Contact UsBuy SmartPOS License

Last Update: October 28, 2024

Privacy Policy

Consumer App privacy policy

1. INTRODUCTION

We are Zeal IO Ltd ("Zeal", "we", "us" or "our") and operate under the name Zeal. This privacy notice sets out:

  • What personal data we collect about you and what we use it for
  • Who we share your information with
  • How we protect your information
  • How long we keep your information for
  • Your rights.
  • How to contact us.

This Privacy Notice was last updated on 28th October 2024. Over time, we'll improve our services and products and we also expect to develop new ones. If this materially changes how we process your personal data we will update this policy. You should check our website or mobile app periodically to view our most up to date privacy notice.

2. ABOUT US AND OUR MERCHANT LOYALTY PROGRAMMES

Zeal provides a service that enables our partnering merchants ("Merchants") to recognise when a particular payment card is used to make a payment in one of their in-person stores. This involves Zeal collecting transaction information from the point of sale card payment terminals in the Merchant's stores which you use to make a payment ("Payment Terminals"). This information does not enable us to identify you.

When you make a payment, you will be able to enter your phone number into the Payment Terminal. If you choose to do this, we will send you a text with a link so that you can download the Zeal mobile app or access our online portal to create a Zeal account.

By creating a Zeal account you will be able to opt-in to the loyalty programme we provide on behalf of that M Merchant ("Loyalty Merchant") ("Merchant Loyalty Programme"). From this point onwards, we will recognise all the payments you make each time you use your payment card in any of that Loyalty Merchant's stores by linking the transaction information with your Zeal account. This enables you to benefit from points or rewards for purchases made with an eligible card at an in-person store of that Loyalty Merchant and to redeem those points or rewards for promotions, discounts, cashback, rebates, sweepstakes, special offers or other benefits. From this point onwards, we will also recognise when your card is used in the stores of other Merchants, but will only link that information with your Zeal account if you choose to opt-in to the Loyalty Programme we provide for that particular Merchant.

The Loyalty Merchant will also be able to see insights on your spending activities in their stores along with related transaction . Where you have consented to receive marketing from us, we will send you marketing which we believe will be of interest to you by email, text, mobile app, online and through other forms of electronic communication. Zeal will not share any of your contact information with the Merchants for their own marketing purposes.

In order to provide the services described above, we need to process the personal data described below and we will be acting as a controller of such personal data when we do so. This means that we are responsible for the processing of your personal data in compliance with applicable European Union and United Kingdom data protection laws, such as the UK GDPR and EU GDPR (together referred to as the "Data Protection Legislation").

Please also note that "processing" shall refer to the collection, recording, storage, use, disclosure and generally any other uses, form of operations or dealings with personal data that we have.

3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

3.1. What is personal data?

Personal data is any information from which you can be directly or indirectly identified.

Data Protection Legislation requires companies to have a "lawful basis" to collect and use personal data. We provide you with information in the Payment Terminal before you are invited to provide your phone number referring you to this Privacy Notice and our Terms and Conditions.

Before creating a Zeal Account

(a). What personal data do we collect about you?

Phone number.

(b). How will we collect your personal data?

We will collect this personal data from the Payment Terminal once you choose to enter your phone number.

(c). What will you use your personal data for?

We rely on the lawful basis that it is necessary for legitimate business interests pursued by us and our Merchants and your interests and fundamental rights do not override those interests. Our legitimate interest is so that we can use your phone number to send you the SMS link to our mobile app or online portal so that you can you choose to create a Zeal account, where you have decided to input your phone number at the Payment Terminal for this purpose.

(d). What if you decide not create an account with Zeal?

If you do not complete your onboarding with Zeal within 2 weeks of receiving the SMS link, we will permanently delete your phone number from our systems.

If you complete your onboarding with Zeal, you will become a Zeal Customer and your personal data processed in line with section 3.2.

3.2. Zeal Customers

(a). What personal data do we collect about you?

  • Phone number;
  • Name;
  • Email address;
  • User login details for our mobile app and online portal;
  • Transaction information about the products and services you purchase from our Loyalty Merchants, including the Merchant identification, Payment Terminal identification, details of transactions including date, time and payment amount, and a non-functional card identification token when you make a payment in Loyalty Merchant's in-person store ("Transaction Information");
  • Records of correspondence and other communications between us including emails, text messages, telephone calls;
  • Records of consent, where appropriate;
  • Information about your marketing preferences;
  • If you have provided consent (see section 3.2(c)), historic Transaction Information about payments made using your card in the stores of that Loyalty Merchant before you onboarded as a Zeal Customer. We are able to recognise this information were you used the same payment card to make the historical transactions.

(b). How will we collect personal data?

Most personal data is collected directly from you, for example:

  • When you onboard as a Zeal customer;
  • When you consent to receive marketing information from us; and
  • Each time you interact with us (e.g. via our mobile app, or via email).

We also collect personal data from:

  • The acquiring banks that processes credit or debit card payments on behalf of our Merchants.

(c). What will you use your personal data for?

Data Protection Legislation requires companies to have a "lawful basis" to collect and use personal data. We rely on the following lawful bases:

  • Consent;
  • Where it is necessary for legitimate business interests pursued by us or our Merchants and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interests;
  • Where it is necessary for entering into, or performance of a contract to which

you are party; and

  • Where we have a legal or regulatory obligation.
Purpose for processing Lawful Basis
  • Using your phone number to send you a text message so that you can download our mobile app or access our online portal.
  • We have a legitimate interest in using your data to provide our services
  • Creating and managing your Zeal account including administering our Merchant Loyalty Programmes.
  • The processing is necessary for entering into, or performance of a contract to which you are party.
  • Where you choose to opt-in to one of our Merchant Loyalty Programmes, linking your on- going Transaction Information to your Zeal account to build a profile about you and sharing your data and Transaction Information with that Loyalty Merchant to enable you to earn loyalty points or rewards and enable our Merchants to gain insights on your spending activities in their stores.
  • We have your consent
  • Linking your historic Transaction Information at the Loyalty Merchant's stores prior to you onboarding as a Zeal Customer with your Zeal account so that you can earn further loyalty points and rewards and our Loyalty Merchants gain additional insights on your spending activities.
 You have given us consent
  • To send you marketing communications about the Merchant Loyalty Programmes (including contests, sweepstakes, and any other marketing activities) which we believe may be relevant to you based on the information we have processed about you such as your Transaction Information.
  • You have given us consent.
  • To track customer journey analytics and experience improvements on our mobile app and online portal
  • You have given us consent.
  • We have a legitimate business interest to improve customer experience.
  • [For quality and training purposes (through recorded/monitored phones calls)]
  • We have a legitimate interest to develop and improve our services and products.
  • To comply with our legal or regulatory obligations.
  • Where we have a legal or regulatory obligation.
  • To communicate with you about the services we provide to you and assist with any complaints or data subject rights requests you may have
  • We have a legitimate business interest to handle and assist with any complaints you may have.
  • We have a legal/regulatory obligation.
  • To enforce applicable terms of use or as necessary to establish, exercise and defend legal rights
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • The processing is necessary for compliance with a legal or regulatory obligation; or
  • We, or a third party, have a legitimate interest in using your personal data to enforce our terms of use and establish, exercise, and defend legal rights.
(d). Who will we share your personal data with?

