Security and Privacy

GDPR Data Privacy Notice

1. Introduction

1.1  Zilco Europe Ltd ("We") are committed to protecting and respecting your privacy.

1.2   This policy sets out the basis by which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1.3   The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).


2. Purpose

2.1  Primary Purpose. We collect your personal data to lawfully carry out our functions and activities and provide you our Service (Primary Purpose)

2.2  Related Purpose. In addition to the Primary Purpose, we may use the personal data we collect and you consent to us using your personal data to (Related purposes) :

2.2.1  provide you with information about the Services you requested and any other services and events you may be interested in;
2.2.2  personalise and customise your experiences with us;
2.2.3  help us review, manage and enhance our Services and develop insights used in reports or other content developed by us;
2.2.4  communicate with you, including by email, mobile and in-application notifications;
2.2.5  communicate with you in the event of a product recall;
2.2.6  conduct surveys or promotions;
2.2.7  to process payments and administer your account, including to send you account related reminders;
2.2.8  to enable third party providers to fulfil their role;
2.2.9  investigate any complaints about or made by you, or if we have reason to suspect you have breached any relevant terms; or
2.2.10  as required or permitted by any law.

2.3  Further Use If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.


3. What We Collect

3.1  Stockists (Wholesale Trade Account Holders): Personal data we collect about you may include identification information such as your title, full name, address, password, email address, phone number, VAT number (if applicable), payment information, interests and usage data from our Services.

3.1  End Users/Consumers: Personal data we collect about you may include identification information such as your full name, address, email address, phone number, interests, marketing preferences and usage data from our Services.

3.2  We will only collect, hold, use or disclose your sensitive information with your consent.


4. How We Collect

4.1  Stockists (Wholesale Trade Account Holders): Your personal data may be collected:

4.1.1  when you complete an application to hold a wholesale trading account;
4.1.2  when you contact us to make a query or request;
4.1.3  when you submit your email address to our mailing list, interact with us on social media platforms, or otherwise interact with the Platform;
4.1.4  from those who request our Services on your behalf;
4.1.5  from publicly available information;
4.1.6  from government regulators, law enforcement agencies and other government entities;
4.1.7  from business contacts, external service providers and suppliers; or
4.1.8  by other means reasonably necessary.

4.2  End Users/Consumers: Your personal data may be collected:

4.2.1  when you contact us to make a query or request;
4.2.2  when you submit your email address to our mailing list or otherwise interact with the Platform;
4.2.3  when you participate in one of our services, competitions or surveys;
4.2.4  when you make a request for sponsorship;
4.2.5  when you interact with us on social media platforms;
4.2.6  by other means reasonably necessary.

4.3  Third party collection. If we collect any personal information about you from someone other than you, to the extent not already set out in this Data Privacy Notice, we will inform you of the fact that we will collect, or have collected, such information and the circumstances of that collection before, at or as soon as reasonably practicable after we collect such personal data. We do not purchase mailing lists from any third party.

4.4  Authority. If you provide us with the personal data of another individual, without limiting any other provision of this Data Privacy Notice, you acknowledge and agree that the other individual:

4.4.1  has authorised you to provide their personal data to us; and
4.4.2  consents to us using their personal data in order for us to provide our Services.

4.5  Unsolicited information. If we receive unsolicited personal data about you that we could not have collected in accordance with this Data Privacy Notice and the General Data Protection Regulation, we will, within a reasonable period, destroy or de-identify such information received.

4.6  Anonymity. If you would like to access any of our Services on an anonymous basis we will take reasonable steps to comply with your request, however:

4.6.1  you may be precluded from taking advantage of some of our Services; and
4.6.2  we will require you to identify yourself if we are required by law to deal with individuals who have identified themselves; or it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym.

4.7  Destruction. Subject to a legal requirement to the contrary, we will destroy or de-identify your personal data if:

4.7.1  the purpose for which we collected the personal data from you no longer exists or applies, which includes if your account remains inactive for a sufficient period of time for us to determine it is no longer in use;
4.7.2  you delete your account; or
4.7.3  you request us to destroy your personal data.


5. Use

5.1  Primary use. We will only use and disclose your personal data:

5.1.1  for purposes which are related to the Primary Purpose; or
5.1.2  if we otherwise get your consent to do so, in accordance with this Data Privacy Notice and the General Data Protection Regulation.

5.2  We will not use your personal data for any purpose for which you would not reasonably expect us to use your personal data.

5.3  We will not sell, trade, rent or licence your personal data to third parties.

5.4  Direct marketing. We will offer you a choice as to whether you want to receive direct marketing communications about services. If you choose not to receive these communications, we will not use your personal data for this purpose.

5.5  We will otherwise only use or disclose your personal data for the purposes of direct marketing if:

5.5.1  we collected the information from you;
5.5.2  it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes;
5.5.3  we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and
5.5.4  you have not elected to ‘opt-out’ from receiving such direct marketing communications from us.

5.6  You may opt out of receiving such communications by:

5.6.1  checking the relevant box on the form used to collect your personal data;
5.6.2  clicking a link on the email communication sent to you; or
5.6.3  contacting us using our contact details below.


6. Disclosure

6.1  How we disclose. We may disclose personal data and you consent to us disclosing such personal data to:

6.1.1  third parties engaged by us to perform functions or provide Services on our behalf including delivery companies, mailing houses and IP service providers;
6.1.2  our professional advisors, including our accountants, auditors and lawyers;
6.1.3  financial institutions for Related purposes;
6.1.4  persons authorised by you to receive information held by us, including to those individuals that you authorise us to provide information to via the Platform;
6.1.5  a government authority, law enforcement agency, pursuant to a court order or as otherwise required by law; or
6.1.6  a party to a transaction involving the sale of our business or its assets.

