GDPR Data Request.
Submit a request to access, rectify or delete your personal data.
Pick the right that applies. We do the rest.
EU GDPR gives every visitor four clear rights over the personal data we hold. The form below routes your request to the right internal queue; we email a verification link to confirm it's really you, then process within the 30-day statutory window.
Right to Access (Art. 15)
Get a machine-readable export of every inquiry, email and consent record we hold against your email address. Delivered as PDF + CSV within 30 days.
Right to Rectification (Art. 16)
Correct inaccurate name, company, country or contact details on file. Useful after a job change or a typo in a previous quote thread.
Right to Erasure (Art. 17)
Delete every record linked to your email. We honour the "right to be forgotten" by purging inquiry, audit and analytics rows; we keep only what tax law (China + EU) requires.
Right to Object (Art. 21)
Opt out of any future contact, including newsletters and follow-ups. We add your email to a permanent suppression list independent of your account record.
Verified by email, processed within 30 days.
Pick the right that applies, enter the email you used in any previous inquiry, and submit. We'll send a one-time verification link to that address (valid 48 hours). Once you click it, your request enters our DSR queue and we respond within 30 days as required by GDPR Article 12.
Prefer to email us directly? Write to privacy@zufek.com — we acknowledge within one business day.
We will email a one-time verification link to the address above (valid 48 hours). Click it to confirm the request — we cannot act on unverified emails. Statutory deadline: 30 days per GDPR Art. 12.
Three-step process, no account required.
No login. No password. The email channel itself is the proof of identity, and we tie every request back to a verified inbox.
- Submit. Pick the right, enter your email, hit submit. We log the request, generate a reference ID and send a verification link.
- Verify. Click the link in your inbox within 48 hours. This confirms the email is yours — without it the request expires automatically.
- Receive. Within 30 days we email the data export (Access), confirmation of the correction (Rectification), the erasure certificate (Erasure), or the suppression confirmation (Object).
No fee. All GDPR requests are processed free of charge unless they are "manifestly unfounded or excessive" — in over five years of operation we have never invoked that clause.
The questions we hear most.
What data do you actually hold about me?
For most visitors: nothing more than an inquiry record (name, company, email, country, message body, timestamp) plus the IP your inquiry came from. If you sat through a video call or sent a sample shipment, we may also hold meeting notes and a customs / shipping address. We do not buy email lists, profile visitors across the web or share data with ad networks.
How long does erasure actually take?
The inquiry row is purged within 7 days. Audit and analytics rows are anonymised (visitor hash kept for aggregate stats; raw IP / email cleared) within 30 days. Mail server logs roll off after 90 days; backups containing your data are overwritten on the regular 30-day rotation. Tax-mandatory records (invoices, customs declarations) are retained per Chinese + EU tax law for the statutory minimum and excluded from erasure.
What if I am not in the EU — can I still file a request?
Yes. We apply the same GDPR-grade workflow to every region globally — California (CCPA), UK (UK-GDPR), Brazil (LGPD), Singapore (PDPA). The form, the 30-day SLA and the verification step do not change by jurisdiction.
Can I get a copy of an old quote thread?
Yes — file a Right to Access request. We export the full email thread (sender, recipient, subject, body, timestamps), the inquiry form data and any attached spec sheets you uploaded, packaged as a single ZIP with a PDF index. Average export size: 50 KB to 5 MB.
Who can I escalate to if you don't reply?
Internal escalation: privacy@zufek.com (Data Controller). External escalation: your national Data Protection Authority (EU residents) or the relevant equivalent (CNIL in France, ICO in the UK, AEPD in Spain, Garante in Italy, etc.). The statutory complaint right is yours regardless of how this page resolves the issue.
Do you use cookies that need consent?
Strictly necessary cookies only by default (session, language, cookie-banner state). Analytics and marketing cookies require explicit opt-in via the cookie banner; we use Google Analytics 4 with Consent Mode v2 (IP anonymisation always on) and never load advertising pixels until the visitor opts in.
Still have questions?
Privacy is run by a real person inside the company, not an outsourced ticket queue. Drop a line and you'll hear back within one business day.
Email privacy@zufek.com