Privacy policy

Privacy & Cookie Policy

Part I — Privacy Policy

1. Introduction and Data Controller

Zellaforte ("we," "us," "our," or "the Company") is committed to protecting your privacy and ensuring you have a positive experience on our website and when purchasing our premium longevity supplements. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at zellaforte.com and use our services, in accordance with the Liechtenstein Data Protection Act (Datenschutzgesetz, DSG) and the EU General Data Protection Regulation (GDPR), which applies in Liechtenstein through the EEA Agreement.

The data controller responsible for your personal data is:

Anstalt für Zellforschung
Zollstraße 34
FL-9490 Vaduz
Liechtenstein

If you have questions about this Privacy Policy or our data processing practices, please contact us at:

Email: support@zellaforte.de

Please allow 30 days for a response to your inquiry.

2. Types of Personal Data We Collect

We collect personal data directly from you and from automated technologies when you interact with our website and services. The types of personal data we collect include:

2.1 Information You Provide Directly

Account and Order Information: Name, email address, postal address, phone number, payment information (credit/debit card details processed securely by third-party payment processors), order history, and product preferences.
Communication Data: Information you provide when contacting us via email, contact forms, or customer support channels, including the content of your messages and any attachments.
Optional Information: Profile pictures, date of birth, health preferences, and other optional information you may choose to provide.

2.2 Information Collected Automatically

Device Information: IP address, browser type, operating system, device identifiers, and device characteristics.
Usage Data: Pages visited, time spent on each page, clicks, scroll depth, referral source, and search queries.
Cookie and Tracking Data: Data collected through cookies, web beacons, pixels, and similar tracking technologies (see Part II of this document for details).
Location Data: Approximate geographic location based on IP address (country and city level).
Behavioral Data: Your interactions with our website, products viewed, items added to cart, and purchase behavior.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and based on the corresponding legal bases under GDPR Article 6:

3.1 Performance of Contract (Article 6(1)(b))

Processing and fulfilling your orders and purchases.
Providing customer service and support.
Maintaining your account and managing subscriptions (if applicable).
Sending order confirmations, shipping updates, and invoices.
Processing refunds and handling returns.

3.2 Consent (Article 6(1)(a))

Marketing communications and promotional emails (when you have opted in).
Retargeting and personalized advertising on third-party platforms.
Analytics and session recording to improve user experience.
Using certain non-essential cookies (see Part II).

You may withdraw your consent at any time by clicking the unsubscribe link in marketing emails or adjusting your cookie preferences.

3.3 Legitimate Interest (Article 6(1)(f))

Preventing fraud, abuse, and security threats.
Improving and optimizing our website, products, and services.
Understanding customer behavior and preferences to enhance user experience.
Conducting analytics and statistical analysis.
Enforcing our terms of service and legal rights.
Business administration and internal operations.
Responding to legal requests and compliance with applicable laws.

4. Data Sharing with Third Parties

We share your personal data with the following categories of third parties to enable us to provide our services and for the purposes described above:

4.1 Order Fulfillment and Logistics

Order fulfillment and shipping are handled by a contracted logistics partner operating under a GDPR-compliant data processing agreement. We share your name, address, and order details solely for delivery purposes.

4.2 Payment Processing

We share payment information with the following PCI DSS-compliant payment processors:

Shopify Payments (powered by Stripe) - processes credit card and digital wallet payments
PayPal - processes PayPal account payments and digital wallet transactions
Klarna - processes buy-now-pay-later (BNPL) and installment payments

Each payment processor is PCI DSS compliant and operates under its own privacy policy and terms of service. We do not store full credit card details on our servers; payment processing is handled securely by these third-party providers. When you choose a payment method, your payment data is transmitted directly to the respective processor.

4.3 Analytics and Performance Measurement

We use the following analytics and tracking partners:

Google Analytics 4: Collects data about website usage, user behavior, and conversion metrics to help us understand our audience and optimize performance.
Microsoft Clarity: Provides session recording, heatmaps, and user behavior analytics to identify usability issues and improve website experience.

4.4 Advertising and Retargeting

We partner with the following advertising platforms to display targeted ads and measure campaign effectiveness:

Meta Pixel (Facebook/Instagram): Used for conversion tracking, audience segmentation, and retargeting ads. This enables us to show you relevant advertisements based on your interactions with our website.
Taboola: Used for native advertising and content recommendations, as well as conversion tracking.
Outbrain: Used for native advertising and content recommendations, as well as conversion tracking.

