Unless we tell you otherwise, the Policy applies as between ZAPPAR and any natural person who uses the ZAPPAR App or the ZAPPAR website. The Policy deals with our use of information collected by us in relation to your use of the ZAPPAR App or the ZAPPAR website.
equally, this Policy does not extend to any websites or services of third parties which can be accessed from the ZAPPAR Services including any links we may provide to social media sites.
In this Policy certain words with a Capital letter have a particular meaning. These are listed below:
|“Anonymous Information”||means information that does not identify and cannot reasonably be used to identify a specific individual. When Anonymous Information is associated with Personal Data, this Anonymous Information is treated by ZAPPAR as Personal Data.|
|“Content”||means content made available on or via the ZAPPAR Services. This might include Zaps, animation, documents, images, links, sound files, videos, text, and other stuff.|
|“Information”||means any or all information that you or your device send, submit or transmit to ZAPPAR via the ZAPPAR Services, including information automatically collected by us.|
|“IP Address”||means an Internet Protocol address, a number that is automatically assigned to your device when you use the internet and which may vary from session to session.|
|“Personal Data”||means any information which could be used to identify who you are, e.g. your name, email, home address, IP Address and may include other information such as identification numbers and location data.|
|“Third Party Content”||means Content which is owned or controlled by a person other than ZAPPAR including content which is licensed to us by a brand or an entertainment franchise; and Content which is published on our platform by users of our ZAPWORKS service.|
|“you”, “your”||means you, the natural person browsing the ZAPPAR Website, using the ZAPPAR App, or using other ZAPPAR Services.|
|“Zap”||means an augmented, virtual or mixed reality content experience.|
|“ZAPPAR”, “we”, “our”, “us”||means ZAPPAR Limited a limited liability company incorporated and registered in Scotland with company number SC394617.|
|“ZAPPAR App”||means our augmented reality interactive entertainment application for smartphones and tablets entitled ZAPPAR including all versions of that application published by us which may be available for download from time to time from the App Store or Google Play Store.|
|“ZAPPAR Services”||means collectively the ZAPPAR App, the ZAPPAR Website, our ZAPPAR POWERED products and any other applications, products or services of ZAPPAR which you may use unless excluded in the section entitled “What Does this Policy Not Apply to?”. A reference to “ZAPPAR Services” includes any and all related databases, features, functionality, plug-ins, software and web pages and with respect to ZAPPAR POWERED products, experiences and items any zapcode which appears on or within that product, experience or item.|
|“ZAPPAR Website”||means the official ZAPPAR website available at www.zappar.com.|
Where we refer to a “person” this includes individuals, companies, corporations, partnerships, limited liability partnerships, co-operatives, associations and other natural and legal persons.
In addition to the above defined terms, when we use the words “includes” or “including” we are not limiting ourselves in any way and mean “includes or including without limitation”.
The data controller is Zappar Limited, a limited liability company incorporated and registered in Scotland (company number SC394617). Our contact details are shown below in the section headed “How to Get in Touch”. Third parties, such as zapcode publishers, are the controllers with regard to the processing of your Personal Data in connection with your use of Third Party Content and, in that capacity, are solely responsible for compliance with applicable data protection and other legislation and regulation with regard to such processing.
As a data subject, you have the following rights under UK and EU data protection legislation (including the European General Data Protection Regulation (GDPR)), which this Policy and our use of Personal Data have been designed to uphold:
The right to be informed about our collection and use of Personal Data;
The right of access to the Personal Data we hold about you (see “How can you access your Personal Data”);
The right to rectification if any Personal Data we hold about you is inaccurate or incomplete (please contact us using the details in “How to Get in Touch”);
The right to be forgotten – i.e. the right to ask us to delete any Personal Data we hold about you;
The right to restrict (i.e. prevent) the processing of your Personal Data;
The right to data portability (obtaining a copy of your Personal Data to re-use with another service or organisation);
The right to object to us using your Personal Data for particular purposes; and
Rights with respect to automated decision making and profiling.
