Welcome to Zilla Tech and our website at www.zillatech.co.uk (our “website”). At Zilla Tech, we are committed to protecting and respecting your privacy.
This Privacy Policy sets out the basis on which we will
process any Personal Data that we may collect about you as a visitor to our
website or our customers or potential customers, or other business partners, or
in any other cases where we specifically state that this policy will apply.
This policy further sets out how we protect your privacy and your rights in
respect of our use of your Personal Data.
WHAT IS PERSONAL
DATA?
Personal Data is information that makes it possible to
identify a natural person. This includes, in particular, your name, date of
birth, address, telephone number, and email address, but also your IP address.
Anonymous data exists if no personal reference to the user can be made.
WHAT IS
PROCESSING?
“Processing” means and covers virtually any
handling of data.
WHAT LAW APPLIES?
We will only use your Personal Data in accordance with
the UK’s Data Protection Act (“DPA”) and the EU’s General Data Protection
Regulation (“GDPR”), and of course only as described in this Privacy Policy.
WHO IS THE DATA
CONTROLLER?
A “data controller” is a person or organisation who alone
or jointly determines the purposes for which, and the manner in which, any
personal data is, or is likely to be, processed. In this sense, Rapid Digital
Marketing Limited trading as Zilla Tech of Bartle House, 9 Oxford Court,
Manchester, England, M2 3WQ (“Zilla Tech”, “we”, “us”, “our”) is the data
controller.
If you have any questions about this policy or about data
protection at Zilla Tech in general, you can reach us by email using
[email protected] with “Data Protection” in the subject line.
WHAT ARE THE LEGAL BASES FOR PROCESSING PERSONAL DATA
In accordance with the DPA and the
GDPR, we have to have at least one of the following legal bases to process your
Personal Data: a) you have given your consent, b) the data is necessary for the
fulfillment of a contract / pre-contractual measures, c) the data is necessary
for the fulfilment of a legal obligation, or d) the data is necessary to
protect our legitimate interests, provided that your interests are not
overridden.
WHAT PERSONAL DATA
DO WE COLLECT FROM YOU?
We may collect and process the following Personal Data
about you:
a) Personal Data
that you give us:
This is information about you that you give to us by
filling in forms on our website (or other forms that we ask you to complete),
or when you use our services, or correspond with us by telephone, post, email,
or otherwise. It may include, for example, your name, address, email address,
and telephone number; information about your business relationship with us; and
information about your requirements, background, and interests.
We also process the Personal Data involved in your use of
our services in order to be able to provide our contractual services. This
includes, in particular, our support, correspondence with you, invoicing, and
fulfilment of our contractual, accounting, and tax obligations. Accordingly,
the data is processed on the basis of fulfilling our contractual obligations
and our legal obligations.
For optimal customer support, we use your first name,
last name, email address, telephone number, and the data related to your
contract with us and store it in our customer relationship management (“CRM”)
provided by ClickUp. This data processing is based on our legitimate
interest in providing our customer service.
We process data in the context of administrative tasks as
well as the organisation of our business and compliance with legal obligations,
such as archiving and accounting. In this regard, we process the same data that
we process in the course of providing our contractual services. The processing
bases are our legal obligations and our legitimate interest.
b) Personal Data
that our website and other systems collect about you:
If you visit our website, it will automatically collect
some information about you and your visit, including the Internet protocol (IP)
address used to connect your device to the Internet and some other information,
such as the pages on our site that you visit. This is used to monitor the
performance of the website and improve the experience of visitors to the
website.
We use our own designated
virtual private server (vps) from the hosting service provider Fasthosts Internet Limited for the purpose of
hosting and displaying our website. Fasthosts does so on the basis of
processing on our behalf, and that also means that all data collected on our
website is processed on our Fasthost server. The basis for processing is our
legitimate interest and the initiation and/or fulfilment of a contract.
We use the open-source Content
Management System (CMS) of WordPress.org to publish and maintain the created
and edited content and texts on our website. This means that all content,
texts, and contact data submitted to us are transferred to and stored on our
Fasthosts server. The legal basis for this processing is our legitimate
interest.
We have integrated Fonts by Font Awesome of Fonticons Inc.
