Effective Date: March 1, 2026
California Consumer Privacy Act Notice
(For California Residents Only)
This California Privacy Policy & Notice describes how Zwiesel Fortessa Americas LLC and its subsidiaries, affiliates, and related entities (collectively, “Zwiesel Fortessa,” "Company," "we," or "us") collect and process personal information about our consumers who reside in California. The California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CPRA") requires us to provide our California consumers with a privacy policy that contains a comprehensive description of our online and offline practices regarding our collection, use, sale, sharing, and retention of their personal information, along with a description of the rights they have regarding their personal information. This Privacy Policy & Notice provides the information the CPRA requires, together with other useful information regarding our collection and use of personal information. Any terms defined in the CPRA have the same meaning when used in this policy.
This California Privacy Policy applies to our consumers, current and former employees, job applicants, and business-to-business partners that reside or are otherwise located in California.
This California Privacy Policy does not apply to our collection and use of personal information from residents, current or former employees, job applicants, or business-to-business partners outside of California. Consumers residing in other locations should see our general privacy policy at: General Privacy Policy.
Personal Information Collected
We collect and use information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("personal information"). Personal information does not include:- Publicly available information, including from government records, through widely distributed media, or that the consumer made publicly available without restricting it to a specific audience..
- Lawfully obtained, truthful information that is a matter of public concern.
- Deidentified or aggregated consumer information
- Information excluded from the CPRA's scope, like:/li>
- health or medical information covered by the Health Insurance Portability and Accountability Act (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data; or/li>
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act./li>
Personal Information Categories Chart
The chart below identifies the categories of personal information we collected from our consumers within the last 12 months and the expected retention period.
| Category | Examples | Collected? | Retention Period |
|---|---|---|---|
| A. Identifiers. | A real name, alias, postal address, online identifier, Internet Protocol address, email address, or billing and shipping address. | YES | For as long as needed to manage the relationship and provide services, then up to 7 years after last interaction (or longer if required for legal claims, audits, or compliance). |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) ("California Customer Records"). | A name, signature, address, telephone number, or professional licenses. Some personal information included in this category may overlap with other categories. | YES | Up to 7 years after last interaction, or longer if legally required. |
| C. Protected classification characteristics under California or federal law ("Protected Classes"). | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, reproductive health decision-making, military and veteran status, or genetic information (including familial genetic information). | YES, for employees and applicants only. | Only as long as necessary for the purpose collected (e.g., compliance or HR administration), then typically up to 4 years unless a longer legal requirement applies. |
| D. Commercial information. | Records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES | Up to 7 years after the transaction or last activity (tax, accounting, warranties, disputes, and audit purposes), or longer if legally required. |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO | N/A |
| F. Internet or other similar network activity. | Activity on our websites, mobile apps, or other digital systems, such as internet browsing history, search history, system usage, electronic communications with us, postings on our social media sites. | YES | Up to 24 months, unless needed longer for fraud prevention, incident investigation, or legal compliance. |
| G. Approximate Geolocation data. | Physical location or movement data derived from your IP address or general movement patterns, such as your zip code, city or generalized location. | YES (Approximate only) | Only as long as needed for the immediate purpose (often hours to 30 days), unless required longer for |
| H. Sensory data. | Audio or electronic, including customer service call monitoring. | YES | Up to 2 years (or shorter) after creation, unless needed for safety, dispute resolution, investigations, or legal holds. |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | YES, for employees and applicants only. | Business contacts: duration of the relationship + up to 7 years. Job applicants: up to 4 years after the hiring decision (or longer if required by law). Employees: duration of employment + up to 7 years. |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) ("FERPA Information"). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | YES, for employees and applicants only. | Job applicants: up to 4 years after the hiring decision (or longer if required by law). Employees: duration of employment + up to 7 years. |
| K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES | Up to 24 months, unless needed longer for legitimate business/security/legal purposes. |
| L. Sensitive personal information. | Further identified in the chart below. | YES, for employees and applicants only. | Further identified in the chart below. |
Sensitive Personal Information Categories Chart
Sensitive personal information is a subtype of personal information consisting of the specific information categories listed in the chart below. We use this information only for employment-related and business administration purposes (such as payroll, benefits, security, and legal compliance) and not to infer characteristics about individuals. The chart below identifies which sensitive personal information categories, if any, we have collected information from our employees and job candidates and the expected retention period.