When making a request, please be aware that we may be unable to delete Information that resides in our archives, and the requested removal of certain Information may mean we are no longer able to provide you with all or certain parts of the ZAPPAR Services.
If you have any cause for complaint about our use of your Personal Data, please contact us using the details provided in “How to Get in Touch” and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
As and when you visit, browse or use ZAPPAR Services we may collect certain Information from you. Some of this Information may be Personal Data and some of the Information may be Anonymous Information. We will only use your Information in accordance with the terms of this Policy.
Some features of the ZAPPAR Services may require you either to confirm your country and age (*) and/or register before you can access those features (e.g. photo share, newsletter, zapcode ‘upload feature’). You may be asked to provide certain Information about yourself. This could be one or more of the following items of Personal Data:
Your email address,
Your post code,
Your country of residence,
Username and password.
* Age information is not stored by us.
Below is a list of some of the other Information we may collect from you, depending on how you interact with ZAPPAR:
Emails sent to ZAPPAR and messages submitted via the ZAPPAR Website
Responses to surveys and feedback requests
User Generated Content
Information given to us by other companies,
device information, and
information relating to your use of the ZAPPAR App.
If you choose to email or write to ZAPPAR about the ZAPPAR Services, or you fill in an on-line contact or support request form available on the ZAPPAR Website, we may collect Information about you from the content of your letter, email or other message e.g. your name, your email address, and what you like or dislike about ZAPPAR. If you participate in a competition or promotion, or respond to a survey or feedback request then in addition to your entry or response we may collect your name, email and/or other contact details.
Some features of the ZAPPAR Services may allow you to create, submit, post, display, transmit or share content (e.g. photos, videos, comments, messages, and other materials) on or through the ZAPPAR Services (we call this “User Generated Content”). This includes any ‘upload feature’ which is attached to a zapcode published by a third party ( i.e. a person other than ZAPPAR). You may find zapcodes printed on third party products or see them within third party services and publications. These codes enable you to unlock digital content on your mobile device by scanning (‘zapping’) the code.
When you use the ZAPPAR App we will only collect and store your User General Content, if you choose to share an animated GIF from within an experience, or you upload content to a zapcode. We do not collect or store any photos or videos that you take within an experience, even if you choose to share that content with others.
Some of your User Generated Content may contain personal details about you or other natural persons, e.g. audio, photos or videos featuring you or your friends. We therefore advise you to be selective about what personal details you include in User Generated Content, and not to include any of the following types of personal information in any submission to any publicly available area of the ZAPPAR Services: telephone numbers, physical addresses, full name or any other information of a sensitive nature. If you upload personal details about or depicting other individuals (e.g. a photo of a friend), you must obtain their consent first.
Please be aware that even if you remove personal details that you post to the ZAPPAR Services, copies may still remain in cached and archived pages of the ZAPPAR Services or on another user’s device.
IT IS ALSO IMPORTANT TO NOTE THAT YOU AND NOT ZAPPAR ARE RESPONSIBLE FOR, AND CONTROL YOUR USER GENERATED CONTENT. IF YOUR USER GENERATED CONTENT CONTAINS ANY PERSONAL INFORMATION OF OTHERS THEN UNLESS THIS IS A PURELY PERSONAL OR HOUSEHOLD ACTIVITY YOU MAY HAVE OBLIGATIONS AS A ‘DATA CONTROLLER’ UNDER APPLICABLE DATA PROTECTION LAW THAT YOU NEED TO COMPLY WITH.
When you use the ZAPPAR App, our servers will automatically collect information from your mobile device, including the following:
an Installation ID (see below);
the IP Address linked to the device (we will process this once to infer coarse user location, but the IP Address is not stored by us);
the make and model of your device (including operating system version);
the version of the ZAPPAR App being used; and
information about your use of the ZAPPAR App (we call these “zap-alytics”).
We may use this Anonymous Information to analyse and optimise your use of the ZAPPAR Services; to develop new features and functionality; or to develop new products or services which we believe may be of use to you or other users of the ZAPPAR App.