To enable the display of fonts, a connection to Font Awesome’s server is
established when our website is accessed. This enables Fonticons to determine
which website sent the request and to which IP address the display of the font
is to be transmitted. The integration is based on our legitimate interest.
c) Cookies
We use so-called cookies on our website. Cookies are
pieces of information that are transmitted from our web server or third-party
web servers to your web browser and stored there for later retrieval. Cookies
may be small files or other types of information storage. As set out in the
UK’s Privacy and Electronic Communications Regulations (“PECR”) and the EU’s
Privacy and Electronic Communications Directive (“PECD”), we need to obtain
consent for the use of non-essential cookies. The legal basis for the use of
essential cookies is our legitimate interest, and the legal basis for the use
of non-essential cookies is your consent. For further information on the
cookies we use, please refer to our Cookie Policy.
Our website also uses the cookie consent tool to obtain
your consent to the storage of cookies and to document this consent. When you
enter our website, the following Personal Data is transferred to us: i) Your
consent(s) or revocation of your consent(s); ii) Your IP address; iii)
Information about your browser; iv) Information about your device; v) Time of
your visit to our website. The legal basis for processing is both your consent
and our legal obligation.
c) Other
information
For business reasons, we analyse the data we have on web
and server traffic patterns, website interactions, browsing behaviour, etc. The
analyses serve us alone and are not disclosed externally and processed using
anonymous analyses with summarised and/or anonymised values (“Aggregated
Data”). Aggregated Data could be derived from your Personal Data but is not
considered Personal Data in law as this data will not directly or indirectly
reveal your identity. However, if we combine or connect Aggregated Data with
your Personal Data so that it can directly or indirectly identify you, we treat
the combined data as Personal Data which will be used in accordance with this
Privacy Policy. For this purpose we use Google Analytics from Google. The legal basis is our
legitimate interest and your consent. For further information on our use of
Google Analytics, please refer to our Cookie Policy.
OTHER USES OF YOUR
PERSONAL DATA
We may also collect, store, and use your Personal Data
for the following purposes:
●
to operate, manage, develop, and
promote our business and, in particular, our relationship with you and related
transactions, including, for example:
○
marketing purposes (when we have
either gathered prior opt-in consent and/or have a legitimate interest to send
you communications which we believe to be relevant and of use to you);
○
to operate, administer, and
improve our website and other aspects of the way in which we conduct our
business;
○
to offer you our website and
services;
○
to provide you with services or
information that you may have requested; and
○
to keep you informed and updated
on relevant topics or services you may be interested in.
●
to protect our business from
fraud, money laundering, breach of confidence, theft of proprietary materials,
and other financial or business crimes;
●
to comply with our legal and
regulatory obligations, bring and defend legal claims and assert legal rights;
and
●
if the purpose is directly
connected with an assigned purpose previously made known to you.
We will only process your Personal Data as necessary so
that we can pursue the purposes described above and where we have a legal basis
for such processing. Where our lawful basis for processing is that such
processing is necessary to pursue our legitimate interests, we will only
process your Personal Data where we have concluded that our processing does not
prejudice you or your privacy in a way that would override our legitimate
interest. In exceptional circumstances, we may also be required by law to disclose
or otherwise process your Personal Data.
CHANGE OF PURPOSE
We will only use your Personal Data for the purposes for
which we collected it as detailed above, unless we reasonably consider that we
need to use it for another reason and that reason is compatible with the
original purpose. If we need to use your Personal Data for an unrelated
purpose, we will notify you, and we will explain the legal basis which allows
us to do so.
DATA SHARING
In certain cases, it is necessary to
transmit the processed Personal Data in the course of data processing. In this
respect, there are different recipient bodies and categories of recipients.
a) Internal
If necessary, we transfer your Personal Data within Zilla
Tech. Access to your Personal Data is only granted to authorised employees who
need access to the data due to their job, e.g., to provide our services or to
contact you in case of queries.
b) External bodies
Personal Data is transferred to our service providers in
the following instances:
● in the context of fulfilling our contract with you,
● to use marketing services and to advertise our services online,
● to communicate with you,
● to provide our website, and
● to state authorities and institutions as far as this is required or
necessary.
c) International
transfers
We may transfer your Personal Data to
other companies as necessary for the purposes described in this Privacy Policy.
In order to provide adequate protection for your Personal Data when it is
transferred, we have contractual arrangements regarding such transfers. We take
all reasonable technical and organisational measures to protect the Personal
Data we transfer.