We share data with:

  • Loyalty Merchants, when you have opted-in to the relevant Merchant Loyalty Programme via our mobile app or online portal;
  • Our third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers; document management providers, software providers and information security providers;
  • Regulators and law enforcement agencies including the UK's Information Commissioner's Office;
  • Any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
  • Any companies that are in the process of joining Zeal, for example due to a merger, restructuring re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions.

4. DATA TRANSFERS

4.1. The personal data that we collect from you may be transferred to and processed in a destination outside of the UK and the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together "EEA").

4.2. It may also be processed by staff operating outside the UK and the EEA who work for us.

4.3. Examples of our regular transfers include:

  • To our staff based in Egypt for customer management purposes;

4.4. Our safeguards for transfers include:

  • Transferring personal data to a country or jurisdiction which has been deemed 'adequate' by either the UK government or the European Commission (as applicable) i.e. that country or jurisdiction provides an adequate level of protection to that of UK and EU;
  • Entering into a contract with an organisation which we are sharing your information on terms approved as applicable by either the EU (EU Standard Contractual Clauses) or the UK (UK Addendum to the EU Standard Contractual Clauses or the UK's International Data Transfer Agreement). These are sets of contractual wording which has been issued to safeguard transfers compliantly in accordance with Data Protection Legislation); or
  • The recipient of personal data in the United States has self-certified with either the EU-US Privacy Framework or UK Data Bridge to the EU-US Privacy Framework as applicable.

4.5. To find out more about how your personal data is protected when it is transferred outside the UK and the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact us with the details provided in section 8.

5. HOW DO WE PROTECT YOUR INFORMATION?

5.1. We take the protection of your personal data seriously. We implement a range of technical, physical and organisational measures to ensure that your personal data is kept confidential and secure; these include but are not limited to:

  • Implementing access controls so that personal data is restricted to those who need to access or process it for the purposes set out in this Privacy Notice;
  • Maintaining our internal data protection and security policies which govern the use, storage, protection and general processing of personal data;
  • Implementing firewalls, password protections and encryption; and
  • Providing employees with regular data protection training.

5.2. Please note that where we have provided you with or you have created a password or a link related to your mobile user application, you are responsible for keeping this password and link safe and confidential. Please do not share them with anyone.

6. HOW LONG DO WE RETAIN YOUR INFORMATION FOR?

6.1. We will only keep your personal data for as long as is necessary to fulfil the purposes set out in this Privacy Notice and to comply with our legal and regulatory obligations.

6.2. The period for which we keep your personal data will therefore depend on your relationship with us and the type of personal data. This includes:

    Pre-onboarding

    See section 3.1(d).

    Onboarded Zeal Customer who does not provide additional consent for their historical Transaction Information to be linked to their Zeal account or withdraws their consent

    The historic Transaction Information will be immediately de-identified.

    Onboarded Zeal Customer who opts-out from a Merchant Loyalty Scheme

    We will stop sending you marketing communications about this particular Merchant's Loyalty Scheme. The Loyalty Merchant will still be able to recognise when the card you have associated with your Zeal account is used to make a payment in one of their in- person stores but they will no longer be able to access from us any directly identifiable information about you

6.3. In most circumstances, we will delete your personal data within 30 days from when our relationship with you ends.

6.4. Sometimes, we may to keep your information for longer. The reasons for this can include for our legitimate purposes, such as dealing with disputes. If we do not need to keep information for this length of time, we may destroy, delete or anonymise it sooner.

6.5. If you have any questions in relation to the retention of your personal data, please contact please contact us with the details provided in section 8.

7. YOUR RIGHTS

7.1. It is important that any personal data we hold about you is both accurate and up to date. Please keep us informed if your personal data changes.

7.2. Data Protection Legislation gives you a number of the rights (as set out below) which you can exercise at any time by contacting us using the details provided in section 8. These are the:

  • Right to access your personal data: you are entitled to a copy of the personal data we hold about you and certain details of how we use it;

  • Right to rectification: you can ask us to correct any information about you that may be out of date, incorrect or incomplete;

  • Right to restrict processing: in certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate;

  • Right to erasure: you have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors (for example, we may have legal obligations which mean we cannot comply with your request);

  • Right to withdraw consent: we may ask for your consent for certain uses of your personal data – we have indicated in this Privacy Notice where we do need or act on your consent. You have the right to withdraw your consent(s) at any time;

  • Right to lodge a complaint with your local data protection authority if you have concerns regarding your rights under local law. In the UK, the data protection authority is the Information Commissioner's Office: you can find out more information at the Information Commissioner’s Office website: https://ico.org.uk/make-a-complaint or get in touch by post or phone:

      Post

      Information Commissioner’s Office
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire
      SK9 5AF

      Helpline number

      0303 123 1113

      Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

  • Right to data portability: you have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice. This right is not applicable where the lawful basis for the data processing is legitimate interests or legal or regulatory obligations as indicated above in this Privacy Notice.

  • Right to object to processing: where we process your personal data based on our legitimate business interests (as indicated in this Privacy Notice), you can object to our processing. We will consider your objection and sometimes we may be entitled to continue and/or to refuse your request;

7.3. We currently do not carry out any solely automated decision-making.

7.4. If you make a request, we must respond to you without undue delay and in any event within one month. Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason and we will always respond to any request you make.

7.5. There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restrict processing and the right to withdraw consent) will mean we can no longer provide you with our services and it may therefore result in the cancellation of our contract with you. We will inform you of these consequences when you exercise your right.

