Privacy Policy
Overview;
- This document explains what data is collected in connection with Zatu Ltd services.
- It also explains how we use that data, where we store it and how we protect it.
In short:
- In order to provide you with our services, we need to process some of your data. Should we need to process your data for any other purpose than offering you our products and services, we will always ask you for your consent in advance.
- To be able to uphold our contractual obligations with you, we need to share some of your data with our Trusted Partners, such as Storefeeder, Paypal Services, Stripe, Opayo and SendinBlue.
- We will not share your data for third party advertising purposes.
- Our calls are recorded for training and monitoring purposes.
- Finally, it explains your rights in relation to your personal data.
Zatu Ltd (“We”) are committed to protecting and respecting your privacy. This policy (together with our terms and conditions) and any other documents referred to on it, sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 2018 (“the Act”) and the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), the data controller is Zatu Board Game Café, Bowthorpe Shopping Centre, Norwich, NR5 9HA.
Your data is stored and used by Zatu Ltd. You can contact us on 01603 801 206 between 10am and 3pm Monday – Friday. You can also email us at [email protected] or write to us at Zatu Board Game Café, Bowthorpe Shopping Centre, Norwich, NR5 9HA. Our website is www.board-game.co.uk.
For any enquiries specifically regarding data we store about you, or how Zatu Ltd uses your data, you can contact our Data Protection Office via email at [email protected] or write to them at our Company address marking your letter for the attention of the Data Protection Officer.
Zatu Ltd is a business dedicated to providing consumers with excellent products and services. We only use your data to action orders you have placed with us, to fulfil the contractual agreement between ourselves and you, to contact you regarding your orders and, should you agree that we may do so, to keep you informed of any future products or services we believe you may be interested in. We use your data based on the consent that you provided to us when you agree to our terms and conditions upon placing an order or opening an account.
This Privacy Policy applies to: all our websites, social media channels, customer and technical support and any other services we provide to you. (Hereafter, the term ‘Zatu Ltd Services’ will refer to all of these elements).
Specifically, this Privacy Policy governs personal data, which we collect from you when you’re using Zatu Ltd services. (‘Personal data’ basically means data, which, on its own or in combination with other data, can be used to identify you).
We respect your right to privacy and will only process personal data in accordance with applicable legislation in the UK and the EU.
When you use Zatu Ltd services, we may collect the following data if relevant (how we use it is described later in this policy).
- Your name and surname
- Your email address and contact number
- Your correspondence address
- IP address
- Details of your use of our services including, but not limited to: metrics data about when and how you use the services; traffic data; and your geographical location data.
- Any other personal data which you supply us via our services.
- Your bank account details.
- Telephone call recordings and information.
Upon entering any competitions organised by Zatu Ltd, we may process additionally your correspondence address, phone number, social networks identifiers.
We and our partners also collect data about you via cookies. You can find out more about this in our Cookie Policy here: www.board-game.co.uk/cookie-policy The Cookie Policy forms part of the Privacy Policy.
We may collect and process data about you in the following ways:
- Data you give us via Zatu Ltd Services
- Data given when you contact us or report a problem with Zatu Ltd Services
- Data about your activity as a user of our services (in addition to your IP address, country of origin, purchases) – is collected automatically
- We may also ask you to complete surveys that we use for research purposes. However, your response to surveys is not required. We may collect this data via Zatu Ltd Services or trusted partners connected with us for optional services such as surveys or polls.
We will not receive or store any of your payment details, this is fully handled by the relevant payment platform and/or payment method/processor. If/when you make purchases in Zatu Ltd service, we are notified by the payment processor once the transaction takes place and then ensure you receive your purchase. We do not, however, receive any of your actual payment details. We only keep the data concerning transaction dates, currencies, value and the products of the transaction.
When we process personal data about you, we do so only as necessary to allow Zatu Ltd to provide the services you use (i.e. to perform the agreement between us), to meet our legal obligations or to fulfil the so called ‘legitimate interests’ of Zatu Ltd, or in accordance with the other cases described in the section ‘How your information is used?’
To clarify, by legitimate interests, we mean lawful purposes that may be reasonably expected (protecting the security of the data we process, marketing Zatu Ltd services as well as ensuring our marketing is relevant for you, conducting anti-fraud checks). When we rely on the legitimate interest, we consider and balance any potential impact on you and your rights. For other purposes, we will ask for your consent and you will be entitled to withdraw this consent for any future data processing at any time with no impact on the validity of the processing before your consent has been withdrawn by contacting us.
When we transfer your data outside the UK or the European Economic Area (hereafter referred to as the ‘EEA’), we do so on the basis of a variety of legal mechanisms, as described in ‘Trusted Partners’ and only ever in accordance with the Act and the GDPR.
Where do we store it? The data we collect from you is stored and processed on our secure servers in the UK. We implement appropriate technical and organisational measures to protect your personal data, you agree to the storing or transfer of data to protect against unauthorised or unlawful processing, accidental loss, destruction, or damage. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
How long are we going to store your data? We will retain your personal data only for as long as needed in order to fulfil the purposes outlined in this Privacy Policy. In certain special cases, a longer retention period might be required by law, such as for tax reasons, accounting purposes or other legal requirements and obligations. When we will no longer require your personal information in order to provide our services to you, we will either delete or anonymise it.
Personal information provided when opening an account or purchasing as a guest may be used to send marketing correspondence when you provide your consent to receive such correspondence from us by accepting our terms and conditions. You are free to withdraw your consent to such marketing materials at any time by selecting unsubscribe on any email correspondence you receive from us.
- We will keep data that is associated with the services you use for the duration of the agreement to access the services. Following account closure, limited data that we collect about you will still be retained for an additional few years for tax, legal or accounting purposes.
