Privacy Policy


At ZAPPAR we understand that privacy is important and are committed to ensuring that personally identifiable information is processed in accordance with applicable data protection and privacy laws, including the European General Data Protection Regulation (“GDPR”). We have put together this privacy policy which you are currently reading (“Policy”) to help you understand what information we collect from users of ZAPWORKS and how we use and share this information. This Policy is part of and subject to our Terms of Use for ZAPWORKS. Please read it carefully. By using ZAPWORKS you are agreeing to be bound by this Policy in respect of the information collected about you via the services and you consent to the use and disclosure of that information as described in the Policy.


The Policy applies as between ZAPPAR and ZAPWORKS users. The Policy deals with our use of information collected by us in relation to your use of ZAPWORKS.

Please be aware that this Policy only applies to your use of ZAPWORKS. If you use our ZAPPAR Application or any other application or product provided by ZAPPAR or a ZAPPAR licensee, or if you are simply browsing our website (, a different privacy policy may accompany that product/service. If it does, you should refer to that specific policy, because the wording of that policy may differ from the one set out below. Equally, this Policy does not extend to any websites or services of third parties which can be accessed from ZAPWORKS including, but not limited to, any links we may provide to social media sites.

IMPORTANT NOTICE REGARDING CHILDREN UNDER 13: this Policy generally applies to all users of ZAPWORKS. If, however, a user identifies themselves as under the age of 13 (a “Child”), we will collect, use and share the Child’s information as described in section 15 below entitled “Children’s Privacy”.

  1. What means what?

    In this Policy certain words with a Capital letter have a particular meaning. These are listed below:

    “Anonymous Information” means information that does not identify and cannot reasonably be used to identify a specific individual. When Anonymous Information is associated with Personal Data, this Anonymous Information is treated by ZAPPAR as Personal Data.
    “Information” means any or all information that you or your device send, submit or transmit to ZAPPAR via the Services, including information automatically collected by us.
    “IP Address” means an Internet Protocol address, a number that is automatically assigned to your device when you use the internet and which may vary from session to session.
    “Personal Data” means any information which could be used to identify who you are, e.g. your name, email, home address, IP Address and may include other information such as identification numbers and location data.
    “Services” means our ZAPWORKS service and technology that you are currently using together with its related databases, features, functionality, plug-ins, software, tools, zapcodes, documentation and web pages including any modifications or updates thereto.
    “you” means you, the individual visiting the ZAPWORKS website, using the Services, or registering as a user of the Services.
    “Your Content” means any and all data or content controlled by you that you create, enter, upload, import, post, transmit or otherwise make available via the Services, including animation, documents, images, links, sound files, videos and text.
    “ZAPPAR” or “we” means Zappar Limited a limited liability company incorporated and registered in Scotland with company number SC394617.
    “ZapWorks Account” means the user account or login credentials registered with ZAPPAR by which you access the Services.
    “ZAPPAR App” means either (1) our augmented reality interactive entertainment application for smartphones and tablets entitled ZAPPAR; or (2) our App Embed Component where it is included within a third party application that is being used to consume content published on our platform.
    “Zap” means an augmented, virtual or mixed reality content experience.
  2. identity of the data controller

    The data controller is Zappar Limited, a limited liability company incorporated and registered in Scotland (company number SC394617). Our contact details are shown below in Section 17: CONTACTING US.

    For the purposes of UK and EU data protection law ZAPPAR will be acting as a “data controller” only where we determine the purposes for which and the manner in which Information is used. For certain pieces of Information (e.g. Your Content) it is you and not Zappar who will determine the purposes for which and the manner in which the Information is used. In this instance, you will be acting as the “data controller” and we will be acting as the “data processor”.