8. CONTACTING US

8.1. If you have a question about this Privacy Notice, how we use your personal data, if you’re not happy with how we process your personal data or you would like to withdraw your consent(s), please contact us

  • By email: support@zealioltd.freshdesk.com
  • By post: Zeal IO Limited, 85 Great Portland Street, First Floor, London, England, W1W 7LT
  • Through our mobile app or online portal

Merchant privacy policy

1. INTRODUCTION

We are Zeal IO Ltd ("Zeal", "we", "us" or "our") and operate under the name Zeal. This privacy notice sets out:

  • What personal data we collect about you and what we use it for
  • Who we share your information with
  • How we protect your information
  • How long we keep your information for
  • Your rights.
  • How to contact us.

This Privacy Notice was last updated on 28th October 2024. Over time, we'll improve our services and products and we also expect to develop new ones. If this materially changes how we process your personal data we will update this policy. You should check our website or mobile app periodically to view our most up to date privacy notice.

2. ABOUT US AND OUR MERCHANT LOYALTY PROGRAMMES

Zeal provides a service that enables our partnering merchants ("Merchants") to recognise when a particular payment card is used to make a payment in one of their in-person stores. This involves Zeal collecting transaction information from the point of sale card payment terminals in the Merchant's stores which you use to make a payment ("Payment Terminals"). This information does not enable us to identify you.

When you make a payment, you will be able to enter your phone number into the Payment Terminal. If you choose to do this, we will send you a text with a link so that you can download the Zeal mobile app or access our online portal to create a Zeal account.

By creating a Zeal account you will be able to opt-in to the loyalty programme we provide on behalf of that M Merchant ("Loyalty Merchant") ("Merchant Loyalty Programme"). From this point onwards, we will recognise all the payments you make each time you use your payment card in any of that Loyalty Merchant's stores by linking the transaction information with your Zeal account. This enables you to benefit from points or rewards for purchases made with an eligible card at an in-person store of that Loyalty Merchant and to redeem those points or rewards for promotions, discounts, cashback, rebates, sweepstakes, special offers or other benefits. From this point onwards, we will also recognise when your card is used in the stores of other Merchants, but will only link that information with your Zeal account if you choose to opt-in to the Loyalty Programme we provide for that particular Merchant.

The Loyalty Merchant will also be able to see insights on your spending activities in their stores along with related transaction . Where you have consented to receive marketing from us, we will send you marketing which we believe will be of interest to you by email, text, mobile app, online and through other forms of electronic communication. Zeal will not share any of your contact information with the Merchants for their own marketing purposes.

In order to provide the services described above, we need to process the personal data described below and we will be acting as a controller of such personal data when we do so. This means that we are responsible for the processing of your personal data in compliance with applicable European Union and United Kingdom data protection laws, such as the UK GDPR and EU GDPR (together referred to as the "Data Protection Legislation").

Please also note that "processing" shall refer to the collection, recording, storage, use, disclosure and generally any other uses, form of operations or dealings with personal data that we have.

3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

3.1. What is personal data?

Personal data is any information from which you can be directly or indirectly identified.

Data Protection Legislation requires companies to have a "lawful basis" to collect and use personal data. We provide you with information in the Payment Terminal before you are invited to provide your phone number referring you to this Privacy Notice and our Terms and Conditions.

Before creating a Zeal Account

(a). What personal data do we collect about you?

Phone number.

(b). How will we collect your personal data?

We will collect this personal data from the Payment Terminal once you choose to enter your phone number.

(c). What will you use your personal data for?

We rely on the lawful basis that it is necessary for legitimate business interests pursued by us and our Merchants and your interests and fundamental rights do not override those interests. Our legitimate interest is so that we can use your phone number to send you the SMS link to our mobile app or online portal so that you can you choose to create a Zeal account, where you have decided to input your phone number at the Payment Terminal for this purpose.

(d). What if you decide not create an account with Zeal?

If you do not complete your onboarding with Zeal within 2 weeks of receiving the SMS link, we will permanently delete your phone number from our systems.

If you complete your onboarding with Zeal, you will become a Zeal Customer and your personal data processed in line with section 3.2.

3.2. Zeal Customers

(a). What personal data do we collect about you?

  • Phone number;
  • Name;
  • Email address;
  • User login details for our mobile app and online portal;
  • Transaction information about the products and services you purchase from our Loyalty Merchants, including the Merchant identification, Payment Terminal identification, details of transactions including date, time and payment amount, and a non-functional card identification token when you make a payment in a Loyalty Merchant's in-person store ("Transaction Information");
  • Records of correspondence and other communications between us including emails, text messages, telephone calls;
  • Records of consent, where appropriate;
  • Information about your marketing preferences;
  • If you have provided consent (see section 3.2(c)), historic Transaction Information about payments made using your card in the stores of that Loyalty Merchant before you onboarded as a Zeal Customer. We are able to recognise this information were you used the same payment card to make the historical transactions.

(b). How will we collect personal data?

Most personal data is collected directly from you, for example:

  • When you onboard as a Zeal customer;
  • When you consent to receive marketing information from us; and
  • Each time you interact with us (e.g. via our mobile app, or via email).

We also collect personal data from:

  • The acquiring banks that processes credit or debit card payments on behalf of our Merchants.

(c). What will you use your personal data for?

Data Protection Legislation requires companies to have a "lawful basis" to collect and use personal data. We rely on the following lawful bases:

  • Consent;
  • Where it is necessary for legitimate business interests pursued by us or our Merchants and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interests;
  • Where it is necessary for entering into, or performance of a contract to which

you are party; and

  • Where we have a legal or regulatory obligation.
Purpose for processing Lawful Basis
  • Using your phone number to send you a text message so that you can download our mobile app or access our online portal.
  • We have a legitimate interest in using your data to provide our services
  • Creating and managing your Zeal account including administering our Merchant Loyalty Programmes.
  • The processing is necessary for entering into, or performance of a contract to which you are party.
  • Where you choose to opt-in to one of our Merchant Loyalty Programmes, linking your on- going Transaction Information to your Zeal account to build a profile about you and sharing your data and Transaction Information with that Loyalty Merchant to enable you to earn loyalty points or rewards and enable our Merchants to gain insights on your spending activities in their stores.
  • We have your consent
  • Linking your historic Transaction Information at the Loyalty Merchant's stores prior to you onboarding as a Zeal Customer with your Zeal account so that you can earn further loyalty points and rewards and our Loyalty Merchants gain additional insights on your spending activities.
 You have given us consent
  • To send you marketing communications about the Merchant Loyalty Programmes (including contests, sweepstakes, and any other marketing activities) which we believe may be relevant to you based on the information we have processed about you such as your Transaction Information.
  • You have given us consent.
  • To track customer journey analytics and experience improvements on our mobile app and online portal
  • You have given us consent.
  • We have a legitimate business interest to improve customer experience.
  • [For quality and training purposes (through recorded/monitored phones calls)]
  • We have a legitimate interest to develop and improve our services and products.
  • To comply with our legal or regulatory obligations.
  • Where we have a legal or regulatory obligation.
  • To communicate with you about the services we provide to you and assist with any complaints or data subject rights requests you may have
  • We have a legitimate business interest to handle and assist with any complaints you may have.
  • We have a legal/regulatory obligation.
  • To enforce applicable terms of use or as necessary to establish, exercise and defend legal rights
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • The processing is necessary for compliance with a legal or regulatory obligation; or
  • We, or a third party, have a legitimate interest in using your personal data to enforce our terms of use and establish, exercise, and defend legal rights.
(d). Who will we share your personal data with?

