At Zapmii Limited, safeguarding your personal data is a priority. This Data Protection Notice supplements our Privacy Policy by providing detailed information on the collection, use, and protection of your personal data. Our aim is to ensure transparency and give you full control over your information, clarifying how it is handled and the options available to you regarding its use. Through this notice, we commit to maintaining the highest standards of data protection and to adhering strictly to data protection regulations that safeguard your privacy rights.
The data controller responsible for processing your personal data is Zapmii Limited. Should you have any questions or concerns regarding data protection at Zapmii, please feel free to reach out to our Data Protection Officer, you can find the contact details at the bottom of this document.
As a data subject, you are granted several rights under the EU General Data Protection Regulation (GDPR), which include, but are not limited to:
These rights are designed to empower you and ensure transparency and fairness in how your personal data is handled by Zapmii Limited. If you need assistance or further information about these rights, please contact us at the provided contact details.
To ensure clarity and ease of understanding as you navigate our Data Protection Notice, below are key definitions of terms used within this document:
These definitions are intended to help you understand your rights and responsibilities under the Data Protection Notice as they relate to the processing of your Personal Data by Zapmii Limited.
To better understand the roles and responsibilities of Zapmii Limited in relation to the processing of personal data, it is important to distinguish between when Zapmii acts as a Processor and when it acts as a Controller:
Zapmii operates as a Processor when handling personal data provided by the Customer. In this capacity, Zapmii processes personal data strictly according to the instructions received from the Customer. This role is in compliance with Articles 28 and 29 of the General Data Protection Regulation (GDPR), which stipulate that the Processor must not use the personal data for any purpose other than the instructions provided by the Controller (in this case, the Customer). The processing activities include, but are not limited to, storing data on behalf of the Customer and performing services that involve personal data, such as data analysis or support services.
In scenarios where Zapmii processes data necessary to manage the relationship with the Customer, such as for billing, account management, or providing customer support, Zapmii acts as an independent Controller. This means that Zapmii determines the purposes and means of these processing activities. As a Controller, Zapmii is responsible for ensuring that all processing of personal data is done in accordance with the applicable Data Protection Laws, including GDPR. This includes maintaining records of personal data processing activities, ensuring the security of the data, and upholding the rights of the data subjects.
Understanding these roles helps clarify the legal basis for how personal data is handled and ensures transparency for our customers concerning the processing of their personal data by Zapmii Limited.
In the relationship between Zapmii and its Customers, certain responsibilities are specifically designated to the Customer to ensure compliance with applicable data protection laws and to facilitate the effective management of personal data. These responsibilities include:
The Customer is responsible for ensuring that all instructions given to Zapmii for the processing of personal data are compliant with Data Protection Laws, including but not limited to the General Data Protection Regulation (GDPR). This includes the obligation to ensure that any data provided to Zapmii has been collected and is processed in accordance with legal requirements, such as having appropriate legal bases (e.g., consent, contractual necessity, legitimate interests) for the processing of that data.
The Customer is primarily responsible for handling communications and requests from data subjects (the individuals to whom the personal data relates) regarding the Customer's personal data. This includes requests for access, correction, deletion, or portability of personal data, as well as responses to inquiries about data processing practices. The Customer must also handle any communications from data protection regulators related to the personal data they control. This responsibility ensures that data subjects' rights are respected and responded to promptly, as required under GDPR.
These obligations are critical to maintaining the integrity and legality of the data processing activities and to ensuring that both parties — Zapmii and the Customer — uphold their respective responsibilities under the law. It is crucial for Customers to have adequate measures and procedures in place to meet these obligations efficiently and effectively.
In the data processing relationship, Zapmii has specific obligations that ensure the integrity, security, and compliance of the personal data it handles on behalf of the Customer. These responsibilities are foundational to our commitment to data protection and privacy.
Zapmii commits to processing personal data solely within the scope necessary to provide its contracted services to the Customer. All data processing activities are conducted strictly according to the Customer's explicit instructions. This adherence ensures that any action taken with the data aligns with the Customer's data processing agreements and complies with the relevant Data Protection Laws. Zapmii will not process, alter, or use the data beyond these confines without obtaining prior consent from the Customer.
