LAST UPDATED ON: 6 September 2018
Zapaygo Privacy Notice
Welcome to Zapaygo.
We are committed to respecting and protecting your privacy. This privacy notice sets out how we collect and use the personal data that you provide to us via this website, www.zapaygo.com (our “Site“), and our mobile app, Zapaygo (our “App“, and together with Site, and any other services we provide to you, our “Services“). It also tells you about your privacy rights and how certain laws may apply to you.
If you have any queries about this notice or how we use your personal information, please contact us at [email protected]
- About us
- What personal data do we collect via the site?
- How we collect personal data
- How and why we use personal data
- How we share personal data
- International transfers
- Data security
- How long we keep personal data
- Third party links
- Your rights
- Changes to this notice or your data
- About us
Our Services are operated by Zapaygo Investments Ltd (“Zapaygo“, “us“, “we“, or “our“).
Zapaygo is a limited company registered in England & Wales with company number 09741006, and with its registered office at 33 Cavendish Square, Marylebone, London, W1G 0TT, UK. Zapaygo is the data controller of any data you provide to us via our Services, and is registered with the UK Information Commissioner’s Office under number ZA461779.
You can contact us about any queries you have regarding this privacy notice at either our postal address above, or at [email protected].
- What personal data do we collect via the Services?
‘Personal data’ means any data which can be associated with you as an individual, either directly or indirectly. We collect different information depending on how you use the Services and how you interact with us.
The personal data we collect via the Services may include:
- Identity information, such as your name, organisation name and position, and your driving licence and passport information (please see section 4a below for information on how and why we collect this information).
- Contact data, such as your address and email and telephone details.
- Usage data, which includes information about how you use the Services (including any bookings, reservations or other services we have provided to you, and our conversations with you), and your location.
- Log-in information, such as your user name and password. Alternatively, if you create an account using a social network (such as Facebook, Twitter or Google+), we will obtain information such as your name, Facebook ID, twitter handle, profile picture, network, gender, username, user ID, age range, language, country, friends list, followers and any other information you have agreed that the relevant platform can share.
- Payment and transaction information, including your booking history, and certain other information associated with your payments. This does not include your payment card details, which you provide direct to our payment processors. We do not collect or store payment card details.
- Technical data, such as the device you are using to access our Services, your unique device ID, your internet protocol (IP), browser type and version, time zone and location, display settings, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services.
- Marketing and communications data, including any communications we may receive from you, and your preferences in receiving notifications, marketing and other communications from us.
We do not ask you for ‘special categories’ of personal data, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or health information. However, if you choose to provide us with this information, and provide us with your explicit consent, we may retain it. We do not collect data about actual or alleged criminal offences.
- How we collect personal data
Different personal data is collected in different ways.
- Personal data you provide to us
When you create an account to use our Services, you will provide us with your identity, contact, and log-in information, and your marketing and communications preferences.
When you enter your payment card details via our Services, they are provided to our payment processors, like SagePay, SmartPay, FirstData. You will also provide us with personal data when you correspond with us.
- Personal data we collect as you use our Services
As you use the Services, we will collect your technical, usage and transaction data as described above.
Some of this data is collected using cookies, beacons and similar technologies. Cookies are files with small amount of data which are sent to your browser (or device) from our Services and stored on your device.
We use the following cookies:
|Cookie name||What it is used for|
|skipReferrerState, preapproved, allowedState, applied||This is used on the Site to identify what part of the application a user is on and to persist across page refreshes and browser openings. This prevents multiple applications on the same device.|
|Localization||This is used on the Site to temporarily store the estimated latitude and longitude of the user’s IP address in order to indicate the user’s default city. This cookie is stored in session storage, and deleted when the browser tab is closed.|
|user token||This authenticates requests with our server, which includes refresh and access tokens.|
|session||This is used on Android devices to display a member’s name (including their first name, surname, phone, email, and profile picture URL).|
|authToken||This is used to authenticate the member with the server.|
|memberData||This is used on iOS devices to display and welcome the member by name (includes the member’s first name, surname, phone, email, and profile picture URL).|
|_ga, __utma, __utmb, __utmc, __utmt, __utmz _gid||This helps us count how many people visit our Site, and tracks repeat visitors via Google Analytics. This cookie expires after 2 years.|
|mp_mixpanel||This cookie stores an anonymous, randomly-generated ID to detect repeat visits to the Site on the same device, and associates actions to the device. This cookie expires after 3 months.|
You can remove cookies from your computer through the settings on your browser, but be aware that this may impact your ability to make use of some features on our and other web sites. Management of cookie settings varies from one browser to another. The “Help” menu of your web browser will provide full instructions.