We share data with:

  • Loyalty Merchants, when you have opted-in to the relevant Merchant Loyalty Programme via our mobile app or online portal;
  • Our third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers; document management providers, software providers and information security providers;
  • Regulators and law enforcement agencies including the UK's Information Commissioner's Office;
  • Any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
  • Any companies that are in the process of joining Zeal, for example due to a merger, restructuring re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions.

4. DATA TRANSFERS

4.1. The personal data that we collect from you may be transferred to and processed in a destination outside of the UK and the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together "EEA").

4.2. It may also be processed by staff operating outside the UK and the EEA who work for us.

4.3. Examples of our regular transfers include:

  • To our staff based in Egypt for customer management purposes;

4.4. Our safeguards for transfers include:

  • Transferring personal data to a country or jurisdiction which has been deemed 'adequate' by either the UK government or the European Commission (as applicable) i.e. that country or jurisdiction provides an adequate level of protection to that of UK and EU;
  • Entering into a contract with an organisation which we are sharing your information on terms approved as applicable by either the EU (EU Standard Contractual Clauses) or the UK (UK Addendum to the EU Standard Contractual Clauses or the UK's International Data Transfer Agreement). These are sets of contractual wording which has been issued to safeguard transfers compliantly in accordance with Data Protection Legislation); or
  • The recipient of personal data in the United States has self-certified with either the EU-US Privacy Framework or UK Data Bridge to the EU-US Privacy Framework as applicable.

4.5. To find out more about how your personal data is protected when it is transferred outside the UK and the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact us with the details provided in section 8.

5. HOW DO WE PROTECT YOUR INFORMATION?

5.1. We take the protection of your personal data seriously. We implement a range of technical, physical and organisational measures to ensure that your personal data is kept confidential and secure; these include but are not limited to:

  • Implementing access controls so that personal data is restricted to those who need to access or process it for the purposes set out in this Privacy Notice;
  • Maintaining our internal data protection and security policies which govern the use, storage, protection and general processing of personal data;
  • Implementing firewalls, password protections and encryption; and
  • Providing employees with regular data protection training.

5.2. Please note that where we have provided you with or you have created a password or a link related to your mobile user application, you are responsible for keeping this password and link safe and confidential. Please do not share them with anyone.

6. HOW LONG DO WE RETAIN YOUR INFORMATION FOR?

6.1. We will only keep your personal data for as long as is necessary to fulfil the purposes set out in this Privacy Notice and to comply with our legal and regulatory obligations.

6.2. The period for which we keep your personal data will therefore depend on your relationship with us and the type of personal data. This includes:

    Pre-onboarding

    See section 3.1(d).

    Onboarded Zeal Customer who does not provide additional consent for their historical Transaction Information to be linked to their Zeal account or withdraws their consent

    The historic Transaction Information will be immediately de-identified.

    Onboarded Zeal Customer who opts-out from a Merchant Loyalty Scheme

    We will stop sending you marketing communications about this particular Merchant's Loyalty Scheme. The Loyalty Merchant will still be able to recognise when the card you have associated with your Zeal account is used to make a payment in one of their in- person stores but they will no longer be able to access from us any directly identifiable information about you

6.3. In most circumstances, we will delete your personal data within 30 days from when our relationship with you ends.

6.4. Sometimes, we may to keep your information for longer. The reasons for this can include for our legitimate purposes, such as dealing with disputes. If we do not need to keep information for this length of time, we may destroy, delete or anonymise it sooner.

6.5. If you have any questions in relation to the retention of your personal data, please contact please contact us with the details provided in section 8.

7. YOUR RIGHTS

7.1. It is important that any personal data we hold about you is both accurate and up to date. Please keep us informed if your personal data changes.

7.2. Data Protection Legislation gives you a number of the rights (as set out below) which you can exercise at any time by contacting us using the details provided in section 8. These are the:

  • Right to access your personal data: you are entitled to a copy of the personal data we hold about you and certain details of how we use it;

  • Right to rectification: you can ask us to correct any information about you that may be out of date, incorrect or incomplete;

  • Right to restrict processing: in certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate;

  • Right to erasure: you have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors (for example, we may have legal obligations which mean we cannot comply with your request);

  • Right to withdraw consent: we may ask for your consent for certain uses of your personal data – we have indicated in this Privacy Notice where we do need or act on your consent. You have the right to withdraw your consent(s) at any time;

  • Right to lodge a complaint with your local data protection authority if you have concerns regarding your rights under local law. In the UK, the data protection authority is the Information Commissioner's Office: you can find out more information at the Information Commissioner’s Office website: https://ico.org.uk/make-a-complaint or get in touch by post or phone:

      Post

      Information Commissioner’s Office
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire
      SK9 5AF

      Helpline number

      0303 123 1113

      Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

  • Right to data portability: you have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice. This right is not applicable where the lawful basis for the data processing is legitimate interests or legal or regulatory obligations as indicated above in this Privacy Notice.

  • Right to object to processing: where we process your personal data based on our legitimate business interests (as indicated in this Privacy Notice), you can object to our processing. We will consider your objection and sometimes we may be entitled to continue and/or to refuse your request;

7.3. We currently do not carry out any solely automated decision-making.

7.4. If you make a request, we must respond to you without undue delay and in any event within one month. Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason and we will always respond to any request you make.

7.5. There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restrict processing and the right to withdraw consent) will mean we can no longer provide you with our services and it may therefore result in the cancellation of our contract with you. We will inform you of these consequences when you exercise your right.

8. CONTACTING US

8.1. If you have a question about this Privacy Notice, how we use your personal data, if you’re not happy with how we process your personal data or you would like to withdraw your consent(s), please contact us

  • By email: support@zealioltd.freshdesk.com
  • By post: Zeal IO Limited, 85 Great Portland Street, First Floor, London, England, W1W 7LT
  • Through our mobile app or online portal

Website privacy policy

1. INTRODUCTION

We are Zeal IO Ltd ("Zeal", "we", "us" or "our") and operate under the name Zeal. This privacy notice sets out:

  • What personal data we collect about you and what we use it for
  • Who we share your information with
  • How we protect your information
  • How long we keep your information for
  • Your rights.
  • How to contact us.