    As a data subject, you have the following rights under UK and EU data protection legislation (including GDPR), which this Policy and our use of Personal Data have been designed to uphold:

    • The right to be informed about our collection and use of Personal Data;

    • The right of access to the Personal Data we hold about you (see Section 12: How can you access your Personal Data;

    • The right to rectification if any Personal Data we hold about you is inaccurate or incomplete (please contact us using the details in Section 17: CONTACTING US;

    • The right to be forgotten – i.e. the right to ask us to delete any Personal Data we hold about you;

    • The right to restrict (i.e. prevent) the processing of your Personal Data;

    • The right to data portability (obtaining a copy of your Personal Data to re-use with another service or organisation);

    • The right to object to us using your Personal Data for particular purposes; and

    • Rights with respect to automated decision making and profiling.

    When making a request, please be aware that we may be unable to delete Information that resides in our archives, and the requested removal of certain Information may mean we are no longer able to provide you with all or certain parts of the ZAPPAR Services.

    If you have any cause for complaint about our use of your Personal Data, please contact us using the details provided in Section 17: CONTACTING US and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.

  4. Information that we collect from you

    As and when you visit, browse or use the Services we may collect certain Information from you. Some of this Information may be Personal Data and some of the Information may be Anonymous Information. We will only use your Information in accordance with the terms of this Policy.

    1. Your ZapWorks Account & transactional data

      By creating a ZapWorks Account or using the Services you will allow others, including ZAPPAR, to identify you. To open a ZapWorks Account or use the Services you may need to provide us with some or all of the following items of Personal Data:

      1. Your first name and last name

      2. Your billing address

      3. An email address

      4. A password

      5. Your date of birth

      Your date of birth is not stored by ZAPPAR. We only use it once to confirm your age.

      Alternatively, you can sign up for or log into the Services by using your Google or Facebook account. If you use GOOGLE we will receive your email address. If you use FACEBOOK we will receive a random token that replicates a “logged-in” session and gives us temporary secure access to your details. FACEBOOK can revoke the token at anytime.

      Corporate/ business users can also create an organisation contact within our systems. This organisation contact enables corporate/ business users to delegate access to their ZapWorks Account to certain named users within their organisation. ZAPPAR will collect and store any information which you enter into your organisation contact e.g. names of authorised users.

      We will also collect and store transactional data relating to your ZapWorks Account e.g. login credentials, login attempts, payment status, transaction history, and activity logs containing information relating to your use of the Services. We do not store:

      • User passwords (we store only PBKDF2 hashes of passwords for comparison during login attempts);

      • Payment card numbers (these are stored by our merchant services provider, Braintree).

      If you choose to email or write to us about your ZapWorks Account or the Services, or submit a contact or support request via the ZAPWORKS website, we may also collect Information about you from the content of your letter, email or submission e.g. your name, email address, postal address and your likes/ dislikes.

    2. General use

      We may also collect the following categories of Information from you whether or not you register to open a ZapWorks Account (e.g. if you are simply browsing our ZAPWORKS website).

    3. Your Content

      Once your access to the Services has been activated, you will be able to enter or upload content to your ZapWorks Account (e.g. music files, photos, videos and other digital content) and to publish and make content available to the public by connecting it to your zapcodes.

      Once entered or uploaded, Your Content will be stored on our secure servers for the purposes of making Your Content available as and when you choose to publish it. Some of Your Content may contain your personally identifiable information. By entering or uploading Your Content you grant us permission in respect of the collection and processing of the personally identifiable information contained in that content.

      Before entering, uploading or publishing any content via the Services please BE AWARE of the following important matters:

      1. The nature of the Services means that Your Content will potentially be visible to and capable of use by ALL users of the ZAPPAR App who scan (’zap’) your zapcode regardless of whether or not they are known to you or have been specifically selected by you to receive that content.

      2. It is not possible to make Your Content private i.e. only accessible by certain selected people; although you can choose whom you share your zapcodes with. Please be careful when publishing content that contains or depicts personal details about yourself or others , e.g. audio, photos or videos featuring you or your friends’ image or voice.

      3. We strongly advise you to be selective about what personal details you provide in Your Content and not to include any of the following types of information in any submission to the Services: telephone numbers, addresses, full name, location information or any information of a sensitive nature. Please also make sure that your submission complies with our code of conduct (see Clause 11 of the Terms of Use for the Services).

      4. If you enter or upload information about or depicting someone other than yourself (e.g. a photo of a friend or a work colleague) you must get their permission first.