Zapmii ensures that all employees who are involved in processing personal data are bound by strict confidentiality obligations. These obligations are in place to prevent unauthorized use or disclosure of any Customer personal data. Zapmii takes these responsibilities seriously and implements appropriate organizational measures to ensure that staff understand and respect their duties of confidentiality. This includes regular training and updates on data protection principles and ensuring that access to personal data is limited to only those employees who need it to perform their job functions.
Zapmii implements appropriate technical and organizational measures to ensure the security of personal data, in compliance with Article 32 of the GDPR. These measures are designed to prevent unauthorized or unlawful processing, accidental loss, destruction, or damage to personal data. This includes the use of encryption, ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services, and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
These obligations reflect Zapmii’s commitment to uphold the trust placed in it by its customers and to ensure that all personal data entrusted to the company is handled with the highest standards of privacy and security.
To ensure transparency and compliance with our Data Protection Notice (DPN), Zapmii has put in place comprehensive auditing measures:
Zapmii will maintain accurate and comprehensive records of its data processing activities carried out on behalf of the Customer. These records are essential for demonstrating compliance with the obligations set forth in this DPA. Zapmii commits to making these records available to the Customer to verify that all personal data is handled in accordance with the agreed-upon terms. The records will be retained by Zapmii for no longer than 14 days, ensuring timely review and compliance while also maintaining data minimization principles.
Upon receiving 30 days' prior notice from the Customer, and at the Customer’s expense, Zapmii and the Customer will agree to appoint an independent third-party auditor. This auditor will be tasked with verifying Zapmii’s compliance with the DPA. To maintain a balance between thorough oversight and operational efficiency, this audit process is limited to once every 12 months. This limitation helps to ensure that audits are conducted in a manner that is thorough yet not disruptive to the ongoing services and operations.
These audit procedures are designed to foster an environment of trust and accountability, allowing the Customer to confirm that Zapmii adheres to high standards of data protection and compliance as stipulated in the DPA.
Zapmii is committed to ensuring that all transfers of personal data across international borders are conducted in strict compliance with the data protection laws applicable within the European Economic Area (EEA) and the United Kingdom. This commitment is in line with Chapter V of the General Data Protection Regulation (GDPR), which governs the transfer of personal data to third countries or international organizations.
To ensure that personal data is protected with an equivalent level of protection as provided in the EEA and UK, Zapmii employs robust mechanisms for international data transfers. These mechanisms are designed to meet the stringent requirements set forth by the GDPR.
One of the primary mechanisms used by Zapmii to ensure lawful data transfers outside the EEA and the UK is the implementation of Standard Contractual Clauses. SCCs are legal tools approved by the European Commission that provide strong data protection safeguards and are binding on all parties involved in the data transfer. By incorporating SCCs into our agreements with international partners and third-party service providers, Zapmii ensures that every party involved commits to upholding the same level of data protection as required under European data protection laws.
Alongside SCCs, Zapmii evaluates the legal and regulatory environment of the receiving country to ensure it does not impinge on the effectiveness of the SCCs. Where additional risks are identified, Zapmii implements supplementary measures to enhance data protection and address any gaps, thereby ensuring the continued protection of personal data when it is transferred internationally.
Zapmii’s approach to international data transfers is to provide clear, legally robust, and enforceable frameworks that ensure compliance with applicable data protection laws, safeguarding the privacy and rights of individuals no matter where their data is processed.
Zapmii is committed to ensuring that all handling of Customer Personal Data is conducted in a manner that respects the privacy and ownership rights of the Customer. This commitment extends to the procedures followed upon the termination of the Agreement between Zapmii and the Customer.
Upon the termination of the services or the Agreement under which Zapmii has been processing personal data on behalf of the Customer, Zapmii will take appropriate steps to either delete or return all Customer Personal Data in its possession, in accordance with the Customer's preference and the terms agreed upon in the Agreement. This process is designed to ensure that the Customer retains full control over their data and can manage its disposal or recovery as they deem appropriate.