4.5 Shopify Platform Services

Our website is hosted on the Shopify platform. Shopify may process your data for order fulfillment, analytics, fraud detection, and providing platform services. Shopify is a data processor under our agreement and implements Standard Contractual Clauses for data transfers.

4.6 Legal and Compliance

We may disclose your personal data when required by law or when we have a good-faith belief that disclosure is necessary to:

Comply with applicable laws, regulations, or legal processes.
Enforce our Terms of Service and other agreements.
Protect the security or integrity of our services.
Protect the rights, privacy, safety, and property of Zellaforte, our users, or the public.

4.7 Business Transfers

If Zellaforte is acquired, merged, or undergoes a significant business transaction, your personal data may be transferred as part of that transaction. We will provide notice if your data becomes subject to a different privacy policy.

5. International Data Transfers

Zellaforte is based in Liechtenstein (EU/EEA), but some of our service providers and partners are located in the United States and other countries outside the European Economic Area. When we transfer your personal data to countries without an adequacy decision from the European Commission, we rely on appropriate safeguards, including:

Standard Contractual Clauses (SCCs): We include Standard Contractual Clauses in our data processing agreements with US-based service providers (including Google, Meta, Microsoft, Shopify, and others) to ensure adequate protection of your data.
Adequacy Decisions: For some transfers, we rely on adequacy decisions by the European Commission where applicable.
Binding Corporate Rules: Where applicable, we rely on binding corporate rules or similar mechanisms.

You have the right to request a copy of the appropriate safeguards for international transfers. Please contact us at support@zellaforte.de.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Specific retention periods are as follows:

Order and Transaction Data: Retained for 7 years to meet tax and accounting legal requirements.
Account Information: Retained for the duration of your account and for 3 years after account deletion or last purchase, unless applicable law requires longer retention.
Marketing Data: Retained until you unsubscribe from our marketing communications or withdraw consent.
Analytics and Behavioral Data: Retained by analytics partners according to their retention policies (typically 14-26 months) unless you request deletion.
Payment Information: Card details are not stored by us; payment processors retain data according to their policies and PCI DSS standards.
Customer Support Communications: Retained for 3 years for reference and dispute resolution purposes.

After the applicable retention period, we securely delete or anonymize your personal data. However, we may retain aggregated, anonymized data indefinitely for analytical and business purposes.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

7.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you and information about how we process it. We will provide this information in a clear, intelligible format within 30 days of your request.

7.2 Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate or incomplete personal data. You can update certain information in your account dashboard; for other data, please contact us.

7.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary or when you withdraw consent. Note that some data may need to be retained for legal, tax, or contractual reasons.

7.4 Right to Restrict Processing (Article 18)

You have the right to request that we limit how we use your personal data while we verify its accuracy or assess the legitimacy of our processing.

7.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller without hindrance.

7.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interest or for direct marketing purposes. We will cease processing for these purposes unless we have compelling legitimate grounds or legal obligations to continue.

7.7 Right to Withdraw Consent (Article 7)

Where we process your data based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

7.8 Exercising Your Rights

To exercise any of these rights, please submit a request to support@zellaforte.de with sufficient detail to identify you and specify which right you are exercising. We will respond within 30 days. In some cases, we may ask for additional information to verify your identity. If we cannot fulfill your request, we will explain why.

8. Right to Lodge a Complaint

In addition to your rights listed above, you have the right to lodge a complaint with a supervisory authority if you believe we have violated your rights under GDPR. You may file a complaint with the data protection authority in Liechtenstein or any EU member state where you reside or work:

Data Protection Authority for Liechtenstein:
Amt für Justiz
Datenschutzbehörde
Städtle 36
FL-9490 Vaduz
Liechtenstein
Email: datenschutz@aj.llv.li

You may also contact the data protection authority of the country where you reside.

9. Security Measures

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: Data transmitted between you and our website is encrypted using SSL/TLS technology (HTTPS).
Secure Payment Processing: Payment information is processed through PCI DSS-compliant payment gateways and is not stored on our servers.
Access Controls: Only authorized personnel with legitimate business needs have access to personal data.
Data Minimization: We collect only the minimum personal data necessary for our stated purposes.
Regular Audits: We conduct regular security assessments and vulnerability testing.
Employee Training: Our staff receives training on data protection and privacy practices.
Incident Response: We have documented procedures for responding to data security incidents.

While we employ security measures designed to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining reasonable safeguards.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, new services, technological developments, or legal requirements. Material changes will be communicated to you via email (if we have your email address) or by prominent notice on our website.