      5. Even if you subsequently remove content that you published via the Services, copies may still remain cached or saved on someone’s device and therefore capable of continued viewing.


    4. Forums and competitions

      If you participate in any of our forums, we will collect your user name and store and publish any messages you submit.

      If you participate in one of our competitions, then in addition to your entry we may collect your name, email address and other contact details.

    5. Information collected from third parties

      We may from time to time employ the services of other companies to handle certain tasks relating to the Services. This may include payment processing, search engine facilities, storage and serving of content, advertising and marketing, and analytics. These providers may send us certain Personal Data relating to you. We may also collect information about you from publicly available sources, such as via the internet and social networks, including through public or licensed APIs. If we do collect such information from Third Parties, we will only use that information in accordance with this Policy.

      Equally, these companies may collect Personal Data directly from you. If they do, that company and not ZAPPAR will be the data controller in respect of any information you provide to them (e.g. your credit card details) and you should check their privacy policy to find out how they will use your information.

    6. Payment processing

      ZAPPAR uses a payment solution supplied by a third party to enable us to accept payments on the ZAPWORKS website. This third party payment solution is integrated with our own systems and works as follows: upon your request to checkout and pay, our website will display a form to you that collects the required payment data. The text boxes for entering your details into the form are served from the third party’s website and when you submit the form the payment data and other details are sent directly to the third party. This method prevents your sensitive data from ever residing on our servers and enables ZAPPAR to achieve PCI compliance (SAQ A-EP profile).

    7. Information about your device and your use of the ZAPPAR App

      The Services are designed for use with the ZAPPAR App. When you use the ZAPPAR App (e.g. to scan (‘zap’) a zapcode), our servers will automatically collect information from your device, including the following:

      1. an Installation ID (see below);

      2. the IP Address linked to the device (we process this once to infer coarse user location, but the IP Address is not stored by us);

      3. the time;

      4. the make and model of your device (including operating system version);

      5. the version of the ZAPPAR App being used; and

      6. information about your use of the ZAPPAR App (we call these ‘zap-alytics’).

      We may use this Anonymous Information to analyse and optimise your use of the Services or to develop new features and functionality which we believe may be of use to you or other users of the ZAPPAR App.

    8. Installation ID:

      The Installation ID is a unique installation ID generated by the ZAPPAR App when it is first run. The ID is a random number, seeded from the system time and cannot be used to identify who you are. The ID is stored in the app’s storage directory on your device and is used to anonymously track your use of the ZAPPAR App in the following ways:

      1. when you open the ZAPPAR App;

      2. when you tap “Zap”;

      3. when you perform certain actions during a Zap e.g. completing a game;

      4. how long you spend interacting with a Zap;

      5. to confirm that you are allowed to use an age-restricted feature of the ZAPPAR App.

      The ID is not accessible to other apps or sites on your device and does not track you beyond the ZAPPAR app. We do not share the ID within any third party.

    9. Log Data

      Our system will automatically record and store information created by your access to and use of the Services, including specific actions performed by you within the Services (collectively, “Log Data”). This may include information about your device, your IP Address, browser type, the pages that you visit, time spent on pages and other statistics. We use this information to better tailor the Services to our users’ needs and to provide you with targeted communications that you are happy to receive from us. We may also link this automatically collected information to Personal Data ( e.g. if you submit a “get in touch” request to us or register for a ZapWorks trial). We may also add Log Data to our customer relationship management system.

      We do not use any Log Data to track you outside of our services.


