At Zéro (“Zéro”, ‘us” or “we”), we respect your privacy and are committed to maintaining your trust and protecting your personal data, which is any information that is capable of identifying you as an individual person.
We do not collect any information from anyone under 16 years of age. Our website, products and services are all directed to people who are at least 16 years old or older.
References in this policy to "data protection law" mean (as applicable) the Data Protection Act 1998, the General Data Protection Regulation (Regulation (EU) 2016/679), and all related data protection legislation having effect in the United Kingdom from time to time (including the Data Protection Act 2018).
“Personal data”means any information relating to an identified or identifiable natural person, as defined in the General Data Protection Regulation (Regulation (EU) 2016/679).
2 HOW WE COLLECT YOUR DATA
2.1 you apply to join the Zéro team or contract with us directly;
2.2 when you use this site, register as a user, fill in forms on this site, subscribe to a service we provide, place an order on our site or when you report a problem with our site to us;
2.3 when we collect information from you with your consent when you are corresponding with us by phone, e-mail or otherwise.
3 HOW WE USE YOUR INFORMATION
Purposes and legal basis of processing.
3.1 Zéro might need to keep and process information about you for normal recruitment, employment and other contractual or business-related purposes. The information we hold and process will be used for legal, administrative, management and operational purposes only, to run the business and manage our relationship with you effectively, lawfully and appropriately. Personnel: We will use it during the recruitment process, whilst you are working for/with us, at the time when your contract ends and after you have left. Customers:We will use it to fulfil our contractual obligations with you and for our legitimate business interests. More specifically: to provide you (or your organisation) with the information, products and services that you request from us; to notify you about changes to our service; to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about; to otherwise respond to your enquiry or follow up our own enquiries. Suppliers: We will use it to fulfil our contractual obligations with you and for our legitimate business interests. More specifically: this includes us obtaining price quotations from you and engaging you (or your organisation) to supply us products and services.
3.2 Zéro processes your personal data for the purposes described above: (i) Personnel: when necessary to enter into an employment contract with you or when necessary for the performance of your employment contract. Customers and Suppliers: when contracting with you or your organisation. (ii) when necessary for us to comply with a legal obligation; (iii) when necessary for the purposes of our legitimate interests as described in 3.4 ; or (iv) when we need to protect our legal position in the event of legal proceedings.
3.3 If and in so far as (i) to (iv) do not provide a lawful basis for processing and controlling your personal data, we shall obtain your consent to do so. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision
3.4 We may sometimes need to process your data to pursue our legitimate business interests, for example for administrative and marketing purposes (including, where applicable, on the basis of the soft opt- in under the Privacy and Marketing Communications Regulations), to prevent fraud, or to report potential crimes; To establish or exercise legal rights; To bring or defend legal claims; For responsible corporate governance or as otherwise required or permitted by applicable laws and/or regulations; In circumstances in which we believe disclosure is appropriate in connection with fraud prevention and prevention of other illegal, or unlawful activity or any other activity which is or may be contrary to our legal and regulatory compliance obligations; To protect and defend the rights, property or safety of Zéro, its investors and other clients, staff, and/or service providers.
If in the future we intend to process your personal data for a purpose other than that which it was collected and it is not for other lawful reasons such as to fulfil a contract or for legitimate reasons pursuant to GDPR, we will provide you with information on that purpose and any other relevant information.
3.5 If you are a job applicant, we may desire to retain your personal data to consider you for future employment opportunities. In such an event, we will seek your consent, either prior to or after you formally apply for a job opportunity. Much of the information we hold will have been provided by you, but some may come from other sources, such as managers and colleagues, or in some cases, external sources, such as referees.
4 CATEGORIES OF PERSONAL INFORMATION
4.1 The type of personal information Zéro holds includes (without limitation):
4.1.1 Personnel and prospective personnel: interview notes, CV and references (personnel); correspondence with or about you; contact details (home and business;).
