ZEPHR PRIVACY NOTICE
This Privacy Notice applies to the personal data of visitors to the Zephr Inc Limited website.
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data is Zephr Inc Limited, (“Zephr”).
1. Information we collect from you
We will collect and process the following data about you:
1.1. Information you give us.
This is information about you that you give us by filling in forms on our website(s) (“our sites“) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you send us an email, call us, register for any purpose on our sites, give us your details at an event, submit an enquiry, request a call-back, use our products and/or services, make a complaint to us and report a problem with our sites or services. The information you give us may include your name, address, e-mail address, phone number, work details. If you apply for a job with us, then it will include all personal information that you provide in your CV and/or application. If you provide any information about any other individuals such as colleagues or next of kin, you warrant to us that you are entitled to provide that information to us and to authorise us to process it on the same basis as we will process the rest of the data you provide about yourself.
1.2. Information we collect about you.
With regard to each of your visits to our sites we will automatically collect the following information:
• technical information, including the Internet protocol (IP) address (a string of numbers unique to your computer that is recorded by our web server when you request any page or component on the Website) used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
• information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our sites (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
How do I disable cookies? If you want to disable cookies you need to change your website browser settings to reject cookies.
3. Purposes for which we may process the information
We use information held about you in the following ways:
3.1. Information you give to us.
We will use this information:
• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
• to provide you with our services where we are contracted to do so by, for example, your employer;
• to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
• to provide you with information about us or our services that we feel may be of interest to you. If you do not want us to use your data in this way, please tick the relevant box situated on the form on which we collect your data or let us know by contacting us using one of the methods set out in this notice;
• if you are a “consumer” to send you marketing communications only where we have the relevant consent as required by applicable law;
• to notify you about changes to our services;
• to process and deal with complaints or enquiries;
• to ensure that content from our sites is presented in the most effective manner for you and for your computer.
Please be aware that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (e.g contact, delivery or payment information) it is a requirement for us to enter and perform such a contract or fulfil your request that you provide that information – if you do not do so, we may not be able to perform your contract or fulfil your request.
3.2. Information we collect about you.
We will use this information:
• to administer our sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our sites to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so;
• as part of our efforts to keep our sites safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
• to make suggestions and recommendations to you and other users of Zephr sites about goods or services that may interest you or them.
4. Disclosure of your information
4.1. If you post a message or if you upload any other content to any of Zephr sites, you agree that:
(a) Such message or other content may be published on Zephr website;
4.2. You agree that we have the right to share your personal information with:
4.2.1. For administrative purposes, any Zephr group undertakings, as defined in s1161(5) of the UK Companies Act 2006, provided that they either:
(a) are within the European Economic Area;
(b) are in a country that the European Union has decided has adequate data protection laws in place; or
(c) have provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.
Any use by other group members of one group member’s personal data beyond administration will be subject to all the requirements of Data Protection Law.
4.3. Additionally, we may disclose your personal information to third parties:
4.3.1. If we outsource any aspect of Zephr business or systems, then we may disclose your personal data to Zephr service provider(s).
4.3.2. In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
4.3.3. If we or a substantial part of Zephr assets are acquired by a third party, in which case personal data held by us about Zephr customers may be one of the transferred assets.
4.3.4. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms of any agreement or policy to which we are a party, or to protect the rights, property, or safety of Zephr , Zephr customers, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
5. Legal basis of processing
5.1. Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the General Data Protection Regulation. The grounds applicable to the personal data to which this notice relates are:
5.1.1. Where the processing is necessary for us to perform a contract that you are party to, or to take steps at your request prior to entering a contract, that is the ground on which we are processing that data;
5.1.2. Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;
5.1.3. Where processing is necessary for the purposes of Zephr legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your interests or fundamental rights and freedoms which require protection of your data do not override those legitimate interests (Zephr legitimate interests comprise the management, marketing and promotion of Zephr business and services);
5.1.4. If you have given your consent to Zephr processing the data, that is the basis on which we are processing that data.