There may be circumstances where Zapmii is required by law to retain some or all of the Customer Personal Data even after the termination of the Agreement. In such cases, Zapmii will only continue to process the necessary personal data for the period specified by legal requirements. This continued processing will be strictly limited to those purposes required by law, such as compliance with tax requirements or other statutory retention duties.
Throughout the process of deletion or return, and any required continued processing, Zapmii ensures that all personal data is handled securely, in compliance with the relevant data protection laws and the high standards set forth in our Data Protection Notice and Privacy Policy. Zapmii employs robust security measures to prevent any unauthorized access to, or use of, the personal data during this period.
Zapmii will provide the Customer with documentation or confirmation once the personal data has been successfully deleted or returned. This serves as a formal closure of the data processing responsibilities under the terminated Agreement and assures the Customer of the complete disposition of their data in accordance with their instructions and legal obligations. This approach ensures that all Customer Personal Data is handled responsibly at the end of its lifecycle with Zapmii, providing peace of mind.
Zapmii's platforms, including our websites and services, may feature links to or integrations with websites, applications, or other platforms that are not operated or controlled by Zapmii ("Third-Party Services"). These Third-Party Services are independent of our control and are not covered under this Agreement or our Privacy Policy.
It's important to recognize that Third-Party Services operate under their own terms of service and privacy policies. Because these policies are crafted independently of Zapmii, they may have different standards and practices concerning data handling, privacy, and security.
Zapmii does not endorse, is not responsible for, and does not assume liability for the content, accuracy, or opinions expressed in Third-Party Services. Furthermore, we do not actively monitor or verify the content of Third-Party Services for accuracy or completeness. As these services are outside our domain of control, interactions with Third-Party Services, including the submission of personal information, are at your own risk.
We strongly recommend that you review the terms of service and privacy notices of each Third-Party Service you choose to interact with. Before engaging with any Third-Party Service, it is crucial to ensure that their policies and practices regarding data protection, privacy, and security meet your requirements and comply with applicable laws. This precaution helps protect your personal information and ensures a safer online experience.By proceeding to interact with any Third-Party Services linked to or from Zapmii’s platforms, you acknowledge and accept that you are doing so under the terms and privacy policies stipulated by those third parties.
Zapmii is committed to protecting the privacy of young individuals and adheres strictly to data protection laws regarding age restrictions.
Zapmii's Sites and Services are not designed for, nor do they intentionally target or solicit information from, individuals under the age of 16. By using our Sites and Services, you affirm that you are at least 16 years old, or of a sufficient age to consent to the processing of your personal information under the laws of your jurisdiction.
We do not knowingly collect personal information from individuals under the age of 16. In the event that we learn we have collected personal data from a person under 16 without verification of parental consent, we will take steps to remove that information from our servers as quickly as possible.
If you are a parent or guardian and discover that your child under the age of 16 has provided us with personal information without your consent, please contact us at contact@zapmii.com. We will take appropriate steps to investigate and address the issue promptly.
Regardless of age, all users have certain rights concerning their personal information, including:
These measures ensure that Zapmii provides a safe and compliant environment for all users, particularly respecting the rights and safety of minors under the age of 16. If you have any concerns about how your personal information is handled, please reach out to us using the provided contact details.
Zapmii takes your privacy seriously and shares your data only in accordance with legal requirements and with entities that help us provide our services efficiently:
These are companies we commission to process data on our behalf within the legal framework set out by Article 28 of the GDPR. These service providers and vicarious agents help us in areas such as IT, sales, marketing, finance, consulting, customer service, human resources, logistics, and printing. While we share data with these processors, Zapmii remains fully responsible for the protection of your data and ensures that these processors comply strictly with data protection laws through stringent contractual agreements.
Wealso share data with cooperation partners who provide services directly to you or in connection with your Zapmii contract under their own responsibility. This occurs only if you have commissioned services from these partners through us, if you have consented to the involvement of the partner, or if the involvement is based on legal permissions.