This Privacy Notice was last updated on 28th October 2024. Over time, we'll improve our services and products and we also expect to develop new ones. If this materially changes how we process your personal data we will update this policy. You should check our website or mobile app periodically to view our most up to date privacy notice.

2. ABOUT US AND OUR MERCHANT LOYALTY PROGRAMMES

Zeal provides a service that enables our partnering merchants ("Merchants") to recognise when a particular payment card is used to make a payment in one of their in-person stores. This involves Zeal collecting transaction information from the point of sale card payment terminals in the Merchant's stores which you use to make a payment ("Payment Terminals"). This information does not enable us to identify you.

When you make a payment, you will be able to enter your phone number into the Payment Terminal. If you choose to do this, we will send you a text with a link so that you can download the Zeal mobile app or access our online portal to create a Zeal account.

By creating a Zeal account you will be able to opt-in to the loyalty programme we provide on behalf of that M Merchant ("Loyalty Merchant") ("Merchant Loyalty Programme"). From this point onwards, we will recognise all the payments you make each time you use your payment card in any of that Loyalty Merchant's stores by linking the transaction information with your Zeal account. This enables you to benefit from points or rewards for purchases made with an eligible card at an in-person store of that Loyalty Merchant and to redeem those points or rewards for promotions, discounts, cashback, rebates, sweepstakes, special offers or other benefits. From this point onwards, we will also recognise when your card is used in the stores of other Merchants, but will only link that information with your Zeal account if you choose to opt-in to the Loyalty Programme we provide for that particular Merchant.

The Loyalty Merchant will also be able to see insights on your spending activities in their stores along with related transaction . Where you have consented to receive marketing from us, we will send you marketing which we believe will be of interest to you by email, text, mobile app, online and through other forms of electronic communication. Zeal will not share any of your contact information with the Merchants for their own marketing purposes.

In order to provide the services described above, we need to process the personal data described below and we will be acting as a controller of such personal data when we do so. This means that we are responsible for the processing of your personal data in compliance with applicable European Union and United Kingdom data protection laws, such as the UK GDPR and EU GDPR (together referred to as the "Data Protection Legislation").

Please also note that "processing" shall refer to the collection, recording, storage, use, disclosure and generally any other uses, form of operations or dealings with personal data that we have.

3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

3.1. What is personal data?

Personal data is any information from which you can be directly or indirectly identified.

Data Protection Legislation requires companies to have a "lawful basis" to collect and use personal data. We provide you with information in the Payment Terminal before you are invited to provide your phone number referring you to this Privacy Notice and our Terms and Conditions.

Before creating a Zeal Account

(a). What personal data do we collect about you?

Phone number.

(b). How will we collect your personal data?

We will collect this personal data from the Payment Terminal once you choose to enter your phone number.

(c). What will you use your personal data for?

We rely on the lawful basis that it is necessary for legitimate business interests pursued by us and our Merchants and your interests and fundamental rights do not override those interests. Our legitimate interest is so that we can use your phone number to send you the SMS link to our mobile app or online portal so that you can you choose to create a Zeal account, where you have decided to input your phone number at the Payment Terminal for this purpose.

(d). What if you decide not create an account with Zeal?

If you do not complete your onboarding with Zeal within 2 weeks of receiving the SMS link, we will permanently delete your phone number from our systems.

If you complete your onboarding with Zeal, you will become a Zeal Customer and your personal data processed in line with section 3.2.

3.2. Zeal Customers

(a). What personal data do we collect about you?

  • Phone number;
  • Name;
  • Email address;
  • User login details for our mobile app and online portal;
  • Transaction information about the products and services you purchase from our Loyalty Merchants, including the Merchant identification, Payment Terminal identification, details of transactions including date, time and payment amount, and a non-functional card identification token when you make a payment in a Loyalty Merchant's in-person store ("Transaction Information");
  • Records of correspondence and other communications between us including emails, text messages, telephone calls;
  • Records of consent, where appropriate;
  • Information about your marketing preferences;
  • If you have provided consent (see section 3.2(c)), historic Transaction Information about payments made using your card in the stores of that Loyalty Merchant before you onboarded as a Zeal Customer. We are able to recognise this information were you used the same payment card to make the historical transactions.

(b). How will we collect personal data?

Most personal data is collected directly from you, for example:

  • When you onboard as a Zeal customer;
  • When you consent to receive marketing information from us; and
  • Each time you interact with us (e.g. via our mobile app, or via email).

We also collect personal data from:

  • The acquiring banks that processes credit or debit card payments on behalf of our Merchants.

(c). What will you use your personal data for?

Data Protection Legislation requires companies to have a "lawful basis" to collect and use personal data. We rely on the following lawful bases:

  • Consent;
  • Where it is necessary for legitimate business interests pursued by us or our Merchants and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interests;
  • Where it is necessary for entering into, or performance of a contract to which

you are party; and

  • Where we have a legal or regulatory obligation.
Purpose for processing Lawful Basis
  • Using your phone number to send you a text message so that you can download our mobile app or access our online portal.
  • We have a legitimate interest in using your data to provide our services
  • Creating and managing your Zeal account including administering our Merchant Loyalty Programmes.
  • The processing is necessary for entering into, or performance of a contract to which you are party.
  • Where you choose to opt-in to one of our Merchant Loyalty Programmes, linking your on- going Transaction Information to your Zeal account to build a profile about you and sharing your data and Transaction Information with that Loyalty Merchant to enable you to earn loyalty points or rewards and enable our Merchants to gain insights on your spending activities in their stores.
  • We have your consent
  • Linking your historic Transaction Information at the Loyalty Merchant's stores prior to you onboarding as a Zeal Customer with your Zeal account so that you can earn further loyalty points and rewards and our Loyalty Merchants gain additional insights on your spending activities.
 You have given us consent
  • To send you marketing communications about the Merchant Loyalty Programmes (including contests, sweepstakes, and any other marketing activities) which we believe may be relevant to you based on the information we have processed about you such as your Transaction Information.
  • You have given us consent.
  • To track customer journey analytics and experience improvements on our mobile app and online portal
  • You have given us consent.
  • We have a legitimate business interest to improve customer experience.
  • [For quality and training purposes (through recorded/monitored phones calls)]
  • We have a legitimate interest to develop and improve our services and products.
  • To comply with our legal or regulatory obligations.
  • Where we have a legal or regulatory obligation.
  • To communicate with you about the services we provide to you and assist with any complaints or data subject rights requests you may have
  • We have a legitimate business interest to handle and assist with any complaints you may have.
  • We have a legal/regulatory obligation.
  • To enforce applicable terms of use or as necessary to establish, exercise and defend legal rights
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • The processing is necessary for compliance with a legal or regulatory obligation; or
  • We, or a third party, have a legitimate interest in using your personal data to enforce our terms of use and establish, exercise, and defend legal rights.
(d). Who will we share your personal data with?

