- Who is controller of your data?
The App is offered by ZIPZERO Global Limited, a company registered in England and Wales under number 11786825, with its registered office at WeWork Aviation House, 125 Kingsway, London WC2B 6NH, United Kingdom ("ZIPZERO", "we", "us", and "our").
- What categories of data we collect?
We collect the following data from you when you sign up and use the App:
- Personal data: the only information you are required to provide upon signup is your valid e-mail address
- Purchasing data: if you decide to share your shopping data with us by scanning receipts or online purchase confirmations into the App, we reserve the right to save the data on those receipts and online purchase confirmations. This may include any of the following information: total value of a transaction, total number of items, individual product descriptions, individual product or service price, offers and discounts, name of the issuer, name and address of the store, contact details of the issuer, date and time of receipt or online purchase confirmation, last four digits of payment (credit) card, loyalty card number
- Data about your bills: name of your Biller; bank account and sort code or IBAN bank account details of your Biller; and your account number/customer number at your Biller
Notwithstanding the above, we automatically collect, via the App, any additional data about the device the App has been downloaded on, as well as App usage data. This information may include:
- Device ID (to keep login session only on one device in the same moment)
- Your IP address
- Version of the App used
- Application event log, which may include information on login sessions in the App
- Device type
- IMEI number
- Type and version of the mobile operating system (such as iOS or Android)
- Other diagnostic data
Providing the above data is voluntary but necessary to sign up and use the App, i.e. for the purpose of the conclusion and performance of the agreement between us, governed by the Terms of Service of the App.
We may collect subsequent data from you when you contact us via e-mail. The provision of such data is on a voluntary basis.
We do not intend to process special categories of your personal data (those includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). However you choose what data, including your personal data, you share with us by scanning your receipts into the App or sharing your online purchase confirmations with us. Please note that certain receipts or online purchase confirmations, such as those issued by pharmacies, may include special categories of your personal data. If you do not wish to share such aspects of your data, please neither scan those specific receipts into the App nor share those specific online purchase confirmations with us. If you, however, voluntarily share with us any special category of your personal data, you give us an explicit consent to process such data for the purposes described below.
For more information regarding special categories of personal data you may visit the site of the UK supervisory authority, i.e. Information Commissioner's Office (ICO).
You can use Touch ID or Face ID to sign-in to the App. In such case we neither gain access nor process your biometric data.
We do not collect any information about criminal convictions and offences.
- What is the purpose and basis for processing your personal data?
We process collected data for various purposes:
- to create your account in the App and provide you with our services via the App, including scanning and processing receipts, processing your online purchase confirmations, earning units, redeeming them for rewards (ordering payment for your bills) - the basis of processing is the necessity of processing for the conclusion and performance of the agreement between us governed by the Terms of Service of the App
- to provide you with our services via the App, including scanning and processing receipts, processing your online purchase confirmations, earning units, redeeming them for rewards (in the form of ordering bill payment) – in case of special categories of your personal data the basis of processing is your explicit consent
- to comply with our legal obligations, for example resulting from tax and accounting regulations and, in certain cases - the basis of processing is the necessity of processing to ensure compliance with a legal obligations to which we are subject
- to pursue our legitimate interests, including:
- administering and protecting our business and the App, including technical support and troubleshooting, testing, IT systems maintenance
- providing business insights into how you use the App, including creating aggregated insights and segmentation info about user preferences, opinions and shopping behaviour; within this process your data will be anonymised
- providing you with marketing communication on our behalf: we rely on a ‘soft opt-in’ to send you these if you have signed up to the App and you have not opted out of receiving marketing emails
- dealing with your inquires, claims and complaints
- preventing fraud, misuse of the App and breach of the Terms of Service of the App
- maintaining security for the App and our IT systems
- establishing, exercising or defending against legal claims
- Opting out
You have the right to refuse to receive further marketing information by email at any time by signing into your account in the App and checking or unticking the relevant boxes in the “Settings” section of the App to adjust your marketing preferences. You can also do so by clicking on the opt-out links in any marketing email sent to you.