4.1.2 Customers: Zéro may collect personal information such as your name, address, e-mail address and phone number, financial and credit card information.
4.1.3 Suppliers: Zéro may collect personal information such as your name and contact information.
5. NON-PERSONAL INFORMATION
We may collect information about your visit to and use of this site, including sales data, traffic data and related site information. We may also collect anonymised information during the course of services which we provide. This information helps us to evaluate and improve our site and services and may also be used for investment analysis purposes. As Non-Personal Data does not personally identify you, we may use it for any purpose.
6.TRANSFER OF PERSONAL DATA TO THIRD PARTIES
6.1 We will not share your personal information with anyone, except where we are required to do so to comply with the law, to protect our rights, to improve and expand our products and services or to efficiently operate our business.
6.2 We may transfer information about you to other group companies for purposes connected with the administration and management of Zéro’s business. We will always ensure that these organisations are obligated by written agreement to equivalent obligations in relation to the security of data processing as are imposed on Zéro under the General Data Protection Regulation (GDPR).
6.3 To the best of our knowledge, understanding and belief, your information will not be transferred outside of the European Economic Area or to any country which is not approved by the European Commission. If this changes then we will let you know.
6.4 Third parties we might share your information with include:
Outsourced IT providers
Professional advisers, such as accountants and solicitors
Potential purchasers or investors
Document Storage and Knowledge Base application
7 WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted pursuant to our payment processors' protocols. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share passwords with anyone outside of the organisation to which those passwords were supplied.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security safeguards to try to prevent unauthorised access.
8. RETENTION PERIODS
8.1 Zéro retains personal data, as necessary, for the duration of the relevant business relationship. We may also retain personal data for longer than the duration of the business relationship should we need to retain it to protect ourselves against legal claims, use it for analysis or historical record-keeping, or comply with our retention policies and schedules. The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you;
Whether there is a legal obligation to which we are subject;
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
For more information on where and how long your Personal Data is stored, and for more information on your rights of erasure and portability, please contact the Zéro’s data protection officer at email@example.com.
9. AUTOMATED DECISION MAKING
We do not make automated decisions about you based on your information. If this changes in the future then we will let you know.
10 SECURITY OF YOUR PERSONAL DATA
To help protect the privacy of data and personally identifiable information processed by us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your Personal Data to those Zéro personnel who need to know that information to provide benefits or services to you. In addition, we train our personnel about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
11 YOUR RIGHTS
11.1 Under data protection law you have the following rights:
11.1.1 the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for. This information is set out in this policy;
11.1.2 if we are processing your data on the basis of your consent then you have the right to withdraw that consentat any time. One way of doing so would be to notify us using the details set out below. In the case of marketing communications sent to you on the basis of your consent, each communication will clearly indicate how you can withdraw your consent. Please note that the lawfulness of our historic processing based on your consent will not be retrospectively affected by your subsequent withdrawal of consent;
11.1.3 the right to access a copy of your information which we hold. This is called a 'subject access request'.Additional details on how to exercise this right are set out below;
11.1.4 the right to prevent us processing your informationfor direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent
11.1.5 the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;
11.1.6 the right to object to us processing your personal information in certain other situations;
11.1.7 the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate;
11.1.8 the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law; and
11.1.9 in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called 'data portability'. Additional details on how to exercise this right are set out below.
11.2 You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regard to your personal data (www.ico.org.uk). Please copy any such communication to us so that we can work to resolve any outstanding issues promptly.
Zéro retains the right to use reasonable measures to authenticate the identity of any individual who requests access to their personal information or otherwise raises any questions.
11.3 For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner's Office (www.ico.org.uk).
12 IDENTITY AND CONTACT DETAILS OF CONTROLLER
12.1 Bulbeck Retail Ltd (trading as “Zéro”) is the controller of data for the purposes of the DPA 18 and GDPR.
12.2 If you have any concerns as to how your data is processed you can contact us at: firstname.lastname@example.org