Your continued use of our website and services after such modifications constitutes your acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically to stay informed about how we protect your privacy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Email: support@zellaforte.de
Website: zellaforte.com
Mailing Address:
Anstalt für Zellforschung
Zollstraße 34
FL-9490 Vaduz
Liechtenstein

We will respond to your inquiry within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the data protection authority as described in Section 8.

Part II — Cookie Policy

What Are Cookies?

Cookies are small text files that are stored on your device (computer, tablet, or smartphone) when you visit our website. They are widely used to make websites work more effectively, remember your preferences, and provide insights into how visitors use our site. Cookies may be set by us (first-party cookies) or by third parties whose services we use (third-party cookies).

Types of Cookies We Use

Zellaforte uses the following categories of cookies:

1. Strictly Necessary Cookies

These cookies are essential for the proper functioning of our website and your shopping experience. They are set without relying on your consent and enable basic functions such as:

Cookie Name / Provider	Purpose	Duration	Type
Shopify session cookie	User session management and authentication	Session	First-party
Shopify cart cookie	Shopping cart data retention	30 days	First-party
Shopify CSRF token	Security and fraud prevention	Session	First-party

2. Analytics Cookies

We use analytics cookies to understand how visitors interact with our website. These cookies collect information about visitor behavior, page views, traffic sources, and user engagement. This data helps us improve our website's performance and user experience.

Cookie Provider	Purpose	Duration	Type
Google Analytics 4	Website performance metrics, user engagement tracking, audience insights	2 years	Third-party
Microsoft Clarity	Session recordings, heatmaps, user behavior analysis	1 year	Third-party

3. Marketing & Advertising Cookies

We use marketing and advertising cookies to track conversions, retarget users across social media platforms, and measure the effectiveness of our advertising campaigns. These cookies require your consent.

Cookie Provider	Purpose	Duration	Type
Meta Pixel (Facebook)	Conversion tracking, audience building, retargeting on Facebook and Instagram	Up to 90 days	Third-party
Taboola Pixel	Native advertising conversion tracking and campaign optimization	90 days	Third-party
Outbrain Pixel	Native advertising conversion tracking and campaign optimization	90 days	Third-party

4. Shopify Native Analytics & Fraud Prevention Cookies

As a Shopify-hosted store, Zellaforte uses Shopify's native analytics and fraud detection cookies to monitor store performance and prevent fraudulent transactions.

Provider	Purpose	Duration	Type
Shopify analytics	Store traffic and transaction analytics	2 years	First-party
Shopify fraud detection	Security and fraud prevention	Session	First-party

Legal Basis for Cookie Use

Strictly necessary cookies are set without your consent as they are essential for the website to function properly (GDPR Article 6(1)(f) - legitimate interest).

All other cookies (analytics, marketing, advertising) require your prior consent. We obtain this consent through our cookie banner when you first visit our website. You will see a clear notification asking you to accept or reject non-essential cookies before they are set.

Our legal basis for processing cookies is GDPR Article 6(1)(a) - your explicit consent.

Managing & Withdrawing Cookie Consent

You can manage your cookie preferences and withdraw consent for non-essential cookies at any time by:

Clicking the "Cookie Settings" or "Manage Preferences" button on our website (usually located in the footer or accessible via the cookie banner)
Deleting cookies from your browser settings (see instructions below)
Using the cookie consent platform to modify your choices

If you withdraw consent for analytics or marketing cookies, they will no longer be set on subsequent visits. However, withdrawing consent does not delete cookies that have already been set.

Browser Cookie Controls

You can disable or delete cookies directly through your browser settings:

Chrome: Settings > Privacy and Security > Cookies and other site data
Firefox: Preferences > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Manage Website Data
Edge: Settings > Privacy, search, and services > Cookies and other site data

Please note that disabling cookies may affect the functionality of our website, and you may not be able to complete purchases or access certain features.

Third-Party Cookie Policies

For detailed information about how third parties handle cookies and personal data, please visit their privacy policies:

Google Analytics 4: https://policies.google.com/privacy
Microsoft Clarity: https://privacy.microsoft.com/en-us/privacystatement
Meta Pixel (Facebook): https://www.facebook.com/policies/cookies/
Taboola: https://www.taboola.com/cookie-policy
Outbrain: https://www.outbrain.com/legal/privacy
Shopify: https://www.shopify.com/legal/privacy

Questions About This Policy?

If you have questions about our privacy practices or use of cookies, please contact us at support@zellaforte.de.

Related Policies: Terms & Conditions · Impressum · Disclaimer

Last updated: April 2026

Language