We are committed to protecting the rights and privacy of individuals, in accordance with the Data Protection Act 2018 and other applicable legislation including General Data Protection Regulation (GDPR) (“the Data Protection Legislation”).
ZoneBud is a trading name of Saipal UK Ltd (“we”, “us” and “our” below). For the purposes of the Data Protection Legislation, Saipal UK Ltd is a Data Controller.
Scope of our Services
ZoneBud operates a service that allows you to share your location with other users (i.e. Zone Manager/s) in your Zone (each group, a “Zone”), which we make available through our Services and our website https://www.ZoneBud.co (the “Service”).
Data we collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together below. Note that here will be some differences in what we collect from different categories of users of the Service, so some of the kinds of personal data mentioned below may not apply to you.
- Identity Data: includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data: includes billing address, delivery address, email address and telephone numbers.
- Financial Data: includes VAT numbers. All sensitive financial data is stored directly in a medium whereby we cannot view any customer sensitive information.
- Technical Data: includes internet protocol (IP) address, login data, browser type and version, time zone setting, browser language, operating system language and location, browser plug-in types and versions, type of device, operating system and platform, and other technology on the devices you use to access the Service.
- Profile Data: includes username and password, your interests, preferences, feedback and survey responses.
- Usage Data: includes information about how you use our Service.
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Service feature.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences
How your information is used
We may use your personal information for the following purposes:
- To confirm your identity
- To administer the account of your company/organisation
- To update and correct our records
- To aid communications
- To carry out statistical and market analyses, including benchmarking exercises, to enable us to understand you better and improve our services
- To develop, test and improve our systems
- To notify you about changes to our services
- To ensure the content of the Service is presented in the most effective manner for you and for your device
- To assist with our internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- To improve the Service to ensure that content is presented in the most effective manner for you and for your computer.
- for management and auditing of our business operations including accounting
- to comply with legal and regulatory obligations, requirements and guidance
Use of Location Data
In providing the Service, we will make use of location data sent from your mobile device. You consent to the use of your location data by way of transmission, collection, maintenance and processing. You may withdraw this consent at any time by terminating your registration for use of the Service.
Retaining your personal information
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- We will keep personal information held as part of our records for the duration of your organisation’s relationship with us. At the end of that relationship, we will delete the majority of records and only retain the minimum information necessary to deal with any future issues;
- Retention periods in line with legal and regulatory requirements or guidance
Sharing Your Information
Except as described below, we will not share your information with any third parties.
We may disclose the information you provide us:
- to other users and managers from your organisation;
- to our third party service providers including but not limited to Google Analytics;
- to any of our group companies (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006);
- as required by law, any Service regulation to protect the rights, property, or safety of ourselves or others. This may include disclosing to other companies and organisations in connection with fraud protection and credit risk reduction;
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
- if we are involved in a merger, acquisition, or sale of all or a portion of our assets, to any prospective seller or buyer of all (or part of) our business or assets. You will be notified of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information;
- as part of a completely anonymised data set to research bodies or other organisations to perform analysis
- to any other third party with your prior consent to do so.
We may also share your geolocation and movement data, mobile device information (such as information generated by the gyroscope and accelerometer in your device) and application analytics, including IP address and device identifiers and information provided by you during your registration of a ZoneBud account.
As part of your use of our Service, we will share limited information with GeoSpark (GeoSpark, Inc. 2035 Sunset Lake Road, Suite B-2, Newark, New Castle, Delaware – 19702) which provides Geo analytics services to enable us to provide certain functionalities of the Service, such as Device location and geofence monitoring. This information is limited to your User App ID and as such is anonymous. No personal data will be shared with GeoSpark.
We will never pass your information to a third party for them to use in their own direct marketing without your express consent.
We will take reasonable and appropriate technical measures to ensure that your personal information is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our Service is at your own risk.
We are committed to protecting the privacy of your personal data. We use appropriate standards of technology and operational security to protect personal information including a secure server and network firewall connection. Operationally, access to personal information is restricted to authorised personnel who are under a duty to maintain the confidentiality and security of such information.
Transmission of Data Overseas
In certain circumstances, we may transfer your personal information to countries outside the United Kingdom or the European Economic Area (meaning the EU 27 member states, the UK, Norway, Iceland and Liechtenstein) (EEA). This may include circumstances where we use service providers who are based outside the UK or EEA or who use “cloud” infrastructure which means that their servers are based all over the world. Where we transfer your information to companies outside the UK/EEA, we will make sure it’s protected in a manner that is consistent with how your information will be protected by us. This can be done in a number of different ways for instance:
- The country that we send the information to might be approved by the European Commission.
- The recipient company might have signed up a contract obliging them to protect your information.
- The recipient is located in the US and is a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your information outside the UK/EEA. In all cases however, we will ensure that any transfer of your information is compliant with the Data Protection Legislation.
You have a number of legal rights in relation to the information that we hold about you, including:
- Right to access: You have the right to request access to your personal data held by us. Requests are to be made in writing, electronically and information will be provided in a commonly used electronic format. Requests will be handled within one month of receipt of the request, and free of charge with the exception of where requests are manifestly unfounded or excessive we hold the right to charge a reasonable fee taking into account the administrative costs of providing the information. More information can be found at https://ico.org.uk/for-the-public/personal-information/.
- Right to rectification: You have the right to have personal data rectified if inaccurate or incomplete. Where the personal data in question has been disclosed to a third party, they will be made aware of the rectification where possible. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.
- Right to erasure: You have the right to request the deletion or removal of personal data in the following circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When you withdraw consent.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
This does not provide an absolute “Right to be forgotten”. Where the personal data in question has been disclosed to a third party, we will inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so. Personal data will be erased by removal from our internal and cloud servers.
- Right to restrict processing: You have a right to ‘block’ or suppress processing of personal data if you contest its accuracy; have objected to the processing; processing is unlawful and you oppose erasure; we no longer need the personal data but you require the data to establish, exercise or defend a legal claim. Where the personal data in question has been disclosed to a third party, we will inform them about the restriction on processing of the data, unless it is impossible or involves disproportionate effort to do so.
- Right to data portability: You have the right to obtain and reuse your personal data for your own purposes. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.
- Right to object: You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. Requests will be dealt with and have immediate effect with no right for refusal.
You can also contact us to exercise your right to request that:-
- We stop using your personal information for certain purposes
- Your information is provided to you in a portable format
- Decisions about you are not made by wholly automated means
Many of the rights listed above are limited to certain defined circumstances and we may not be able to comply with your request. We will tell you if this is the case.
If you choose to make a request to us, we will aim to respond to you within one month.
You also have the right to make a complaint with the Information Commissioner at www.ico.org.uk if you think that any of your rights have been infringed by us.
All requests will be dealt with in your own merit, and in accordance with the Data Protection Legislation guidance.
Should a data breach occur, we have compliant procedures in place to investigate and report the matter to the Individual. In the event of a breach, it will be reported to you within 72 hours of discovery. A record of any breaches will be kept by us.
You can exercise your rights by contacting us using the details set out in the Contact Address below.
SAIPAL UK LTD
31 Church View