2. Who is the controller of your data?
The App is offered by ZIPZEROGlobalLimited, a company registered in England and Wales under number 11786825, with its registered office at WeWork Aviation House, 125 Kingsway, London WC2B 6NH, United Kingdom ("ZIPZERO", "we", "us", and "our").
3. What categories of data do we collect?
We collect the following data from you when you sign up and use the App:
- Personal data: the only information you are required to provide upon signup is your valid e-mail address,
- Purchasing data: if you decide to share your shopping data with us by scanning receipts or online purchase confirmations into the App, we reserve the right to save the data on those receipts and online purchase confirmations. This may include any of the following information: total value of a transaction, the total number of items, individual product descriptions, individual product or service price, offers and discounts, name of the issuer, name and address of the store, contact details of the issuer, date and time of receipt or online purchase confirmation, last four digits of payment (credit) card, loyalty card number,
- Data about your bills: name of your Biller; bank account and sort code or IBAN bank account details of your Biller; and your account number/customer number at your Biller.
Notwithstanding the above, we automatically collect, via the App, any additional data about the device the App has been downloaded on, as well as App usage data. This information may include:
- Device ID (to keep login session only on one device at the same moment),
- Your IP address,
- Version of the App used,
- Application event log, which may include information on login sessions in the App,
- Device type,
- IMEI number,
- Type and version of the mobile operating system (such as iOS or Android),
- Device geolocation,
- Other diagnostic data.
Providing the above data is necessary to sign up and use the App, i.e. for the purpose of the conclusion and performance of the agreement between us, governed by the Terms of Service of the App.
We may collect subsequent data from you when you contact us via e-mail. The provision of such data is on a voluntary basis.
We do not intend to process special categories of your personal data (those include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). However, you choose what data, including your personal data, you share with us by scanning your receipts into the App or sharing your online purchase confirmations with us. Please note that certain receipts or online purchase confirmations, such as those issued by pharmacies, may include special categories of your personal data. If you do not wish to share such aspects of your data, please neither scan those specific in-store receipts into the App nor share those specific online purchase confirmations with us. If you, however, voluntarily share with us any special category of your personal data, you give us explicit consent to process such data for the purposes described below.
For more information regarding special categories of personal data, you may visit the site of the UK supervisory authority, i.e. Information Commissioner's Office (ICO).
You can use Touch ID or Face ID to sign in to the App. In such a case, we neither gain access to nor process your biometric data.
We do not collect any information about criminal convictions and offences.
4. What is the purpose and basis for processing your personal data?
We process collected data for various purposes:
- to create your account in the App and provide you with our services via the App, including scanning and processing receipts, processing your online purchase confirmations, earning units, redeeming them for rewards (ordering payment for your bills) - the basis of the processing is the necessity of processing for the conclusion and performance of the agreement between us governed by the Terms of Service of the App,
- to provide you with our services via the App, including scanning and processing receipts, processing your online purchase confirmations, earning units, redeeming them for rewards (in the form of ordering bill payment) – in case of special categories of your personal data the basis of the processing is your explicit consent,
- to comply with our legal obligations, for example resulting from tax and accounting regulations and, in certain cases - the basis of processing is the necessity of processing to ensure compliance with a legal obligations to which we are subject,
- to pursue our legitimate interests, including:
- administering and protecting our business and the App, including technical support and troubleshooting, testing, and IT systems maintenance,
- providing business insights into how you use the App, including creating aggregated insights and segmentation info about user preferences, opinions and shopping behaviour; within this process your data will be anonymised,
- providing you with marketing communication on our behalf: we rely on a ‘soft opt-in’ to send you these if you have signed up to the App and you have not opted out of receiving marketing emails,
- dealing with your inquiries, claims and complaints,
- preventing fraud, misuse of the App and breach of the Terms of Service of the App,
- maintaining security for the App and our IT systems,
- establishing, exercising or defending against legal claims.
5. Opting out
You have the right to refuse to receive further marketing information by email at any time by signing into your account in the App and checking or unticking the relevant boxes in the “Settings” section of the App to adjust your marketing preferences. You can also do so by clicking on the opt-out links in any marketing email sent to you.
6. Your rights regarding your personal data
You have certain rights regarding your personal data. These include the right to:
request access to your personal data
At any time you can find out what data we process and receive a copy of such data.
request rectification of your personal data
You have the right to request your personal data are corrected if they are inaccurate or completed if they are incomplete.
request erasure of your personal data
You have the right to request that your personal data are deleted or removed if:
request restriction of our use of your personal data
You have the right to restrict the processing of your personal data if:
object to the processing of your personal data
You have the right to object to the processing of your personal data based on our legitimate interests.