The Installation ID is a unique installation ID generated by the ZAPPAR App when it is first run. The ID is a random number, seeded from the system time and cannot be used to identify who you are. The ID is stored in the app’s storage directory on your device and is used to anonymously track your use of the ZAPPAR App in the following ways:
when you open the ZAPPAR App;
when you tap “ZAP”;
when you perform certain actions during a Zap e.g. completing a game;
how long you spend interacting with a Zap;
to confirm that you are allowed to use an age-restricted feature of the ZAPPAR App.
The Installation ID is not accessible to other apps or sites on your device and does not track you beyond the ZAPPAR app. We do not share the Installation ID within any third party.
Our systems will automatically record and store information created by your access to and use of our websites, including specific actions performed by you within these ZAPPAR Services (collectively, “Log Data”). This may include information about your device, your IP Address, browser type, the pages that you visit, time spent on pages and other statistics. We use this information to better tailor the ZAPPAR Services to our users’ needs and to provide you with targeted communications that you are happy to receive from us. We may also link this automatically collected information to Personal Data (e.g. if you submit a CONTACT US request or register for a ZapWorks trial). We may also add Log Data to our customer relationship management system.
We do not use any Log Data to track you outside of the ZAPPAR Services
ZAPPAR does not currently receive or process any GPS location data provided by you or which we receive from location service providers. We may however wish to do so in the future to tailor the ZAPPAR Services offered to users in a particular geographical location. If this becomes the case, we will only process GPS location data for which you gave us your consent, including your GPS location, which were provided by you or which we receive from GPS location service providers, but only for so long as this is necessary for delivering the ZAPPAR Services and/or to the extent required as permitted by applicable law.
Our use of your Personal Data will always have a lawful basis, either because it is necessary for our performance of a contract with you ( e.g. to carry out a user action you have requested), because you have consented to our use of your Personal Data (e.g. by subscribing to emails), or because it is in our legitimate interests. Specifically, we may use your Information for the following purposes:
to enable us to provide you with all features and functionality of the ZAPPAR Services and to enable you to consume Content;
to enable you to create and share User Generated Content;
to provide you with personalised content and promotional communications that you are happy to receive from the ZAPPAR Services;
to provide customer service in relation to your use of the ZAPPAR Services, e.g. service updates, responding to support requests;
generally to administer, support, analyse, improve and develop the ZAPPAR Services, including automatically updating the ZAPPAR App on your device and detecting, preventing, or otherwise addressing fraud, security or technical issues; and
as otherwise described in this Policy.
We do create and maintain user profiles relating to some visitors to our websites. These profiles are created when a visitor fills in a form on zappar.com or zap.works, or registers for a ZapWorks trial. No profiles are created for visitors who just browse the site(s). Our aim is to limit the Personal Data contained in these profiles to that required to achieve our legitimate interest of helping users get the best from our ZapWorks tools and better tailoring communications we send people.
We also apply some automatic decision making: we use a marketing automation tool called Intercom which decides the type of email you will receive based on who you are (e.g. a designer) and what actions you have performed within the ZAPPAR Services. This means you may receive a different email from someone else. In our view, this is the only consequence of the automation tool we use.
We may use your Information to send you notifications and information about the ZAPPAR Services and other ZAPPAR products and services we think may be of interest to you. If you have consented to receive marketing, you may opt out at a later date. If at any time you no longer wish to be contacted for this purpose, please let us know and we will remove you from our mailing list. Please note that You may not opt out of service related emails as these are necessary for the security and performance of the zappar services.
We use Amazon Web Services (“AWS”) to store and process data on our behalf in connection with the ZAPPAR Services.
We primarily use AWS servers located in Ireland to store and process your Information; however Amazon AWS also use various servers located around the world to cache data locally and speed up access to Content.