In certain instances, we are legally obliged to transmit data to a requesting government agency. This transmission occurs strictly within the bounds of legal requirements and is conducted transparently where possible.
Generally, your data is processed within the United Kingdom, Germany, and other countries within the European Union, ensuring that your data is protected under the stringent standards of the GDPR.
If your data is processed in countries outside the European Union, known as third countries, such processing occurs only under specific conditions:
Furthermore, any data transfer to third countries is conducted only if appropriate safeguards are in place, such as an adequacy decision by the EU Commission or other suitable guarantees under Articles 44 to 49 of the GDPR. These measures ensure that the level of data protection is equivalent to that of the European Union.
Zapmii Limited takes data privacy seriously and employs various technologies to ensure a secure, efficient, and user-friendly experience on our websites. Here’s an overview of the data we collect, how it's used, and its retention period.
When you visit our websites, our web server temporarily records details such as your computer's domain name or IP address, the request your client makes (file name and URL), the http response code, and the website from which you visit us. This data is crucial for data security purposes to help protect against and mitigate any attempts to attack our web server. The legal basis for this processing is Article 6(1)(f) of the GDPR. This data is not used to create individual user profiles, nor is it passed on to third parties. It is deleted after no more than 7 days. We may, however, statistically evaluate anonymized data sets.
Weuse cookies to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies are small text files stored on your computer which allow us to recognize if you visit our websites from the same device repeatedly.
JavaScript is used to launch applications and transmit collected parameters to the respective service provider.
Furthermore, any data transfer to third countries is conducted only if appropriate safeguards are in place, such as an adequacy decision by the EU Commission or other suitable guarantees under Articles 44 to 49 of the GDPR. These measures ensure that the level of data protection is equivalent to that of the European Union.
Cookies are small text files that store small amounts of information sent to and stored on your computer, smartphone, or other devices when you access a website. They are used to recognize a user's device across different visits and sessions.
You can manage cookies by deleting existing cookies from your computer and altering your browser's privacy settings to block future cookies. Please note, however, that restricting cookies may impact your ability to use certain features of our website, such as logging into your Zapmii account.
These practices are outlined in detail in our Privacy Policy, which sets out how we protect your privacy while using our services.
Zapmii reserves the right to make amendments or updates to this Data Protection Addendum (DPA) as required to maintain compliance with changes in legal, regulatory, or operational requirements. We understand the importance of keeping our data protection practices up-to-date and reflective of current laws and technologies.
Should there be any material changes to this DPA, Zapmii will provide notice to Customers. This notification will typically be made via email to ensure that you are informed in a timely manner. It is our goal to ensure transparency in how such updates may impact the way your personal data is handled and to give you adequate time to review the changes.
We encourage our customers to review the updated DPA to understand how their personal data will be processed going forward. Customers are always welcome to reach out to us if they have any questions or need further clarification about the changes.
The updated DPA will take effect immediately upon our posting of the revised document unless otherwise specified in the notice. By continuing to use our services after these changes take effect, you agree to be bound by the revised DPA. If you do not agree to the new terms, you should discontinue using our services and notify us of your decision.
By proactively managing and communicating updates to our DPA, Zapmii ensures that both our practices and our Customers’ expectations are aligned, thus maintaining a high standard of data protection and trust.
If you have any comments or concerns regarding our privacy policy, or the manner in which we handle your personal data, or if you would like to exercise any of the rights outlined in our policies, please feel free to contact us. We are committed to addressing your inquiries and ensuring that your rights are respected and acted upon promptly.
By Email: For all data protection inquiries, including requests to exercise your data subject rights, please contact us via email at contact@zapmii.com
By Post: Data Protection Officer, Zapmii, PO Box 636, TN23 9BW, United Kingdom.
Support Queries: For general support queries, such as issues accessing the service, please visit our support site at Zapmii Help. Further contact details and assistance can be found at Contact Us. Your feedback and satisfaction are important to us, and we look forward to assisting you with any questions or concerns you may have regarding your personal data and our privacy practices.
This document was last updated on May 09, 2024