    1. Our use of your Personal Data will always have a lawful basis, either because it is necessary for our performance of a contract with you (e.g. to carry out a user action you have requested, or provide you with the Services), because you have consented to our use of your Personal Data (e.g. by subscribing to emails), or because it is in our legitimate interests. Specifically, we may use your Information for the following purposes:

      1. to enable us to provide you with all features and functionality of the Services, including your zapcode(s);

      2. to enable you to upload, enter, change, edit, publish, share and communicate Your Content;

      3. to provide you with promotional emails, newsletters and other messages that relate to the Services, including communication through third parties;

      4. distribution of advertising and promotional materials of ZAPPAR and/or third parties among users as a targeted audience, including distribution on third party websites and platforms;

      5. targeting of advertising and/or promotional materials, including targeting on third party websites and platforms;

      6. to provide you with personalised content and communications that you are happy to receive from ZAPPAR in relation to the Services;

      7. to provide customer service in relation to your use of the Services e.g. service updates, responding to service requests;

      8. generally to administer, support, analyse, improve, promote and develop the Services, including automatically updating our software installed on your device; and

      9. as otherwise described in this Policy.

    2. Profiling and automated decision making

      We do create and maintain user profiles relating to some visitors to our websites. These profiles are created when a visitor fills in a form on or, or registers for a ZapWorks trial. No profiles are created for visitors who just browse the site(s). Our aim is to limit the Personal Data contained in these profiles to that required to achieve our legitimate interest of helping users get the best from our ZapWorks tools and better tailoring communications we send people.

      We also apply some automatic decision making: we use a marketing automation tool called Intercom which decides the type of email you will receive based on who you are (e.g. a designer) and what actions you have performed within the Services. This means you may receive a different email from someone else. In our view, this is the only consequence of the automation tool we use.

    3. Marketing communications

      We would like to send you information about products and services of ours (including ZAPWORKS) that may be of interest to you. This may include marketing communications on social media platforms (including Facebook) used by you. If at any time you decide that you no longer wish to be contacted for this purpose, you can opt out by either changing the mailing settings within your ZapWorks Account or letting us know and we will remove you from our mailing list. Please note that it is not possible to opt out of service related emails as these are necessary for the security and performance of the services.

    4. Testimonials

      We may from time to time contact selected customers to ask them if they would be willing to provide a testimonial in relation to the Services. We will agree the wording of any testimonial with you. Once agreed, the testimonial will be displayed on the ZAPWORKS website or sometimes via press releases depending on what is agreed at the time.


    1. We use Amazon Web Services (“AWS”) to store and process data on our behalf in connection with the Services.

    2. We primarily use AWS servers located in Ireland to store and process your Information; however Amazon AWS also use various servers located around the world to cache data locally and speed up access to Content.

    3. As part of the services offered to you through ZAPWORKS, your Information may be transferred to countries outside of the European Economic Area (EEA) including the USA. By way of example, this may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. Equally, we may appoint third parties to carry out certain data processing on our behalf, e.g. we may appoint a third party as a payment provider, to host the Services, to administer electronic mailings on our behalf, or to provide analytics services. The following is a list of key third parties who currently process data on our behalf:

      Name Processing purpose(s) Data Storage location
      Amazon Web Services (AWS) Content hosting and serving Primary storage location is Ireland, but content may be cached locally to improve content delivery performance.
      Braintree Payments for ZapWorks May store data in the USA and other countries worldwide
      Fresh Desk User support requests USA
      Google Business email and analytics services Worldwide
      HubSpot Customer relationship management tools USA
      Intercom Analytics Services USA
      Functional Software, Inc. dba Sentry Error tracking, crash reporting USA and any other country in which their subprocessors maintain facilities

      We will continue to be the data controller in respect of Information transferred to or shared with such third parties and shall remain responsible for the processing undertaken by them. We may also share Information between our group companies, which are located in countries worldwide. Countries outside of the EEA may not have similar data protection laws to the UK. If we transfer your Personal Data outside of the EEA in the manner referred to in this section, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.

    4. If you use the Services while you are outside the EEA, your Information may be transferred outside the EEA in order to provide you with those services. As the Zappar App is available for use internationally it is possible that any personally identifiable information contained in Your Content (e.g. your picture) may when a zapcode is zapped be automatically transferred by our servers to a device being used in a country outside the EEA where they have a different level of data protection.

      By using the Services you specifically give your consent to the international transfers described in this Section 6.

  7. When might ZAPPAR share your Information with others?

    1. Other than as expressly set out in this Policy, or as otherwise required or permitted by law or regulatory requirement, ZAPPAR will not share, sell or transfer your Information without your prior consent.