We may appoint other third parties to carry out certain data processing on our behalf. For example, we may appoint a third party as a payment provider, to host the ZAPPAR Services, to administer electronic mailings on our behalf, or to provide analytics services. We will continue to be the data controller in respect of any Information transferred to or shared with such third parties and shall remain responsible for the processing undertaken by them.
The following is a list of the main third parties who currently process data on our behalf in relation to the ZAPPAR Services:
|Name||Processing purpose(s)||Data Storage location|
|Amazon Web Services (AWS)||Content hosting and serving||Primary storage location is Ireland, but content may be cached locally to improve content delivery performance.|
|Fresh Desk||User support requests||USA|
|Business email and analytics services||Worldwide|
|HubSpot||Customer relationship management tools||USA|
If we transfer any of your Personal Data outside the European Economic Area (EEA) (e.g. to a third party data processor located outside the EEA) we shall take all steps reasonably necessary to ensure that your Personal Data is adequately protected by only using processors who comply with EU data protection laws. If you use the ZAPPAR Services while you are outside the EEA, your Personal Data may be transferred to countries outside the EEA (including the United States) to enable us to provide you with those services. As the Zappar App is available for use internationally it is possible that any Personal Data contained in your User Generated Content (e.g. your picture) that you publish on our platform (e.g. by connecting content to a zapcode, or sharing an animated GIF) may be automatically transferred by our servers to a device, server or other computer equipment being used in a country outside the EEA where they have a different level of data protection.
By using the ZAPPAR Services you specifically give your consent to the international transfers referred to in this section.
We may disclose Your INFORMATION to or share it with the following:
other users where you allow Information to be made public;
social media services you choose to share Information with;
any third party to whom disclosure is necessary to enable us to provide you with the ZAPPAR Services including our server provider(s);
other companies that we have hired to provide services on our behalf e.g. providers of analytics services and customer relationship management tools;
any third party to whom disclosure is necessary to protect the rights, property or safety of the ZAPPAR Services, its users and the public. This includes exchanging Information with other companies and organisations for fraud protection and spam prevention;
users of ZapWorks i.e. creators and publishers of zapcodes and Zaps who will get to see information about your device and your use of the Zappar App, but only in de-identified and aggregated form;
the publisher of a zapcode where you have chosen to upload content to their zapcode;
our business partners, which may include advertising, brand and retail partners for the purposes of providing certain services available within the ZAPPAR services that are offered in conjunction with those partners. This Information would, for example, allow third-party ad networks to, among other things, deliver targeted advertisements that they believe will be of interest to you;
to inform business partners about use of the ZAPPAR Services and products and services made available through the ZAPPAR Services, in the form of aggregated statistics or otherwise in a format that does not identify you personally;
any prospective purchaser of Zappar Limited, its parent company, or the ZAPPAR Services or any part thereof (see below);
other outside parties (e.g. judicial or regulatory authorities) to comply with the law and legal obligations.
By submitting your Information, you consent to the use of that Information as set out in this Policy. You may withdraw your consent for ZAPPAR to process your Personal Data for direct marketing purposes at any time by notifying us in writing (an email will suffice).
You are always free to opt-out from the future collection of your Personal Data by ZAPPAR in accordance with this Policy by uninstalling the ZAPPAR App from each of your devices and discontinuing use of the ZAPPAR Services.
ZAPPAR may from time to time expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of ZAPPAR or the ZAPPAR Services. Information provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part as one of the transferred assets. The new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Information for the purposes for which it was originally supplied to ZAPPAR.
We also reserve the right to disclose de-identified user data to the prospective buyer of such business or assets.
The ZAPPAR Services may contain links to websites, microsites and other on-line services that are operated by third parties (i.e. businesses other than ZAPPAR) (collectively, “Third Party Services”). ZAPPAR does not control these Third Party Services and is in no way responsible for their content, or information collection practices. This Policy does not apply to your use of any Third Party Services.
Data security is of great importance to ZAPPAR. We have put in place commercially reasonable physical, electronic and managerial security measures to protect your Personal Data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
Specifically, we use the following measures:
The Information you send ZAPPAR is protected by SSL/TLS end-to-end encryption when transmitted from your servers to our servers.
