GDPR Compliance Notices

Effective date: 01 January 2026

Time Standard: Eastern Standard Time (EST), permanently fixed at UTC–05:00, with no adjustments for Daylight Saving Time or any other time-change system. This fixed UTC–05:00 standard is the sole legally controlling time zone for all deadlines, interpretations, notices, and obligations under these Notices, regardless of user location or local timekeeping practices.

Controller & Operator: 冷z LLC (legally registered; pronounced “Leng Z LLC”), doing business as “Chill Zone” (trade name only; not a separate legal entity). For absolute legal clarity, “冷z” and “Leng Z” refer to the same legal entity without exception.

Address: 74 E Glenwood Ave, Smyrna, DE 19977 Unit #5219
Contact: legal@chillzonecool.com
Website: https://chillzonecool.com

These GDPR Compliance Notices apply to individuals located in the European Union (EU) or European Economic Area (EEA). They supplement our Privacy Policy and Terms & Conditions. Where EU data protection law provides specific rights or obligations, those requirements take precedence.

1. Data controller

For all personal data processed in connection with the use of Chill Zone, the controller under the EU General Data Protection Regulation (GDPR) is:

冷z LLC (“Leng Z LLC”), DBA Chill Zone (“Chill Zone LLC”)
74 E Glenwood Ave, Smyrna, DE 19977 Unit #5219
Email: legal@chillzonecool.com
Website: https://chillzonecool.com

All GDPR-related inquiries must be submitted to the email listed above. We do not accept GDPR communications through social media, direct messages, or informal channels.

2. Purposes and legal bases for processing

We process personal data only where a valid legal basis under Article 6 GDPR applies. These bases include:

Contract performance — Art. 6(1)(b) GDPR: processing orders, delivering digital and physical products, providing customer support, and enabling account functionality.
Legal obligations — Art. 6(1)(c) GDPR: tax compliance, accounting requirements, consumer protection obligations, and mandatory record retention.
Legitimate interests — Art. 6(1)(f) GDPR: site security, fraud prevention, service operation, and basic analytics necessary to maintain and protect our services. We consider your rights and freedoms in all assessments.
Consent — Art. 6(1)(a) GDPR: applied to optional activities such as marketing emails or non-essential cookies. You may withdraw consent at any time with effect for the future.

We do not use your personal data for purposes incompatible with the purposes stated above without obtaining a new legal basis or, where required, your consent.

3. Data recipients and international transfers

We may share personal data with service providers where necessary to operate our services, process orders, or comply with legal obligations. Typical categories of recipients include:

Payment processors (e.g., Stripe)
Fulfillment and logistics partners (e.g., Printful)
Hosting, infrastructure, and security providers (e.g., Cloudflare)
Embedded content platforms (e.g., YouTube)
Professional advisors (e.g., attorneys or accountants)

Personal data may be transferred to countries outside the EU/EEA, including the United States. Where required, we implement safeguards such as EU Standard Contractual Clauses to ensure data protection comparable to EU standards.

4. Storage duration

We retain personal data only as long as necessary for the purposes described in these Notices or as required by law. When data is no longer needed, we delete it or anonymize it in a secure and irreversible manner.

5. Your rights under the GDPR

If you are located in the EU/EEA, you have the following rights subject to GDPR conditions:

Right of access (Art. 15) – confirmation of processing and a copy of your personal data.
Right to rectification (Art. 16) – correction of inaccurate or incomplete data.
Right to erasure (Art. 17) – deletion of data in specific situations where no legal obligation requires retention.
Right to restriction (Art. 18) – temporary limitation of processing under certain conditions.
Right to data portability (Art. 20) – receipt of personal data in a machine-readable format.
Right to object (Art. 21) – objection to processing based on legitimate interests.
Right to withdraw consent (Art. 7(3)) – withdrawal of consent at any time with future effect.

To exercise these rights, contact us at legal@chillzonecool.com. We may request additional information as necessary to verify your identity before responding.

We respond to requests within one month unless GDPR allows an extension in cases of complexity or volume. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or decline to act.

6. Right to lodge a complaint

If you believe your rights under the GDPR have been violated, you may lodge a complaint with a supervisory authority in:

Your EU member state of residence;
Your place of work; or
The location of the alleged infringement.

7. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Article 22 GDPR.

8. Relationship to our Privacy Policy and Terms

These Notices supplement our Privacy Policy. They do not replace any rights guaranteed under EU law. In cases of conflict, the interpretation consistent with GDPR requirements will apply.

Important disclaimer.
These GDPR Compliance Notices are informational and do not constitute legal advice. GDPR obligations may vary depending on your specific processing activities and member-state requirements. Consider consulting qualified counsel for tailored guidance.