MARKETING
Insofar as you have given us your consent to process your
Personal Data for marketing and advertising purposes, we are entitled to
contact you for these purposes via the communication channels you have given
your consent to. Our marketing generally takes the form of email but may also
include other less traditional or emerging channels. These forms of contact
will be managed by us or by our contracted service providers. Every directly
addressed marketing message sent by us or on our behalf will include a means by
which you may unsubscribe or opt out.
LINKED SITES
For your convenience, our website may contain hyperlinks
to other websites. We are not responsible for the privacy practices of linked
websites or companies that are not owned or controlled by us, and this Privacy
Policy does not apply to them. The links on our website may collect additional
information in addition to the information we collect.
We do not endorse any of these linked websites, their
products, services, or any content on their websites. We encourage you to read
the privacy policies of each linked website you visit to understand how the
information collected about you is used and protected.
SOCIAL MEDIA
We are present on social media based on our legitimate
interest. If you contact or connect with us via social media, we and the
relevant social media platform are jointly responsible for the processing of
your data and enter into a so-called joint responsibility agreement. The
Personal Data collected when you contact us is used to process your request,
and the basis for this is both your consent and our legitimate interest.
ADVERTISING
We would like to show you interesting advertising outside
of our website and use various third-party tools and cookies for this purpose.
These collect and process information about your activities on our website –
for example, which products you are interested in or which pages you visit. By
knowing what you are looking for and how you use our website, we can adapt our
advertising to your needs. And thus increase the likelihood that you will also
be shown suitable and interesting advertising outside our website.
We also analyse this data to evaluate the relevance of
the advertisements and to optimise the advertisements for you. Through the
tools, your browser regularly establishes a connection to the server of the
tool provider when you visit our website. For some tools, we have no direct
influence on what data is processed by the providers. The following personal
data may be processed by third-party providers i) HTTP header information
(e.g., IP address, web browser, website URL, date and time); ii) measuring pixel-specific
data (e.g., pixel ID and cookie ID); and iii) additional information about
visits to our website (e.g., orders placed, products clicked on). The legal
bases for processing are our legitimate interest and your consent in the case
of cookies. For further information, please refer to our Cookie Policy.
HOW LONG DO WE
KEEP YOUR PERSONAL DATA?
We will delete your Personal Data when we no longer need
such Personal Data, for instance, where:
●
it is no longer necessary for us
to retain your Personal Data to fulfill the purposes for which we had collected
it;
●
we believe that your Personal Data
that we hold is inaccurate; or
●
in certain cases where you have
informed us that you no longer consent to our processing of your Personal Data.
Sometimes, however, there are legal or regulatory
requirements which may require us to retain your Personal Data for a specified
period, and in such cases we will retain your Personal Data for such specified
period; and we may need to retain your Personal Data for certain longer periods
in relation to legal disputes, and in such cases we will retain it for such
longer periods to the extent required.
DATA SECURITY
Our website uses SSL or TLS encryption to ensure the
security of data processing and to protect the transmission of confidential
content or contact requests that you send to us. We have also implemented
numerous security measures (“technical and organisational measures”), for
example, encryption or need-to-know access, to ensure the most complete
protection of Personal Data processed through our website.
YOUR RIGHTS AND
PRIVILEGES
a)
Privacy rights
You can exercise the following rights:
●
The right to access;
●
The right to rectification;
●
The right to erasure;
●
The right to restrict processing;
●
The right to object to processing;
●
The right to data portability;
b)
Update your information and withdraw your consent
If you believe that the information we hold about you is
inaccurate or request its rectification, deletion, or object to legitimate
interest processing, please do so by contacting us.
c)
Access Request
In the event you want to make a Data Subject Access
Request, please contact us. We will respond to requests regarding access and
correction as soon as reasonably possible. Should we not be able to respond to
your request within thirty (30) days, we will tell you why and when we will be
able to respond to your request. If we are unable to provide you with any
Personal Data or to make a correction requested by you, we will tell you why.
d) Complaint to a supervisory
authority
The Information Commissioner’s Office (ICO) is the UK`s
authority in matters of data protection. You have the right to make a complaint
at any time to the ICO (www.ico.org.uk). I would, however, appreciate the chance to
deal with your concerns before you approach the ICO.
e)
Data Breaches and Notification
Databases or records containing Personal Data may be
breached accidentally or through unlawful intrusion. As soon as we become aware
of a data breach, we will notify all affected individuals whose Personal Data
may have been compromised, and the notification will be accompanied by a
description of the measures that will be taken to repair the damage caused by
the data breach. Notifications will be sent as soon as possible after the
violation is discovered.