6.2  Overseas disclosure. Personal data is shared with our head office in Sydney, Australia to allow the process of services. The Privacy Policy for Zilco International Pty Ltd can be viewed at https://www.zilco.com.au/

For direct mailing we use a marketing automation platform and email marketing service with a corporate account aimed at targeting different countries in different currencies.

6.3  Our third party payment gateway provider may disclose your personal data overseas. Please refer to the privacy policies of the third party payment gateway provider for information regarding how they will use, disclose and manage your personal information.

6.4  If we send your personal information to overseas recipients, we will take reasonable measures to protect your personal information such as ensuring all information is de-identified where appropriate before being transmitted. However, you acknowledge and agree that if we disclose your personal data to overseas recipients, we are not obliged to take reasonable steps to ensure overseas recipients of your personal data comply with the General Data Protection Regulation.




7. Access and Correction

7.1  Access. If you require access to your personal data, please contact us using our contact details below. You are required to put your request in writing and provide proof of identity.

7.2  We are not obliged to allow access to your personal data if:

7.2.1  it would pose a serious threat to the life, health or safety of any individual or to the public;
7.2.2  it would have an unreasonable impact on the privacy of other individuals;
7.2.3  the request for access is frivolous or vexatious;
7.2.4  it relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings;
7.2.5  it would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
7.2.6  it would be unlawful;
7.2.7  denying access is required or authorised by or under a British or European law or a court/tribunal order;
7.2.8  we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
7.2.9  it would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
7.2.10  it would reveal commercially sensitive information.

7.3  If you make a request for access to personal data, we will:

7.3.1  respond to your request within 14 days or otherwise within a reasonable period; and
7.3.2  if reasonable and practicable, give access to the personal data as requested.

7.4  If we refuse to give access to the personal data, we will give you a written notice that sets out at a minimum:

7.4.1  our reasons for the refusal (to the extent it is reasonable to do so); and
7.4.2  the mechanisms available to complain about the refusal.

7.5  Correction. We request that you keep your personal data as current as possible. If you feel that information about you is not accurate or your details have or are about to change, you can:

7.5.1  contact us using our contact details below and we will correct or update your personal data; or

7.6  If you otherwise make a request for us to correct your personal data, we will:

7.6.1  respond to your request within 14 days or otherwise within a reasonable period; and
7.6.2  if reasonable and practicable, correct the information as requested.

7.7  If we refuse a request to correct personal data, we will:

7.7.1  give you a written notice setting out the reasons for the refusal and how you may make a complaint; and
7.7.2  take reasonable steps to include a note with your personal data of the fact that we refused to correct it.


8. Security and Protection

8.1  In relation to all personal data, we will take all reasonable steps to:

8.1.1  ensure that the personal data we collect is accurate, up to date and complete;
8.1.2  ensure that the personal data we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and
8.1.3  protect personal data from misuse, loss or unauthorised access and disclosure.

8.2  We require staff and service providers to respect the confidentiality of personal data. We store your personal data on a secure server behind a firewall and use procedures including IP Blocking, whitelisting, and other security software and encrypted databases accessible only by authorised personnel to protect your personal data from unauthorized access, destruction, use, modification or disclosure. We will require any third party payment gateway provider to process any payment transactions through a PCI compliant payment gateway.

8.3  Please contact us immediately if you become aware of or suspect any misuse or loss of your personal data.


9. Complaints

9.1  If you have a complaint about how we collect, use, disclose, manage or protect your personal data, or consider that we have breached the General Data Protection Regulation, please contact us using our contact details below. We will respond to your complaint within 14 days of receiving the complaint.

9.2  Once the complaint has been received, we may resolve the matter in a number of ways:

9.2.1  Request for further information: We may request further information from you. Please provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution.
9.2.2  Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with our Data Protection Officer.
9.2.3  Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
9.2.4  Conduct of our employees: If your complaint involves the conduct of our employees we will raise the matter with the employees concerned and seek their comment and input in the resolution of the complaint.

9.3  After investigating the complaint, we will give you a written notice about our decision.

9.4  In the event that you are dissatisfied with our responese to your complaint, you are free to lodge a complaint directly with the Information Commissioners Office online, by mail, or email. For more information please visit the ICO website at https://ico.org.uk/


10. Contact

10.1  To exercise all rights, queries or complaints, in the first instance contact:
Data Protection Officer
Zilco Europe Ltd
Unit 6/7 The Dairy
Bloxham Grove Farm
Banbury, Oxon OX15 4LL
ENGLAND
Fax: +44 1844 338 623
Email: sales@zilcoeurope.com


11. Interpretations and Definitions

11.1  Personal pronouns: Except where the context otherwise provides or requires:

11.1.1  the terms we, us or our refers to Zilco Europe Ltd; and
11.1.2  the terms you or your refers to a user of the Platform and/or a customer to whom we provide the Services.

11.2  Defined terms: In this Privacy Policy unless otherwise provided, the following terms shall have their meaning as specified:
Data Controller A controller determines the purposes and means of processing personal data.
Data Processor A processor is responsible for processing personal data on behalf of a controller.
Data Subject Natural Person.
Personal Data The GDPR applies to personal data meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special Categories Personal Data The GDPR refers to sensitive personal data as special categories of personal data (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.