    2. We may disclose your Information to or share it with THE FOLLOWING:

      1. users of the ZAPPAR App where you allow Your Content to be made public via a zapcode;

      2. social media services or forum users you choose to share Information with;

      3. any third party to whom disclosure is necessary to enable us to provide you with the Services including, but not limited to, our payment services provider and our server provider(s);

      4. other users of the Services i.e. creators and publishers of zapcodes and Zaps who will get to see information about your device and your use of the Zappar App, but only in de-identified and aggregated form;

      5. our business partners, which may include advertising, brand and retail partners for the purposes of providing certain services that are offered in conjunction with those partners;

      6. other companies that we have hired to provide services on our behalf, e.g. providers of analytics and customer relationship management tools;

      7. unless you have told us you do not wish to receive marketing communications, to third parties engaged by us to provide you with marketing communications about our products and services. This may also include social media platforms (including Facebook);

      8. to inform business partners about use of the Services and products and services made available through the Services, in the form of aggregated statistics or otherwise in a format that does not identify you personally;

      9. any third party to whom disclosure is necessary to protect the rights, property or safety of the Services, its users and the public. This may include exchanging Information with other companies and organisations for fraud protection and spam prevention;

      10. any person to whom disclosure is necessary to enable us to enforce our rights under this Policy or under our Terms of Use for the Services;

      11. any prospective purchaser of ZAPPAR, its parent company, or the Services or any part thereof (see Section 8);

      12. any company within the Zappar group of companies for use by them in accordance with this Privacy Policy; and

      13. outside parties (e.g. judicial or regulatory authorities) to comply with the law and our legal obligations.


    1. ZAPPAR may from time to time expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of ZAPPAR or the Services. Information provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part as one of the transferred assets. The new owner or newly controlling party will, under the terms of this Policy, be permitted to use your Information for the purposes for which it was originally supplied to us.

    2. We also reserve the right to disclose de-identified user data to the prospective buyer of such business or assets.

  9. LINKS TO NON-ZAPPAR services

    1. The Services may contain links to resources, websites, microsites and other on-line services that are operated by third parties (i.e. businesses other than ZAPPAR) (collectively, "Third Party Services"). We do not control these Third Party Services and are in no way responsible for their content, or information collection practices. This Policy DOES NOT extend to your use of any Third Party Services.

    2. You are advised to read the terms and conditions and privacy policy of the Third Party Service you wish to access, prior to using them, to check how they will collect, use and share your Personal Data and to learn whether and for what purpose they use cookies and similar technologies.

  10. how do we keep your personal data secure?

    1. Data security is of great importance to ZAPPAR. We have put in place commercially reasonable physical, electronic and managerial security measures to protect your Personal Data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.

    2. Specifically, we use the following measures:

      1. The Information you send us is protected by SSL/TLS end-to-end encryption when transmitted from your servers to our servers.

      2. Information stored on our servers is protected by access controls, key authentication and by firewalls. We use encryption as an additional security measure, where we feel it is appropriate to do so. Currently, content uploaded to the Services for editing and publishing is not encrypted at rest.

      3. Your Information will only be accessed by authorised employees. These employees are obliged to preserve the confidentiality of all information that comes to their attention, unless disclosure is compulsory by law or necessary for the fulfilment of their duties.

      4. Your ZapWorks Account is protected by access authentication and we use cookies to verify that the person accessing an account is authorised to do so: see our Cookie Notice for details: Passwords are stored using industry-standard bcrypt hashing techniques.

    3. Despite these measures, you should be aware that we cannot fully eliminate security risks associated with sharing Personal Data on-line. No method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

  11. how long do we keep your personal data for?

    We will retain your Personal Data for the duration of your use of the Services and for a reasonable period thereafter for backup, archival and/or audit purposes or for as long as the law otherwise requires or permits. Specifically, we are required by EU law to retain your IP Address and billing address for 10 years to confirm compliance with VAT rules. If we archive Your Content following the deactivation of your ZapWorks Account, we reserve the general right to delete that content at any time thereafter.