We will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or we process your personal data for the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, i.e., to provide you with marketing communication from us, you have the right to object at any time to the processing of your personal data for such purpose. In such a case, we will no longer process your personal data for such a purpose.
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, electronic format.
Moreover, you have the right to transmit those data to another controller or request to have the personal data transmitted directly from us to another controller, where technically feasible.
withdraw your consent
You have the right to withdraw your consent for data processing at any time.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
We will contact you if we need additional information from you in order to honour your requests. Please note that we may ask you to verify your identity before responding to such requests.
7. Complaint to the supervisory authority
If you believe that your personal data is being processed unlawfully you can lodge a complaint with a supervisory authority – in the United Kingdom: the Information Commissioner's Office (ICO).
Contact details for other supervisory authorities in the European Economic Area, Switzerland are available here.
8. Retention of your personal data
We will retain your personal data and your purchasing and bill payment activity for as long as you use the App and for a period not shorter than the limitation period for potential claims. In the case of special categories of your personal data that you have voluntarily decided to share with us, we will retain the data in question until the withdrawal of your consent.
We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
In cases where we anonymise your personal data (when it is no longer associated with you personally, i.e. the process of creating aggregated insights and segmentations about user preferences, opinions and shopping behaviour for research or statistical purposes) we may retain and use such anonymised data indefinitely without further notice to you.
9. Security of your personal data
The security of your data is important to us. We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the ongoing integrity and confidentiality of personal information. We evaluate these measures to ensure the security of the data processing we conduct. That said, we don’t have access to any sensitive financial information or personal bank account details.
While we strive to use commercially acceptable measures to protect your personal data, we cannot guarantee its absolute security. Please keep in mind that no method of transmission over the Internet or method of electronic storage is 100% secure.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party websites or resources.
11. Recipients of your personal data
We will never disclose your personal data (i.e. any information relating to you, which allows to identify you directly or indirectly) with any third party, subject to the exceptions clearly indicated below.
We may however share anonymised data (that can no longer be associated with you), including the purchasing data and other non-personal data with our third-party partners in the form of aggregated insights and segmentations about users' preferences, opinions and shopping behaviour for commercial, research or statistical purposes. In return for sharing anonymised data with our third-party partners, we obtain the funds necessary to operate the App and reward you for sharing with us your purchasing data.
We may disclose your personal data with the following categories of recipients:
- Third-party service providers and advisors (including legal, financial and technical advisors, accountants, auditors and IT support). We may share your personal data to the necessary extent with our service providers and advisors to obtain their advice or assistance or who perform business operations for us or render different services to us, for example by hosting it, enabling certain features or functionality of the App, or by providing ancillary services such as data analytics, data storage, support and maintenance or security technology. We require all our third-party service providers and advisors to respect the security of your personal data and to process it in accordance with the law. We do not allow our third-party service providers and advisors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions,
- Entities authorized to obtain your personal data on the basis of applicable law, including law enforcement agencies, courts, regulators, government authorities. We may share your personal data with these parties where it is necessary to comply with a legal obligation.
12. International transfer of your personal data
We process user data, including personal data, within the United Kingdom.
However, some of our external third-party service providers may be based outside the United Kingdom. The processing of personal data by such services may involve the transfer of data outside the United Kingdom.
In cases where personal data is transferred by us out of the United Kingdom, we ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- the transfer is based on the UK adequacy regulations, or
- in the absence of the UK adequacy regulations – we may transfer personal data to a third country only if we have provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
We may also transfer your personal data out of the United Kingdom if one of the following conditions laid down in the provisions of the law is complied with:
- the transfer is necessary for the performance of a contract between us and you or to implement pre-contractual measures taken at your request,
- the transfer is necessary for the establishment, exercise or defence of legal claims,
- you have explicitly consented to the same.
For more information on the international transfer of data, including appropriate safeguards in place, please contact us at email@example.com.
13. Children's Privacy
Our App is intended for use by individuals over the age of 18. Anyone under the age of 18 should not download or use the App.
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you have become aware that your child has provided us with personal data, please contact us. If we are notified that we have collected personal data from a child without parental consent, we take steps to remove that information from our servers.
15. Contact Us
Effective date: 24/07/2023