We share data with:

  • Loyalty Merchants, when you have opted-in to the relevant Merchant Loyalty Programme via our mobile app or online portal;
  • Our third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers; document management providers, software providers and information security providers;
  • Regulators and law enforcement agencies including the UK's Information Commissioner's Office;
  • Any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
  • Any companies that are in the process of joining Zeal, for example due to a merger, restructuring re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions.

4. DATA TRANSFERS

4.1. The personal data that we collect from you may be transferred to and processed in a destination outside of the UK and the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together "EEA").

4.2. It may also be processed by staff operating outside the UK and the EEA who work for us.

4.3. Examples of our regular transfers include:

  • To our staff based in Egypt for customer management purposes;

4.4. Our safeguards for transfers include:

  • Transferring personal data to a country or jurisdiction which has been deemed 'adequate' by either the UK government or the European Commission (as applicable) i.e. that country or jurisdiction provides an adequate level of protection to that of UK and EU;
  • Entering into a contract with an organisation which we are sharing your information on terms approved as applicable by either the EU (EU Standard Contractual Clauses) or the UK (UK Addendum to the EU Standard Contractual Clauses or the UK's International Data Transfer Agreement). These are sets of contractual wording which has been issued to safeguard transfers compliantly in accordance with Data Protection Legislation); or
  • The recipient of personal data in the United States has self-certified with either the EU-US Privacy Framework or UK Data Bridge to the EU-US Privacy Framework as applicable.

4.5. To find out more about how your personal data is protected when it is transferred outside the UK and the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact us with the details provided in section 8.

5. HOW DO WE PROTECT YOUR INFORMATION?

5.1. We take the protection of your personal data seriously. We implement a range of technical, physical and organisational measures to ensure that your personal data is kept confidential and secure; these include but are not limited to:

  • Implementing access controls so that personal data is restricted to those who need to access or process it for the purposes set out in this Privacy Notice;
  • Maintaining our internal data protection and security policies which govern the use, storage, protection and general processing of personal data;
  • Implementing firewalls, password protections and encryption; and
  • Providing employees with regular data protection training.

5.2. Please note that where we have provided you with or you have created a password or a link related to your mobile user application, you are responsible for keeping this password and link safe and confidential. Please do not share them with anyone.

6. HOW LONG DO WE RETAIN YOUR INFORMATION FOR?

6.1. We will only keep your personal data for as long as is necessary to fulfil the purposes set out in this Privacy Notice and to comply with our legal and regulatory obligations.

6.2. The period for which we keep your personal data will therefore depend on your relationship with us and the type of personal data. This includes:

    Pre-onboarding

    See section 3.1(d).

    Onboarded Zeal Customer who does not provide additional consent for their historical Transaction Information to be linked to their Zeal account or withdraws their consent

    The historic Transaction Information will be immediately de-identified.

    Onboarded Zeal Customer who opts-out from a Merchant Loyalty Scheme

    We will stop sending you marketing communications about this particular Merchant's Loyalty Scheme. The Loyalty Merchant will still be able to recognise when the card you have associated with your Zeal account is used to make a payment in one of their in- person stores but they will no longer be able to access from us any directly identifiable information about you

6.3. In most circumstances, we will delete your personal data within 30 days from when our relationship with you ends.

6.4. Sometimes, we may to keep your information for longer. The reasons for this can include for our legitimate purposes, such as dealing with disputes. If we do not need to keep information for this length of time, we may destroy, delete or anonymise it sooner.

6.5. If you have any questions in relation to the retention of your personal data, please contact please contact us with the details provided in section 8.

7. YOUR RIGHTS

7.1. It is important that any personal data we hold about you is both accurate and up to date. Please keep us informed if your personal data changes.

7.2. Data Protection Legislation gives you a number of the rights (as set out below) which you can exercise at any time by contacting us using the details provided in section 8. These are the:

  • Right to access your personal data: you are entitled to a copy of the personal data we hold about you and certain details of how we use it;

  • Right to rectification: you can ask us to correct any information about you that may be out of date, incorrect or incomplete;

  • Right to restrict processing: in certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate;

  • Right to erasure: you have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors (for example, we may have legal obligations which mean we cannot comply with your request);

  • Right to withdraw consent: we may ask for your consent for certain uses of your personal data – we have indicated in this Privacy Notice where we do need or act on your consent. You have the right to withdraw your consent(s) at any time;

  • Right to lodge a complaint with your local data protection authority if you have concerns regarding your rights under local law. In the UK, the data protection authority is the Information Commissioner's Office: you can find out more information at the Information Commissioner’s Office website: https://ico.org.uk/make-a-complaint or get in touch by post or phone:

      Post

      Information Commissioner’s Office
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire
      SK9 5AF

      Helpline number

      0303 123 1113

      Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

  • Right to data portability: you have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice. This right is not applicable where the lawful basis for the data processing is legitimate interests or legal or regulatory obligations as indicated above in this Privacy Notice.

  • Right to object to processing: where we process your personal data based on our legitimate business interests (as indicated in this Privacy Notice), you can object to our processing. We will consider your objection and sometimes we may be entitled to continue and/or to refuse your request;

7.3. We currently do not carry out any solely automated decision-making.

7.4. If you make a request, we must respond to you without undue delay and in any event within one month. Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason and we will always respond to any request you make.

7.5. There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restrict processing and the right to withdraw consent) will mean we can no longer provide you with our services and it may therefore result in the cancellation of our contract with you. We will inform you of these consequences when you exercise your right.

8. CONTACTING US

8.1. If you have a question about this Privacy Notice, how we use your personal data, if you’re not happy with how we process your personal data or you would like to withdraw your consent(s), please contact us

  • By email: support@zealioltd.freshdesk.com
  • By post: Zeal IO Limited, 85 Great Portland Street, First Floor, London, England, W1W 7LT
  • Through our mobile app or online portal

Acquirer privacy policy

1. INTRODUCTION

We are Zeal IO Ltd ("Zeal", "we", "us" or "our") and operate under the name Zeal. This privacy notice sets out:

  • What personal data we collect about you and what we use it for
  • Who we share your information with
  • How we protect your information
  • How long we keep your information for
  • Your rights.
  • How to contact us.