| Sensitive Personal Information Category | Collected? | Retention Period |
|---|---|---|
| L.1. Government identifiers, such as your SSN, driver's license, state identification card, or passport number. | YES | Job applicants: up to 4 years after the hiring decision (or longer if required by law). Employees: duration of employment + up to 7 years. |
| L.2. Complete account access credentials, such as usernames, account logins, account numbers, or card numbers combined with required access/security code or password. | YES | Job applicants: up to 4 years after the hiring decision (or longer if required by law). Employees: duration of employment + up to 7 years. |
| L.3. Precise geolocation, such as physical access to a Company office location, the location of a delivery, sales, or other employee in the field, or GPS data from the Company's mobile phone, device, or vehicle used by an employee that can provide its location in a geographic area, with an approximate radius of 1,850 feet. | NO | N/A |
| L.4. Racial or ethnic origin. | YES | Job applicants: up to 4 years after the hiring decision (or longer if required by law). Employees: duration of employment + up to 7 years. |
| L.5. Citizenship or immigration status. | YES | Job applicants: up to 4 years after the hiring decision (or longer if required by law). Employees: duration of employment + up to 7 years. |
| L.6. Religious or philosophical beliefs. | NO | N/A |
| L.7. Union membership. | YES | Job applicants: up to 4 years after the hiring decision (or longer if required by law). Employees: duration of employment + up to 7 years. |
| L.8. Mail, email, or text messages not directed to the Company. | NO | N/A |
| L.9. Genetic data. | NO | N/A |
| L.10. Neural Data, such as information generated by measuring a consumer's central or peripheral nervous system's activity that is not inferred from nonneural information. | NO | N/A |
| L.11. Unique identifying biometric information. | NO | N/A |
| L.12. Health information, including job restrictions and workplace illness and injury information. | YES | Job applicants: up to 4 years after the hiring decision (or longer if required by law). Employees: duration of employment + up to 7 years. |
| L.13. Sex life or sexual orientation information. | NO | N/A |
| L.14. Children's personal information (under age 16). | NO | N/A |
Sources of Personal Information
You Provide Information to UsWe collect personal and other data directly from you when you interact with our Services. For example, we collect information when you browse our website, create or manage an account, place an order or request a quote, subscribe to receive updates or marketing communications, participate in promotions or surveys, or otherwise communicate with us. We also collect information when you visit or engage with us in person, such as at our showrooms, brand events, demonstrations, or trade shows. We may also collect information you choose to provide when you submit product reviews, testimonials, or other content, including photos or other materials you share with us in connection with your experience with our products or Services.
Automatically Through Our Services
As you navigate through and interact with our Services, we may use automatic data collection technologies to collect information that may include personal data. Information collected automatically may include usage details, IP addresses, operating system, and browser type, and information collected through cookies, web beacons, and other tracking technologies.
When you interact with our Services, there are third parties that may use automatic collection technologies to collect information about your or your device. These third parties include:
- Analytics companies, such as NetSuite SuiteCommerce, SuitePOS, and Google Analytics;
- Social media platforms, such as Facebook, Instagram, Pinterest, LinkedIn, and YouTube; and
- Service providers that support our website and operational functionality, such as Shopify, NetSuite Oracle, and MailChimp.
These third parties may use tracking technologies to collect information about you when you use our Services, including accessing our website. The information they collect may be associated with your personal data or they may collect information, including personal data, about your online activities over time and across different websites, apps, platforms, and other online services. We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
From Business Partners and Service Providers
In connection with our Services, we may receive personal data about you from business partners and service providers. They may share this information with us in accordance with their own privacy practices and, where applicable, the choices and consents you provided to them. We may associate or combine information we receive from these third parties with information we collect directly from you, as further discussed below.
How We Use Personal Information
We use information that we collect about you or that you provide to us, including any personal data, to:
- Provide and operate our Services;
- Process and fulfill orders and transactions;
- Fulfill any other purpose for which you provide it.
- Administer your account and manage your relationship with us;
- Respond to your inquiries and provide customer support;
- Conduct research and analysis to improve and develop our Services;
- Fulfill contractual obligations and enforce our rights, including billing and collection;
- Comply with legal obligations, ensure data security, and protect the integrity of our systems; and
- Carry out any other purpose disclosed to you at the time you provide the information, and for any other purpose with your consent where required by applicable law.
We use all information we collect for our legitimate business purposes in connection with or related to the Company and our Services, in a manner consistent with this policy and applicable law. We may share your personal data with our trusted third-party service providers and partners who perform services on our behalf and help us operate our business and provide our Services. However, we do not sell your personal data. We may also use your information for targeted advertising (also known as interest-based advertising), to send and/or show you advertisements that may be more relevant to you across our Services and third-party websites or applications. You may have the right to opt out of targeted advertising by contacting us at customercare@zfg-amer.com. We will process your request in accordance with applicable laws and this policy. You can also opt out of receiving targeted advertising from members of the Network Advertising Initiative ("NAI") on the NAI's website here https://optout.networkadvertising.org.
Sensitive Personal Information Use and Disclosure Purposes
We may use or disclose sensitive personal information of employees and applicants for the following statutorily approved reasons (Permitted SPI Purposes):
- Performing actions that are necessary for our employment relationship and that an average employee in an employment relationship with us would reasonably expect; and
- Services performed for the Company, including maintaining or servicing accounts, providing human resources and employee benefits administration, processing or fulfilling transactions, verifying employee information, processing payments, or providing financing, analytic services, storage, or similar services for the Compan.
Additional Categories or Other Purposes
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. If required by law, we will also seek your consent before using your personal information for a new or unrelated purpose.
We may collect, process, and disclose aggregated or deidentified consumer information for any purpose, without restriction. When we collect, process, or disclose aggregated or deidentified consumer information, we will maintain and use it in deidentified form and will not attempt to reidentify the information, except to determine whether our deidentification processes satisfies any applicable legal requirements.