●
We do not request Personal Data
from minors and children without obtaining parental or legal guardian consent;
●
We do not sell your Personal Data;
●
We do not process special category
data without obtaining prior specific consent; and
●
We do not use automated
decision-making, including profiling.
USA SPECIFIC
PROVISIONS
The following
applies to users located in the United States. While
we understand and appreciate that privacy and consumer data protection laws
differ as they are subject to each state’s legislature and that no data
protection framework similar to the EU’s GDPR exists on a federal level, we are
committed to follow and apply the for your state relevant privacy rules and
regulations.
As of the day of drafting, the following states had
enacted privacy and consumer data protection laws: California, Colorado,
Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah,
and Virginia. Under consideration of the similarities of the above provisions,
no conflict should arise pursuing a uniform approach in granting all users in
the USA the same rights and privileges as set out above. However, should
ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive
approach when it comes to protecting your Personal Data.
Further, the following also apply
i)
“Shine the Light”
“Shine
the Light” law (Civil Code Section 1798.83) requires us to respond to requests
from California asking about the business’s practices related to disclosing
Personal Data to third parties for the third parties’ direct marketing
purposes. You may make a request about our collection and disclosure of your
Personal Data using the contact details provided.
ii)
COPPA (Children Online Privacy Protection Act)
When it
comes to the collection of Personal Data from children under the age of 13
years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in
control. The Federal Trade Commission, United States’ consumer protection
agency, enforces the COPPA Rule, which spells out what operators of websites
and online services must do to protect children’s privacy and safety online. We
do not specifically market to children under the age of 13 years old.
iii)
CAN SPAM Act
The
CAN-SPAM Act is a law that sets the rules for commercial email, establishes
requirements for commercial messages, gives recipients the right to have emails
stopped from being sent to them, and spells out tough penalties for violations.
To be in accordance with CAN SPAM, we agree to the following: If at any time
you would like to unsubscribe from receiving future emails, you can email us,
and we will promptly remove you from ALL correspondence.
iv)
Telephone Consumer Protection Act (TCPA)
If we
process your Personal Data for the purpose of sending you SMS marketing
communications, you may manage your receipt of marketing and non-transactional
communications from us by replying or texting ‘STOP’ if you receive our SMS
communications. In this respect, the data processing is carried out solely on
the basis of our consent in personalised direct advertising per SMS.
v)
Controls For Do-Not-Track Features
Most
web browsers and some mobile operating systems and mobile applications include
a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your
privacy preference not to have data about your online browsing activities
monitored and collected. At this stage, no uniform technology standard for
recognising and implementing DNT signals has been finalised. As such, our
website does not currently respond to DNT browser signals or any other
mechanism that automatically communicates your choice not to be tracked online.
If a standard for online tracking is adopted that we must follow in the future,
we will inform you about that practice in a revised version of this policy.
vi)
Right to complain
Finally,
in regard to the right to complain to a supervisory authority. You have the
right to lodge a complaint about our processing of Personal Data with a
supervisory authority responsible for data protection. Users based in the
abovementioned states may lodge a complaint with the relevant district attorney
or attorney general office. However,
we would appreciate the opportunity to address your concerns before you contact
any supervisory authority.
CANADA AND MEXICO
SPECIFIC PROVISIONS
Both Canada and Mexico have introduced data protection
laws that are similar to the GDPR, namely Federal Law for the Protection of
Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by
the Rules of the Federal Law for the Protection of Personal Data in the
Possession of Private Parties in Mexico and the Personal Information Protection
and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the
GDPR has played a pivotal role, no conflict should arise pursuing a uniform
approach in granting all users in Mexico or Canada the same rights and
privileges as set out above. However, should ambiguity occur, the most
stringent provision is chosen to ensure the most comprehensive approach when it
comes to protecting your personal data.
In terms of your right to complain, Canada’s national
supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca)
and the National Institute of Transparency, Access to Information and Personal
Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y
Protección de Datos Personales) (“INAI”) is the national supervisory authority
in Mexico (www.ifai.org.mx).
HELP AND
COMPLAINTS
If you have any questions about this policy or the
information we hold about you, please contact us by email using
[email protected] with “Data Protection” in the subject line.
CHANGES
The first version of this policy was issued on Sunday,
2nd January, 2025, and is the current version. Any prior versions are invalid,
and if we make changes to this policy, we will revise the effective date.