This Privacy Notice was last updated on 28th October 2024. Over time, we'll improve our services and products and we also expect to develop new ones. If this materially changes how we process your personal data we will update this policy. You should check our website or mobile app periodically to view our most up to date privacy notice.

2. ABOUT US AND OUR MERCHANT LOYALTY PROGRAMMES

Zeal provides a service that enables our partnering merchants ("Merchants") to recognise when a particular payment card is used to make a payment in one of their in-person stores. This involves Zeal collecting transaction information from the point of sale card payment terminals in the Merchant's stores which you use to make a payment ("Payment Terminals"). This information does not enable us to identify you.

When you make a payment, you will be able to enter your phone number into the Payment Terminal. If you choose to do this, we will send you a text with a link so that you can download the Zeal mobile app or access our online portal to create a Zeal account.

By creating a Zeal account you will be able to opt-in to the loyalty programme we provide on behalf of that M Merchant ("Loyalty Merchant") ("Merchant Loyalty Programme"). From this point onwards, we will recognise all the payments you make each time you use your payment card in any of that Loyalty Merchant's stores by linking the transaction information with your Zeal account. This enables you to benefit from points or rewards for purchases made with an eligible card at an in-person store of that Loyalty Merchant and to redeem those points or rewards for promotions, discounts, cashback, rebates, sweepstakes, special offers or other benefits. From this point onwards, we will also recognise when your card is used in the stores of other Merchants, but will only link that information with your Zeal account if you choose to opt-in to the Loyalty Programme we provide for that particular Merchant.

The Loyalty Merchant will also be able to see insights on your spending activities in their stores along with related transaction . Where you have consented to receive marketing from us, we will send you marketing which we believe will be of interest to you by email, text, mobile app, online and through other forms of electronic communication. Zeal will not share any of your contact information with the Merchants for their own marketing purposes.

In order to provide the services described above, we need to process the personal data described below and we will be acting as a controller of such personal data when we do so. This means that we are responsible for the processing of your personal data in compliance with applicable European Union and United Kingdom data protection laws, such as the UK GDPR and EU GDPR (together referred to as the "Data Protection Legislation").

Please also note that "processing" shall refer to the collection, recording, storage, use, disclosure and generally any other uses, form of operations or dealings with personal data that we have.

3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

3.1. What is personal data?

Personal data is any information from which you can be directly or indirectly identified.

Data Protection Legislation requires companies to have a "lawful basis" to collect and use personal data. We provide you with information in the Payment Terminal before you are invited to provide your phone number referring you to this Privacy Notice and our Terms and Conditions.

Before creating a Zeal Account

(a). What personal data do we collect about you?

Phone number.

(b). How will we collect your personal data?

We will collect this personal data from the Payment Terminal once you choose to enter your phone number.

(c). What will you use your personal data for?

We rely on the lawful basis that it is necessary for legitimate business interests pursued by us and our Merchants and your interests and fundamental rights do not override those interests. Our legitimate interest is so that we can use your phone number to send you the SMS link to our mobile app or online portal so that you can you choose to create a Zeal account, where you have decided to input your phone number at the Payment Terminal for this purpose.

(d). What if you decide not create an account with Zeal?

If you do not complete your onboarding with Zeal within 2 weeks of receiving the SMS link, we will permanently delete your phone number from our systems.

If you complete your onboarding with Zeal, you will become a Zeal Customer and your personal data processed in line with section 3.2.

3.2. Zeal Customers

(a). What personal data do we collect about you?

  • Phone number;
  • Name;
  • Email address;
  • User login details for our mobile app and online portal;
  • Transaction information about the products and services you purchase from our Loyalty Merchants, including the Merchant identification, Payment Terminal identification, details of transactions including date, time and payment amount, and a non-functional card identification token when you make a payment in a Loyalty Merchant's in-person store ("Transaction Information");
  • Records of correspondence and other communications between us including emails, text messages, telephone calls;
  • Records of consent, where appropriate;
  • Information about your marketing preferences;
  • If you have provided consent (see section 3.2(c)), historic Transaction Information about payments made using your card in the stores of that Loyalty Merchant before you onboarded as a Zeal Customer. We are able to recognise this information were you used the same payment card to make the historical transactions.

(b). How will we collect personal data?

Most personal data is collected directly from you, for example:

  • When you onboard as a Zeal customer;
  • When you consent to receive marketing information from us; and
  • Each time you interact with us (e.g. via our mobile app, or via email).

We also collect personal data from:

  • The acquiring banks that processes credit or debit card payments on behalf of our Merchants.

(c). What will you use your personal data for?

Data Protection Legislation requires companies to have a "lawful basis" to collect and use personal data. We rely on the following lawful bases:

  • Consent;
  • Where it is necessary for legitimate business interests pursued by us or our Merchants and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interests;
  • Where it is necessary for entering into, or performance of a contract to which

you are party; and

  • Where we have a legal or regulatory obligation.
Purpose for processing Lawful Basis
  • Using your phone number to send you a text message so that you can download our mobile app or access our online portal.
  • We have a legitimate interest in using your data to provide our services
  • Creating and managing your Zeal account including administering our Merchant Loyalty Programmes.
  • The processing is necessary for entering into, or performance of a contract to which you are party.
  • Where you choose to opt-in to one of our Merchant Loyalty Programmes, linking your on- going Transaction Information to your Zeal account to build a profile about you and sharing your data and Transaction Information with that Loyalty Merchant to enable you to earn loyalty points or rewards and enable our Merchants to gain insights on your spending activities in their stores.
  • We have your consent
  • Linking your historic Transaction Information at the Loyalty Merchant's stores prior to you onboarding as a Zeal Customer with your Zeal account so that you can earn further loyalty points and rewards and our Loyalty Merchants gain additional insights on your spending activities.
 You have given us consent
  • To send you marketing communications about the Merchant Loyalty Programmes (including contests, sweepstakes, and any other marketing activities) which we believe may be relevant to you based on the information we have processed about you such as your Transaction Information.
  • You have given us consent.
  • To track customer journey analytics and experience improvements on our mobile app and online portal
  • You have given us consent.
  • We have a legitimate business interest to improve customer experience.
  • [For quality and training purposes (through recorded/monitored phones calls)]
  • We have a legitimate interest to develop and improve our services and products.
  • To comply with our legal or regulatory obligations.
  • Where we have a legal or regulatory obligation.
  • To communicate with you about the services we provide to you and assist with any complaints or data subject rights requests you may have
  • We have a legitimate business interest to handle and assist with any complaints you may have.
  • We have a legal/regulatory obligation.
  • To enforce applicable terms of use or as necessary to establish, exercise and defend legal rights
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • The processing is necessary for compliance with a legal or regulatory obligation; or
  • We, or a third party, have a legitimate interest in using your personal data to enforce our terms of use and establish, exercise, and defend legal rights.
(d). Who will we share your personal data with?