- Your rights regarding your personal data
You have certain rights regarding your personal data. These include the right to:
request access to your personal data
At any time you can find out what data we process and receive a copy of such data.
request rectification of your personal data
You have the right to request your personal data are corrected if they are inaccurate or completed if they are incomplete.
request erasure of your personal data
You have the right to request that your personal data are deleted or removed if:
request restriction of our use of your personal data
You have the right to restrict the processing of your personal data if:
object to the processing of your personal data
You have the right to object to the processing of your personal data based on our legitimate interests.
We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or we process your personal data for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, i.e., to provide you with marketing communication from us, you have the right to object at any time to processing of your personal data for such purpose. In such case we will no longer process your personal data for such purpose.
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, electronic format.
Moreover, you have the right to transmit those data to another controller or request to have the personal data transmitted directly from us to another controller, where technically feasible.
withdraw your consent
You have the right to withdraw your consent for the data processing at any time.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
We will contact you if we need additional information from you in order to honour your requests. Please note that we may ask you to verify your identity before responding to such requests.
- Complaint to the supervisory authority
If you believe that your personal data is being processed unlawfully you can lodge a complaint with a supervisory authority – in the United Kingdom: the Information Commissioner's Office (ICO).
Contact details for other supervisory authorities in the European Economic Area, Switzerland are available here.
- Retention of your personal data
We will retain your personal data and your purchasing and bill payment activity for as long as you use the App and for a period not shorter than the limitation period for potential claims. In the case of special categories of your personal data that you have voluntarily decided to share with us, we will retain the data in question until the withdrawal of your consent.
We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
In cases where we anonymise your personal data (when it is no longer be associated with you personally, i.e. the process of creating aggregated insights and segmentations about user preferences, opinions and shopping behaviour for research or statistical purposes) we may retain and use such anonymised data indefinitely without further notice to you.
- Security of your personal data
The security of your data is important to us. We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures to ensure the security of the data processing we conduct. That said, we don’t have access to any sensitive financial information or personal bank accounts details.
While we strive to use commercially acceptable measures to protect your personal data, we cannot guarantee its absolute security. Please keep in mind that no method of transmission over the Internet or method of electronic storage is 100% secure.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party web sites or resources.
- Recipients of your personal data
We will never disclose your personal data (i.e. any information relating to you, which allows to identify you directly or indirectly) with any third party, subject to the exceptions clearly indicated below.
We may however share with any third parties anonymised data (that can no longer be associated with you), including in the form of aggregated insights and segmentations about users preferences, opinions and shopping behaviour for research or statistical purposes.
We may disclose your personal data with the following categories of recipients:
- Third party service providers and advisors (including legal, financial and technical advisors, accountants, auditors and IT support). We may share your personal data to the necessary extent with our service providers and advisors to obtain their advice or assistance or who perform business operations for us or render different services to us, for example by hosting it, enabling certain features or functionality of the App, or by providing ancillary services such as data analytics, data storage, support and maintenance or security technology. We require all our third party service providers and advisors to respect the security of your personal data and to process it in accordance with the law. We do not allow our third-party service providers and advisors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- Entities authorized to obtain your personal data on the basis of applicable law, including law enforcement agencies, courts, regulators, government authorities. We may share your personal data with these parties where it is necessary to comply with a legal obligation.
- International transfer of your personal data
We process user data, including personal data, within the United Kingdom.
However, some of our external third party service providers may be based outside the United Kingdom. The processing of personal data by such services may involve the transfer of data outside the United Kingdom.
In cases where personal data is transferred by us out of the United Kingdom we ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- the transfer is based on the UK adequacy regulations; or
- in the absence of the UK adequacy regulations – we may transfer personal data to a third country only if we have provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
We may also transfer your personal data out of the United Kingdom if one of the following conditions laid down in the provisions of the law is complied with:
- the transfer is necessary for the performance of a contract between us and you or to implement pre-contractual measures taken at your request
- the transfer is necessary for the establishment, exercise or defense of legal claims
- you have explicitly consented to the same.
For more information on international transfer of data, including appropriate safeguards in place, please contact us at firstname.lastname@example.org.
- Children's Privacy
Our App is intended for use by individuals over the age of 18. Anyone over the age of 18 should not download or use the App.
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you have become aware that your child has provided us with personal data, please contact us. If we are notified that we have collected personal data from a child without parental consent, we take steps to remove that information from our servers.
- Contact Us
Effective date: 22/11/2021