We also use Google Analytics, a third party service provided by Google, to help us analyse user habits to help increase the functionality of our Services. The information will be used by Google only for the purpose of evaluating the use of our Services. Google Analytics has its own privacy notice, which can be viewed here.
- How and why we use personal data
We will only use your information where:
a) We need the information to fulfil our contract with you
If we have entered into a contract to provide you with our Services, we will need your personal data in order to do so. The personal data that we use will depend on the service(s) we have agreed. For example:
- We will use your contact details so that we can communicate with you about the Services we provide, to facilitate providing our Services to you and, and to respond to any requests, queries, issues or concerns you may have.
- If you ask us to book certain forms of travel on your behalf, we will need your driving licence and/or passport details in order to do so.
- We will use your identity and log-in data create a public profile for you on our Services. You will need this profile to use our Services.
- We will use your technical information to ensure that our Services display and function correctly on your device.
- We will use your identity, contact, log-in and usage data to customise our Services to you.
- We (and our service providers) will need your payment information to facilitate any payments you authorise. For further information about this, please see Section 6 (‘How we share your data’ section) below.
- As part of our Services, we will recommend products and services to you. We will use your IP address to determine your approximate location (for example, by city, state, or country), and use this information to ensure that the suggestions or other content we suggest to you is relevant to your location. For the avoidance of doubt, we will never track your exact location unless you have provided us with your express permission to do so.
- To provide you with membership rewards and incentives.
b) We have a legitimate interest (reasonable business purpose) in doing so
We will use your information for our legitimate business reasons where our doing so will not unduly affect your rights.
We will use your identity, log-in, contact and usage information to keep our records up to date.
We will use your technical, location and usage information to:
- provide and make improvements to our Services, system maintenance, support, reporting and hosting of data, and troubleshooting;
- ensure that our Services are secure;
- analyse how users interact with our Services; and
- develop new products and services.
We may also use any or all of the information above to administer and manage our business in general, to detect and prevent misuse of our Services (including fraud and unauthorised payments), and to enforce our Terms and Conditions or any other contract to which we may be a party. If you feel that your interests and fundamental rights outweigh our business purposes, and that we should therefore stop processing your data, please let us know.
c) You have given us your consent
If you sign up to our mailing lists, we will send you updates and marketing information that you have consented to receive. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send, or by emailing us at [email protected].
If you have chosen to create an account with us using a social media network, we will have access to the information set out in Section 2 (‘What personal data do we collect via the Services?’) above. If you would prefer that we do not have access to this personal data, you can create an account using only your email address. Likewise, we will only share your personal data on any social media platform with your consent. We do not post on your social media accounts without your permission.
We will only ever store any ‘special categories’ of data when you have provided us with your explicit consent to this.
We will only ever use your exact location data if you have given us your express consent to this. Likewise, we may need your contact, identity, technical and/or usage information to respond to a question you have asked us.
d) We need to comply with a legal or regulatory obligation
In certain circumstances, we may need to retain or use your personal data to comply with regulations and/or the law.
Our Services are not intended to be used by any child under the age of 18. Please do not provide us with any personal data relating to children under the age of 18 unless you are their legal guardian.
- How we share personal data
We will share your data:
a) With our trusted third party service providers
- When you request Services that will be fulfilled by a third party (such as a restaurant, theatre or gallery, for example), we will share your details with that third party (our “Suppliers“). We will only disclose your information to Suppliers the extent necessary for the Service(s) you have requested. This will typically include your identity and contact information.
- We share certain information with our information technology providers, such as website and mailing list hosts.
- We may also share data with analysts, consultants and other professional advisors whom we retain for advice in respect of our business operations.
We will only disclose your data to third party service providers under terms of confidentiality, and they will only use your personal data for the purposes stated in this notice.