We share data with:

  • Loyalty Merchants, when you have opted-in to the relevant Merchant Loyalty Programme via our mobile app or online portal;
  • Our third party service providers who support the operation of our business, such as IT and marketing suppliers, financial service providers; document management providers, software providers and information security providers;
  • Regulators and law enforcement agencies including the UK's Information Commissioner's Office;
  • Any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
  • Any companies that are in the process of joining Zeal, for example due to a merger, restructuring re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions.

4. DATA TRANSFERS

4.1. The personal data that we collect from you may be transferred to and processed in a destination outside of the UK and the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together "EEA").

4.2. It may also be processed by staff operating outside the UK and the EEA who work for us.

4.3. Examples of our regular transfers include:

  • To our staff based in Egypt for customer management purposes;

4.4. Our safeguards for transfers include:

  • Transferring personal data to a country or jurisdiction which has been deemed 'adequate' by either the UK government or the European Commission (as applicable) i.e. that country or jurisdiction provides an adequate level of protection to that of UK and EU;
  • Entering into a contract with an organisation which we are sharing your information on terms approved as applicable by either the EU (EU Standard Contractual Clauses) or the UK (UK Addendum to the EU Standard Contractual Clauses or the UK's International Data Transfer Agreement). These are sets of contractual wording which has been issued to safeguard transfers compliantly in accordance with Data Protection Legislation); or
  • The recipient of personal data in the United States has self-certified with either the EU-US Privacy Framework or UK Data Bridge to the EU-US Privacy Framework as applicable.

4.5. To find out more about how your personal data is protected when it is transferred outside the UK and the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact us with the details provided in section 8.

5. HOW DO WE PROTECT YOUR INFORMATION?

5.1. We take the protection of your personal data seriously. We implement a range of technical, physical and organisational measures to ensure that your personal data is kept confidential and secure; these include but are not limited to:

  • Implementing access controls so that personal data is restricted to those who need to access or process it for the purposes set out in this Privacy Notice;
  • Maintaining our internal data protection and security policies which govern the use, storage, protection and general processing of personal data;
  • Implementing firewalls, password protections and encryption; and
  • Providing employees with regular data protection training.

5.2. Please note that where we have provided you with or you have created a password or a link related to your mobile user application, you are responsible for keeping this password and link safe and confidential. Please do not share them with anyone.

6. HOW LONG DO WE RETAIN YOUR INFORMATION FOR?

6.1. We will only keep your personal data for as long as is necessary to fulfil the purposes set out in this Privacy Notice and to comply with our legal and regulatory obligations.

6.2. The period for which we keep your personal data will therefore depend on your relationship with us and the type of personal data. This includes:

    Pre-onboarding

    See section 3.1(d).

    Onboarded Zeal Customer who does not provide additional consent for their historical Transaction Information to be linked to their Zeal account or withdraws their consent

    The historic Transaction Information will be immediately de-identified.

    Onboarded Zeal Customer who opts-out from a Merchant Loyalty Scheme

    We will stop sending you marketing communications about this particular Merchant's Loyalty Scheme. The Loyalty Merchant will still be able to recognise when the card you have associated with your Zeal account is used to make a payment in one of their in- person stores but they will no longer be able to access from us any directly identifiable information about you

6.3. In most circumstances, we will delete your personal data within 30 days from when our relationship with you ends.

6.4. Sometimes, we may to keep your information for longer. The reasons for this can include for our legitimate purposes, such as dealing with disputes. If we do not need to keep information for this length of time, we may destroy, delete or anonymise it sooner.

6.5. If you have any questions in relation to the retention of your personal data, please contact please contact us with the details provided in section 8.

7. YOUR RIGHTS

7.1. It is important that any personal data we hold about you is both accurate and up to date. Please keep us informed if your personal data changes.

7.2. Data Protection Legislation gives you a number of the rights (as set out below) which you can exercise at any time by contacting us using the details provided in section 8. These are the:

  • Right to access your personal data: you are entitled to a copy of the personal data we hold about you and certain details of how we use it;

  • Right to rectification: you can ask us to correct any information about you that may be out of date, incorrect or incomplete;

  • Right to restrict processing: in certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate;

  • Right to erasure: you have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors (for example, we may have legal obligations which mean we cannot comply with your request);

  • Right to withdraw consent: we may ask for your consent for certain uses of your personal data – we have indicated in this Privacy Notice where we do need or act on your consent. You have the right to withdraw your consent(s) at any time;

  • Right to lodge a complaint with your local data protection authority if you have concerns regarding your rights under local law. In the UK, the data protection authority is the Information Commissioner's Office: you can find out more information at the Information Commissioner’s Office website: https://ico.org.uk/make-a-complaint or get in touch by post or phone:

      Post

      Information Commissioner’s Office
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire
      SK9 5AF

      Helpline number

      0303 123 1113

      Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

  • Right to data portability: you have the right, under certain circumstances, to ask that we transfer personal data that you have provided to us to another third party of your choice. This right is not applicable where the lawful basis for the data processing is legitimate interests or legal or regulatory obligations as indicated above in this Privacy Notice.

  • Right to object to processing: where we process your personal data based on our legitimate business interests (as indicated in this Privacy Notice), you can object to our processing. We will consider your objection and sometimes we may be entitled to continue and/or to refuse your request;

7.3. We currently do not carry out any solely automated decision-making.

7.4. If you make a request, we must respond to you without undue delay and in any event within one month. Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason and we will always respond to any request you make.

7.5. There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restrict processing and the right to withdraw consent) will mean we can no longer provide you with our services and it may therefore result in the cancellation of our contract with you. We will inform you of these consequences when you exercise your right.

8. CONTACTING US

8.1. If you have a question about this Privacy Notice, how we use your personal data, if you’re not happy with how we process your personal data or you would like to withdraw your consent(s), please contact us

  • By email: support@zealioltd.freshdesk.com
  • By post: Zeal IO Limited, 85 Great Portland Street, First Floor, London, England, W1W 7LT
  • Through our mobile app or online portal