Information stored on our servers is protected by encryption, key authentication and by firewalls. Your Information will only be accessed by authorised employees. These employees are obliged to preserve the confidentiality of all information that comes to their attention unless disclosure is compulsory by law or necessary for the fulfilment of their duties.
Even though ZAPPAR has taken the above security measures given the nature of on-line communications we cannot 100% ensure the security of your Information or guarantee that your Personal Data will not be accessed, disclosed, altered or destroyed by an unauthorised person who is determined to circumvent our security measures.
We will retain your Personal Data for the duration of your use of the ZAPPAR Services and for a reasonable period thereafter for backup, archival and/or audit purposes or for as long as the law otherwise requires or permits. Where you have chosen to upload User Generated Content to a zapcode of a third party we will need to continue to store your content on our servers for so long as the third party wishes to have access to your content in accordance with any legal contract you or ZAPPAR may have entered into with that party.
User profiles created by our marketing automation tool (Intercom) are automatically deleted, if a user is inactive for 90 days.
You have the right to ask for a copy of any of your Personal Data held by us (where such data is actually held by us and we can identify who you are). We will normally provide copies in response to your request free of charge. We do, however, reserve the right to charge a reasonable fee for requests which are manifestly unfounded or excessive, particularly if it is repetitive and for further copies of the same information.
We will ask you to provide reasonable proof of your identity before we disclose any Information to you.
This section of the Policy applies if any ZAPPAR Services are accessed from within the USA or any other country which requires parental consent to be obtained before any collection of personal information from a child under the age of 13.
ZAPPAR does not knowingly collect or solicit personal information from children under the age of 13. The ZAPPAR Services and their Content are not intentionally directed at children under the age of 13 and we do not target children under 13 as our primary audience. In the event we learn that we have inadvertently collected personal information from a child under the age of 13, and that child lives in a country which does not permit such collection without prior parental consent, we will delete that information as quickly as possible.
If a parent or legal guardian becomes aware that their child under the age of 13 has provided us with personal information without prior parental consent, please contact us at the address below and we will delete such information from our files.
So we can comply with international privacy laws, we may use age screens for certain features of the ZAPPAR App. We do not store any individual’s date of birth.
Parents and guardians should also be aware that the ZAPPAR Services are a general audience service and provide a wide variety of content and experiences some of which may be of a nature unsuitable for young children. Our ZAPWORKS service allows users to publish their content by linking it to a zapcode and printing that code on physical materials (e.g. posters, business cards, flyers). ZAPPAR has no control over this and ZAPWORKS is an open system which means that content published via ZAPWORKS can potentially be accessed and viewed by anyone who uses the ZAPPAR App to scan a zapcode. If you have any concerns, you may wish to monitor your child’s use of the Zappar App and ZAPPAR recommends that you do not allow your child to use the ZAPPAR App with certain materials displaying zapcodes.
Use of Intercom Services: We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as your email address and sign-up date) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website(s) or use our product(s). Intercom analyzes your use of our website(s) and/or product(s) and tracks our relationship so that we can improve our service to you. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s).
Our use of Intercom causes a unique cookie ID called intercom-* to be associated with each person who accesses our website(s), which cookie ID enables Intercom to provide us with the analytics services. The duration of this cookie id is determined by Intercom.
If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.
The ZAPPAR Services, our collection and use of Personal Data and the laws and regulations which apply will change over time. We reserve the right to make changes to this Policy. If we do, the changes to the Policy will be posted to the ZAPPAR Website or made available within the ZAPPAR App – we will change the “Last Updated” date show below. You are deemed to have accepted the wording of the amended Policy on your first use of any ZAPPAR Services following the changes. We encourage you to visit this page from time to time for the latest on our information collection practices.
The Barley Mow Centre
10 Barley Mow Passage
London W4 4PH
Irrespective of which country you live in or submit Information from the law which applies to this Policy shall be the law of England and Wales.
Last updated: 21 May 2018