We will also share your information with other third parties and suppliers, but only if you ask us to do so (for example, if you ask us to make a booking on your behalf).
b) With other members of our Services
Where we provide the functionality, you may choose to share some of your profile information with other members of the Services. We will never make your profile visible to other members without your express consent.
c) With our US entity
Our US affiliate company is called Zapaygo Investments Inc. We share personal data between our UK and US entities.
d) If you choose to share it via social media
Where we provide the functionality, you may choose to share some of your information from our Services with your friends, followers or contacts on social media.
Your personal data may be disclosed or transferred to potential or actual buyers of, investors into or lenders to our business or any of our assets, or any of the advisors or representatives of the above. If so, we will ensure that appropriate confidentiality terms are in place.
- International transfers
Our Services are hosted on servers located worldwide. We also use cloud-hosted software solutions which are located in the US and EU.
Where we transfer personal data outside of the EU to a recipient in a third country in the absence of an adequacy decision by the European Commission, we take care to ensure that our data exports are compliant with data privacy law. We do this by relying on the Model Clauses and/or ensuring that the recipients of the data are certified under the EU-US Privacy Shield scheme. For further information, and/or to obtain copies of the relevant documents, please contact us at [email protected].
- Data security
The safety of your personal data is of paramount important to us, and we use various technical and organisational measures to ensure that your data is secure.
However no transmission of information via the Internet or electronic storage is ever completely secure. Although we take appropriate measures to safeguard against unauthorised disclosures of information, we cannot guarantee the security of your data.
- How long we keep personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
To obtain further information about how long we retain your personal data, please contact us at [email protected].
- Third party links
Our Service may contain links to third party sites whose information practices may be different than ours. Please consult all third party sites’ privacy notices, as we have no control over information that is submitted to, or collected by, third parties.
- Your rights
You have the right to:
- require us to rectify the personal data we hold about you, where that data is incorrect;
- require that we restrict the processing of your personal information in certain circumstances;
- request access to the personal data that we hold about you;
- require that, in certain circumstances, we delete the personal information we hold about you;
- require that we provide you with the information that we hold about you in a structured, commonly used and machine-readable format; and/or
- withdraw your consent to our using your data for marketing purposes at any time.
You also have the right to lodge a complaint with the Information Commissioner’s Office, which is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, be grateful if you would contact us in the first instance so we can endeavour to deal with your concerns direct.
If you wish to exercise any of these rights, please contact us at [email protected].
To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.
Changes to this notice or your data
We may amend or modify this privacy notice from time to time. We will post any revised notice on this site and on our app, and if the changes are significant, we will notify you by email.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Zapaygo Investment Limited (“We“) are committed to protecting and respecting your privacy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (the “Act“), the data controller is Zapaygo Investments Limited of 33 Cavendish Square, Marylebone, London, W1G 0TT, UK
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms on our site www.zapaygo.com (our “site“). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of transactions you carry out through our site and of the fulfilment of your orders.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
Where we store your personal data
We do not store credit card details nor do we share customer details with any third parties. Where we have given you (or where you have chosen) a password or personal identification number (“PIN“) which enables you to access certain parts of our site, you are responsible for keeping this password or PIN confidential. We ask you not to share a password or PIN with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Uses made of the information
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To carry out our obligations arising from any contracts entered into between you and us.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
We may also use your data, or permit selected third parties to use your data, to provide you with information about goods and services which may be of interest to you and we or they may contact you about these by post or telephone.
If you are an existing customer, we will only contact you by electronic means with information about goods and services similar to those which were the subject of a previous sale to you.
If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the registration form).
Disclosure of your information
We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Zapaygo Investments Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- In order for Zapaygo to provide Zapaygo services, you permit Zapaygo to disclose to apps that you have set up Zapaygo, and to share your device, payment, location and account information with your card’s issuer and payment network. Where necessary to process your transactions, you also permit Zapaygo to share your personal information with merchants, payment processors and other third parties.
- In order for Zapaygo to provide and improve Zapaygo services, you permit Zapaygo to collect transaction, account and other personal information from third parties, including merchants and your card’s issuer.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at suppo[email protected]
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
We provide access to all communications and interactions that you have had within or using zapaygo. No personal information held about you is hidden from you.