- If you contact us and don’t use our services, we will retain correspondence with you as long as necessary to assist you, followed by a period necessary for legal or accountability purposes.
- For marketing purposes, we will store data as long as we have valid consent. If consent is withdrawn, we will delete all personal data without undue delay and no later than within 30 days from the moment we receive a request to unsubscribe.
Your data may be used for the following purposes;
- To carry out our obligations arising from any agreements between you and us.
- To provide you with marketing information (including personalised and targeted marketing emails), which we feel may interest you. For example, we may send you newsletters or emails about Zatu Ltd services (of course, this is optional and we will ask you for permission first).
- To provide you with products or services that you request from us.
- To communicate with the users of our services
- To notify you about changes to Zatu Ltd services
- To maintain, improve or modify Zatu Ltd services
- To conduct competitions organised by Zatu Ltd (including contact with participants, evaluation of applications, distribution of prizes, payment of tax on prizes).
- To calculate conversion rates and other elements of Zatu Ltd services performance
- For tax, legal and accounting purposes
- For the accountability purposes as defined by UK and EU legislation
- To target and personalise our marketing communications, offers and advertisements that we display on our websites and services as well as those of third parties based on the combined data we have collected about you.
Calls to Zatu Ltd are recorded for accountability purposes. These call recordings are stored on a secure third-party cloud – Gamma, Horizon – these are then downloaded onto our secure internal network and deleted from Gamma’s cloud once per month.
If you apply for a vacancy within Zatu Ltd, we may use personal data about you to conduct social media screening prior to inviting you in for interview.
Whenever we’re personalising or targeting our marketing communications, offers and advertisements, we may profile your personal data, which means that we may use the data we collect to adjust the communication addressed to you to meet your needs. In such cases, we do not, however, use your personal data for profiling, which would constitute automated decision making that could affect your legal situation (ie. We do not use algorithms to make decisions which would have an impact on your individual legal rights or affect your legal status or rights under the agreement between us.)
If you decide that you no longer want to receive personalised offers, product recommendations from us or any advertising news at all, you can object to this service at any time.
We might process some aggregated and general non-personal data on user behaviour (eg. Sales per region) with third party partners who work with us to provide Zatu Ltd services to you (for example, with payment providers) in order to support, improve or amend Zatu services. We may also share non-personal data with data analysis services to help us run Zatu Ltd services.
Please remember that any communications you have via Zatu Ltd services may reveal details about you. Also, any data you post publicly using Zatu Ltd services will be publicly available to Zatu Ltd users and others. We are not responsible for your use of any private personal data which you choose to make available via Zatu Ltd services, or the activities of other users or other third parties to whom you give or make available your data.
Zatu Ltd services may, from time to time contain links to and from the websites or services of third parties. Our Privacy Policy does not extend to these external sites or companies, so please refer directly to their privacy policies.
Some services may involve interacting with trusted partners – listed in the next section of this Privacy Policy.
In order to fulfil your order, we may need to share your information with the following Trusted Partners who are engaged by us to help deliver our services and functionalities with you. Please rest assured that we always provide our partners with the minimum data necessary for them to achieve the purpose of their cooperation with us. They may have access to limited data about you and process it on our behalf.
When required by law, we may also share your data with the police or other government authorities (including your IP address and details of suspected unlawful or fraudulent activity such as unauthorised use of payment methods and security risk scores). We will retain details of your order for 6 years in order to comply with HMRC requirements.
Please be aware that we are subject to various laws and we may be required to release personal data to comply with law enforcement or other legal requirements.
If, at any point, you wish to see a copy of the data we hold on you, details of how we use and store your data, or receive further details regarding your rights, you can request this from us via phone or email using the details outlined earlier in this policy. If any data we hold regarding you is incorrect, you may request a correction to your data at any time.
You may also request that we cease processing your data at any time or to object to our continued use of your data. This does not affect any processing that has been carried out prior to your request being received. It is also important to note that should you object to the processing of your data, we may be unable to fulfil the required contract between ourselves and you.
You have the right to request that we delete any or all personal data Zatu Ltd holds on you at any time. The only reason we would not carry out this request is if it would result in us being in breach of other legal or regulatory obligations we have, but we would always inform you at the time were this the case. You also have the right to request that we transmit all or any data we hold regarding you to a third party in a commonly used electronic format.
You have given us consent to use your personal data to contact you in the future regarding products and services from Zatu Ltd that we believe you may be interested in. We do not share your data for marketing purposes with any organisations outside of Zatu Ltd and your data will only be used for the aforementioned purposes.
You have the right to withdraw your consent at any time. This wouldn’t affect any use of your data carried out up until that point but would have immediate effect when we receive your request. You can withdraw your consent by contacting us via phone or e-mail, or by writing to us at the address outlined previously in this policy or by selecting ‘unsubscribe’ on any email correspondence received from us.
You have the following additional rights:
- You have the right to access data held about you
- You may contact us to request that we delete your personal data from our system
- You may ask us to rectify your personal data if appropriate
- You may ask us to restrict the processing of your data
- You have the right to transfer your data to another entity
- You have the right to file a complaint with a data protection authority
In case of any concerns or questions about your privacy, please do contact us and we will do our best to assist you. You can reach us at: [email protected] or contact our Data Protection Officer in writing. If, however, you feel we have not satisfactorily dealt with your concern, you can report it to your local data protection authority.
We may change this privacy policy if we think it necessary, e.g. For legal reasons or to reflect changes in our services. If we do so, we will make the altered Privacy Policy available online and update the ‘Last updated’ date. You should check this page from time to time to ensure that you are happy with the changes.
Unfortunately, if you do not agree to those changes (regardless of whether you email us), then we may not be able to provide you with the Zatu Ltd services.