    User profiles created by our marketing automation tool (Intercom) are automatically deleted, if a user is inactive for 90 days.

  12. how can you access your personal data?

    1. You have the right to ask for a copy of any of your Personal Data held by us (where such data is actually held by us and we can identify who you are). We will normally provide copies in response to your request free of charge. We do, however, reserve the right to charge a reasonable for fee for requests which are manifestly unfounded or excessive, particularly if it is repetitive and for further copies of the same information.

    2. We will ask you to provide reasonable proof of your identity before we disclose any Information to you.


    1. By submitting your Information you consent to the use of that Information as set out in this Policy. Individuals may withdraw their consent for ZAPPAR to process their Personal Data for direct marketing purposes at any time by notifying us in writing (an email will suffice).

    2. You are always free to opt-out from the future collection of your Personal Data by ZAPPAR in accordance with this Policy by discontinuing use of the Services and uninstalling the ZAPPAR App and all other ZAPPAR software from your devices.

  14. Cookies and analytics

    Please see our separate page on cookies for information on how the Services use cookies, analytics and similar technologies.

    Use of Intercom Services: We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as your email address and sign-up date) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website(s) or use our product(s). Intercom analyzes your use of our website(s) and/or product(s) and tracks our relationship so that we can improve our service to you. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s).

    Our use of Intercom causes a unique cookie ID called intercom-* to be associated with each person who accesses our website(s), which cookie ID enables Intercom to provide us with the analytics services. The duration of this cookie id is determined by Intercom.

    For more information on the privacy practices of Intercom, please visit Intercom’s services are governed by Intercom’s terms of use which can be found at

    If you would like to opt out of having this information collected by or submitted to Intercom, please contact us.

  15. Children’s privacy

    1. ZAPWORKS is a general audience service. The Services are not specifically directed to, or targeted at, Children. We may, however, allow Children to use our Services with parental consent or, in the case of Education Accounts, with the consent of their school.

    2. note to parents: We are required by the Children’s Online Privacy Act (COPPA), with limited exceptions, to obtain verifiable parental consent prior to collecting, using or disclosing personally identifiable information from Children. If an individual identifies themselves as under 13 when registering for a ZapWorks Personal Account we will not activate their access to ZAPWORKS until we have obtained parental consent. In the case of ZapWorks Education Accounts, COPPA allows the Child’s school, school districts and other educational institutions (collectively “Schools”) to act as the parents’ agent and consent to the online collection of personally identifiable information from Children who are pupils or students of the School. This consent mechanism applies to our Education Accounts.

      If a Child wishes to use our Services without parental consent, he/she must obtain an Education Seat from their School. Before a School is allowed to allocate Education Seats, it must open an Education Account with us and before we activate the account we require that the School acting on behalf of the Child’s parent or legal guardian (“Parent”) (a) consents to the collection, use and disclosure of personally identifiable information from the Child, through the Services, in accordance with this Policy, and (b) agrees that the Child’s use of ZAPWORKS are subject to our Terms of Use.

    3. INFORMATION WE COLLECT, USE AND SHARE: in general, we collect the same information from Children that we collect from other users of the Services and use and share such information for the same purposes. In addition, our ZapWorks Education Accounts allow Schools to review and edit the content that their pupils and students are publishing to zapcodes. Parents should take note that the Services enable a Child to make personally identifiable information publicly available: if your Child publishes content to a zapcode that content will be viewable by anyone who scans the zapcode. If your Child’s School allocates an Education Seat to your Child, the School may share certain information about your Child with us. We may add this information to the information we have already collected from your Child via the Services, and we may use it as described in this Policy. We may also share your Child’s personally identifiable information with: (a) the Child’s Parent’s consent, or (b) your Child’s School or those directed by your Child’s School. ZAPPAR is not responsible for any errors in information your Child’s School provides to us.