Disclosing, Selling, or Sharing Personal Information
Business Purpose Disclosures
We may disclose the personal information we collect to third parties for the business purposes described in the Personal Information Collection, Use, and Disclosure Purposes section and in the table below, such as to engage contractors, wholesalers, distributors, and service providers to support our business functions. For example, we may disclose your address to our shipping carrier to deliver your order.
We only make these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, prohibit using the disclosed information for any purpose except performing the contract, and meet the CPRA's other contract requirements for engaging service providers or contractors.
The chart below identifies the personal information categories we disclosed to service providers or contractors for a business purpose over the preceding 12 months and the specific business or commercial purpose for disclosing that information/categories of entities to whom we have disclosed our consumers' personal information for a business purpose over the preceding 12 months, along with the personal information categories disclosed and the disclosure's business purposes.
Business Purposes Disclosure Recipient Category, Personal Information Category, and Purposes Chart
| Category of Business Purpose Disclosure Recipients | Personal Information Categories Disclosed | Sensitive Personal Information Categories Disclosed | Business Purpose Disclosures |
|---|---|---|---|
| ORDER FULFILLMENT AND SHIPPING PROVIDERS | A. Identifiers. B. California Customer Records. D. Commercial information. | None | To deliver products you purchased from us. |
| OPERATIONAL SERVICE PROVIDERS | A. Identifiers. B. California Customer Records. D. Commercial information. | None | To process and fulfill orders and transactions. Fulfill contractual obligations and enforce our rights. Comply with legal obligations. |
| CUSTOMER SERVICE SUPPORT PROVIDERS | A. Identifiers. B. California Customer Records. D. Commercial Information. E. Internet or other similar network activity. F. Approximate Geolocation data. G. Inferences. | None | To support customers with using our products and services, including online account management and troubleshooting. |
| ADVERTISING NETWORKS | A. Identifiers. B. California Customer Records. C. Protected Classes. D. Commercial information. E. Internet or Network Activity. F. Geolocation data. G. Inferences. | None | To deliver targeted advertising. To conduct research and analysis to improve and develop our Services. |
| PAYROLL/TIMEKEEPING SERVICE PROVIDERS (For Employees Only) | A. Identifiers. B. California Customer Records. C. Protected Classes. D. Professional or employment-related information. | L.1. Government identifiers. L.2. Complete account access credentials. | To process payroll and perform other human resources functions. |
| HUMAN RESOURCES/LEAVES OF ABSENCE MANAGEMENT SERVICE PROVIDERS (For Employees Only) | A. Identifiers. B. California Customer Records. C. Protected Classes. D. Professional or employment-related information. | L.1. Government identifiers. L.2. Complete account access credentials. L.3. Racial or ethnic origin. L.4. Citizenship or immigration status. L.5. Health information. | To perform human resources management services and employee support services. |
| HEALTH INSURANCE COMPANY SERVICE PROVIDERS (For Employees Only) | A. Identifiers. B. California Customer Records. C. Protected Classes. D. Commercial Information. E. Professional or employment-related information. | L.1. Government identifiers. L.2. Health information. | To provide and manage employee benefits. |
How to Exercise Your Rights
You can exercise any of these rights by contacting us at customercare@zfg-amer.com
Verification Process and Authorized Agents
Only you, or someone legally authorized to act for you, may submit a request to exercise one of your consumer rights described in this policy. If you use an authorized agent, we may require proof that the agent is authorized to act for you, such as a signed permission from you or a power of attorney, and we may ask you to verify your identity directly with us.
To process your request, we may ask you (or your authorized agent) for information to verify your identity and confirm your authority that is consistent with the verification guidelines set forth by the CPRA Regulations. If we cannot verify your identity or authority, we may not be able to respond to your request. We use the information provided in the request only to verify the request and process it.
Responding to Your Requests to Know, Delete, or Correct, or Access/Appeal
We generally respond to consumer rights requests within 45 days, and may extend that period by an additional 45 days when reasonably necessary, as permitted by law. If we deny your request, you may appeal our decision by contacting us as described in our response. We will respond to appeals in writing within 60 days. If we deny your appeal, we will provide information on how you may submit a complaint to the California Attorney General through the State’s online mechanism.
We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
How We Protect Your Personal Data
We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the Services. In particular, email, texts, and chats sent to or from the Services may not be secure, and you should carefully decide what information you send to us through these communications channels. Any transmission of personal data is at your own risk.
The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access.
Privacy Policy Changes
We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page. We will notify you of changes to this policy by updating the "last updated" date and posting the updated policy on our website. If we regularly communicate with you via email, we may email you regarding updates to this policy, but you should check this page periodically to see the current policy and any changes we have made to it.
Contact Information
To exercise your rights or ask questions or comment about this privacy policy or our privacy practices, contact us at:
| Zwiesel Fortessa Americas LLC |
|---|
| 20412 Bashan Drive Ashburn, Virginia 20147 |
| https://www.zwieselfortessa.us/contact-us |
| privacy@zfg-amer.com |
| 800-296-7508 |