If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above.
5.2. Special categories of personal data
If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, it is a condition of us receiving that information that you expressly consent (and you hereby do) to us processing that personal data for the purposes set out in section 3. Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us. (Alternatively, in an employment relationship, we may process such data to the extent necessary to give effect to Zephr and your obligations and rights in relation to employment or for the assessment of working capacity.)
6. Where we store your personal data
6.1. The data that we collect from you will be stored on Zephr servers or those of Zephr service providers. It will not be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) unless:
6.1.1. to one of Zephr group undertakings to which section 4.2.1 applies; or
6.1.2. To a processor acting on Zephr behalf which is either (i) within the EEA, or (ii) in a country that the European Union has decided has adequate data protection laws in place, or (iii) has provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.
6.2. All information you provide to us is stored on Zephr secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of Zephr sites, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.
6.3. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to Zephr sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
7. Length of data storage
7.1. Zephr policy is to ensure that personal data is only stored for as long as is necessary for the purposes set out at section 3 above. This may vary according to the type of information and the specific applicable purpose(s). We will retain data only for so long as is necessary for the purposes for which we hold it – if you would like to know what that means in respect of your personal data, please contact us (see section 8.2 below). In determining how long we retain your information we take into consideration Zephr legal obligations, good industry practice, the guidance of relevant UK authorities such as HM Revenue & Customs (HMRC), the Chartered Institute of Personnel and Development (CIPD), and also tax, accounting, health and safety, and employment rules.
8. Your rights
8.1. You have various rights under Data Protection Law. These include:
8.1.1. The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;
8.1.2. If Zephr processing is based on your consent, the right to withdraw any consent you may have given for Zephr processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;
8.1.3. The right to ask us for access to the data we hold about you (see section 9 below for further details);
8.1.4. The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;
8.1.5. The right to ask us to delete your data in certain circumstances;
8.1.6. The right to ask us to restrict Zephr processing of your data in certain circumstances;
8.1.7. The right to object to Zephr processing of your data in certain circumstances;
8.1.8. In certain circumstances, the right to require us to give you the data we hold about you in a structured, commonly used and machine-readable format so that you can provide the data to another data controller.
8.2. You can exercise any of the rights set out above, free of charge, by using any applicable methods set out in Zephr communications with you, or by contacting us at email@example.com. In respect of certain of the rights referred to above, your right may be qualified by the GDPR (which we will discuss with you following your request) or we may need more information from you, which we will ask you for following your request. We may ask you to provide further information in order to confirm your identity. Please also note that if you submit unfounded or excessive (for example repetitive) requests to exercise any of these rights, we reserve the right to make a reasonable charge for providing the requested information or taking the requested action, or to decline your request.
8.3. You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you are concerned that we are not respecting your rights under Data Protection Law.
9. Accessing your data
You have the right to obtain from us:
9.1. Confirmation as to whether we are processing (including holding) personal data about you; and
9.2. If we are processing personal data about you, you are entitled to be provided with:
9.2.1. Information as to the purposes for which we process the data;
9.2.2. Information as to the categories of the data that we are processing;
9.2.3. Information as to the recipients or categories of recipients to whom the data has or will be disclosed;
9.2.4. Information as to the envisaged period for which we will store the data, or if the basis on which that period will be determined;
9.2.5. A copy of the data (further copies are available at a reasonable charge, which we will inform you of should you request further copies). Please note that this right is subject to the rights of others in relation to their own personal data, meaning that we cannot disclose data to you if it would involve disclosing data about someone else.
9.3. Please see section 8.2 above as to how to exercise your rights under this section 9. Section 8.2 applies in full to the exercise of these rights.
10. Other websites
Zephr sites may, from time to time, contain links to and from the websites of Zephr partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org. Zephr may amend this Privacy Notice from time to time. Please visit this page if you want to stay up-to-date as we will post any changes here. If you are dissatisfied with any aspect of our Privacy Notice, you may have legal rights which we have described above where relevant.