this data until you withdraw your consent or until the product is fully commercialized and further communication ceases.
• Contact Form: If you send us an inquiry via email, we process your Name, Email Address, and the content of your message. The legal basis for this is our legitimate interest (Art. 6(1)(f) GDPR) to respond to your communication. We retain this information for the duration necessary to answer your query and conclude the correspondence.

3. Data Processed by the Zenzzen® Device (Future Service)

NOTE: This section describes the processing of data once the Zenzzen® device is launched and in use. This data includes special categories of personal data.

The Zenzzen® device is designed to monitor and interpret physiological data to assist with emotional regulation.

• Biometric Data (Special Category): The device collects Electrodermal Activity (EDA/GSR), Heart Rate Variability (HRV), and Voice Signal Analysis. The sole purpose of processing this highly sensitive data is for Emotional Regulation Training, enabling the Real-Time Intervention (JITAI) function, and analyzing your progress toward emotional adaptation. Due to the sensitive nature of this data, the legal basis for processing is your Explicit Consent (Art. 9(2)(a) GDPR) to process health-related data.
• Protection Principle: We adhere to a Privacy First commitment. All sensitive data is encrypted and processed locally on the device wherever possible. We sell peace of mind and emotional intelligence training, not your data.
• Device Usage Data: We collect non-sensitive data such as device usage time, alarm frequency, and software version. This is done based on our legitimate interest (Art. 6(1)(f) GDPR) to continuously improve the device performance and provide necessary technical support. This data is anonymized where possible.

4. Cookies and Analytical Tools

The website www.myzenzzen.com uses cookies. These are small text files sent by the server and stored by the browser software on the computer.

• Purpose: Ensuring the correct functioning of the website, statistical analysis (Google Analytics) to optimize and tailor content to User needs.
• Consent: In accordance with applicable law, consent for the use of Cookies is collected via a Cookie banner/pop-up upon the User’s first visit.
• External Tools: We use Google Analytics for anonymous tracking of website traffic.

5. Data Recipients (To Whom We Transfer Data?)

Your personal data (email) may be transferred to the following categories of entities:

• Emailing/CRM Service Provider (MailerLite) – for sending the newsletter and managing the waitlist.
• Hosting Service Providers – for storing data on the server.
• Analytical Service Providers (e.g., Google Analytics) – strictly for statistical purposes, after prior anonymization.
• Technology Partners (e.g., Kaizen Engineering, MeSource®) – Solely to the extent necessary for development and technical support, under data processing agreements.

Transferring Data Outside the EEA: If we use services from entities located outside the European Economic Area (EEA) (e.g., a US-based Mailchimp provider), the transfer of data is based on Standard Contractual Clauses approved by the European Commission, ensuring an adequate level of protection.

6. Your Rights (GDPR Rights)

As a User, you have the right at any time to:

• Right of Access to your data (receiving information about the processing).
• Right to Rectification (correcting) inaccurate data.
• Right to Erasure (“right to be forgotten”), unless there is another legal basis for its continued processing.
• Right to Restriction of Processing.
• Right to Data Portability (receiving data in a structured format).
• Right to Object to processing.
• Right to Withdraw Consent at any time (applies to data collected based on consent, e.g., waitlist sign-up). Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint with the supervisory authority (President of the Personal Data Protection Office – PUODO in Poland).

7. Final Provisions

This Privacy Policy may be updated periodically. We will inform Users of any significant changes via email or through a clear announcement on the website.

[Last Updated Date: December 2025]