    4. RIGHT OF PARENT TO REVIEW INFORMATION COLLECTED: As required by COPPA, we allow Parents to make certain choices regarding the personally identifiable information collected from their Children. Specifically, you have the right to (a) review the personally identifiable information collected from your Child; and (b) refuse to permit our further use or future online collection of personally identifiable information from your Child and to direct us to delete your Child’s personally identifiable information from our systems. A Parent may prohibit us from sharing a Child’s personally identifiable information with a third party by requesting such prohibition in writing to us, or through the Child’s School (as applicable). Notwithstanding any such requests, we may continue to share a Child’s personally identifiable information for the purposes of making the Services available to the Child (e.g. allowing content to be viewed by anyone who zaps your Child’s zapcode) and for the purposes referred to in paragraphs (ix), (x) and (xi) of Section 7.2.

      If a Parent’s Child has a ZapWorks Personal Account, the Parent can access, change or delete the personal identifiable information that the Services have collected by either (a) logging into their Child’s account (Parents will need their Child’s login email and password); or (b) by contacting us direct at

      If a Parent’s Child is using an Education Seat provided by their School, Parents should make any permitted requests relating to their Child’s personally identifiable information to the School and have the School, as the Parent’s agent, pass on those requests to us. We may rely on the instructions that we receive from the School that we reasonably believe are given by a Child’s Parent to the School. For example, if a representative of the Child’s School contacts us and provides the account information we request, we may assume that the person contacting us is acting on behalf of the Child’s Parent.

      If a Parent chooses to prohibit any future collection, use or disclosure of their Child’s personally identifiable information, the Parent may do so by submitting a written request to us to close the Child’s ZapWorks Account and delete his/her information (in the case of a Personal Account), or by terminating the Child’s access to ZapWorks through the School (in the case of an Education Account). Upon receiving such a request from a Parent, we will delete the Child’s ZapWorks Account and all information and content stored for such account. ZAPPAR will not have any liability whatsoever for any deletion of a Child’s ZapWorks Account carried out pursuant to a request made by a Parent to us or a School; or related deletion of the Child’s personally identifiable information and content. When we delete personally identifiable information and content, it will be deleted from our active databases, but may remain in our archives.

      In any correspondence to Zappar, such as email, Parent’s should include their Child’s login email, together with the Parent’s email address and contact phone number. To protect Children’s privacy and security, we will take reasonable steps to verify the requestor’s identity before granting access to any personally identifiable information.

    5. Except as described above, the Services do not knowingly collect or solicit personally identifiable information from Children. In the event ZAPPAR learns that the Services have inadvertently collected personally identifiable information from a Child without the consent of their Parent or School (e.g. a Child lies about their age when registering for ZapWorks), we will delete that information as quickly as possible. If a Parent becomes aware that their Child has provided us with personally identifiable information, without proper consent, please contact us using one of the methods listed in Section 17 below and we will delete all such information from our systems.

    6. PARENTAL CAUTION: Please be aware that the Services are an open information system and as such some user content linked to a zapcode may be of a nature unsuitable for children. We have no control over this and we strongly advise that you monitor your child’s use of the Zappar App and if you have any concerns, then do not allow your child to use the Zappar App with certain materials displaying zapcodes.

    7. AGE SCREENING: As we wish to ensure that the Services are only used in compliance with our Terms of Use, we may use age screening. We do not store any individual’s date of birth.

  16. Changes to Our Privacy Policy

    The Services, our collection and use of personal data and the laws and regulations which apply will change over time. We reserve the right to make changes to this Policy. If we do, the changes to the Policy will be posted to the ZAPWORKS website and we will change the “Last updated” date shown below. If such changes to the Policy are material, we may opt to provide a separate notification to you. You are deemed to have accepted the terms of the amended Policy on your first use of the Services following the changes. We encourage you to visit this page from time to time for the latest on our information collection practices.


    If you have any questions about the ZAPPAR Services or this Privacy Policy, please contact us by email or by post using the details below. Please ensure that your query is clear, particularly if it is a request for information about the Personal Data we hold about you.

    Postal Address

    Data Protection


    The Barley Mow Centre

    10 Barley Mow Passage

    London W4 4PH

    United Kingdom



    Irrespective of which country you live in or submit Information from the law which applies to this Policy shall be the law of England and Wales.

Last updated: 21 May 2018