The Policy applies as between ZAPPAR and ZAPWORKS users. The Policy deals with our use of any and all information collected by us in relation to your use of ZAPWORKS.
IMPORTANT NOTICE REGARDING CHILDREN UNDER 13: This Policy generally applies to all users of ZAPWORKS. If, however, a user identifies themselves as under the age of 13 (a “Child”), we will collect, use and share the Child’s information as described in section 14 below entitled Children’s Privacy.
In this Policy certain words with a Capital letter have a particular meaning. These are listed below:
|“Anonymous Information”||means information that does not identify, and cannot reasonably be used to identify a specific individual. When Anonymous Information is associated with Personal Data, this Anonymous Information is treated by ZAPPAR as Personal Data.|
|“Information”||means any or all information that you or your device send, submit or transmit to ZAPPAR via the Services, including information automatically collected by us.|
|“IP Address”||means an Internet Protocol address, a number that is automatically assigned to your device when you use the internet and which may vary from session to session;|
|“Personal Data”||for the purposes of this Policy, means information which relates to a living individual who can be identified from that information, where that information is collected and analysed with the intention of distinguishing one individual from another, and to take a particular action in respect of that individual.|
|“Services”||means our ZAPWORKS service and technology that you are currently using together with its related databases, features, functionality, plug-ins, software, tools, zapcodes, documentation and web pages including any modifications or updates thereto.|
|“you”||means you, the individual visiting the ZAPWORKS website, using the Services, or registering as a user of the Services.|
|“your Content||means any and all data or content controlled by you that you create, enter, upload, import, post, transmit or otherwise make available via the Services, including animation, documents, images, links, sound files, videos and text.|
|“ZAPPAR” or “we”||means ZAPPAR LIMITED a limited liability company incorporated and registered in Scotland with company number SC394617.|
|“ZapWorks Acount”||means the user account or login credentials registered with ZAPPAR by which you access the Services.|
|“ZAPPAR App”||means either (1) our augmented reality interactive entertainment application for smartphones and tablets entitled ZAPPAR; or (2) our App Embed Component where it is included within a third party application that is being used to access and unlock content published on our platform.|
The Services are owned and operated by ZAPPAR LIMITED, a limited liability company incorporated and registered in Scotland (company number SC394617). Our contact details are shown below in Section 11 (YOUR RIGHTS AND HOW TO GET IN TOUCH).
As and when you use the Services we may collect certain Information from you. Some of this Information may be Personal Data and some of the Information may be Anonymous Information. We will only use this Information in accordance with the terms of this Policy.
By creating a ZapWorks Acount or using the Services you will allow others, including ZAPPAR, to identify you. In order to open a ZapWorks Acount or use the Services you may need to provide us with some or all of the following items of Personal Data:
(i) Your company name
(ii) Your first name and last name
(iii) Your billing address
(iv) An email address
(v) A password
(vi) Your date of birth
Please note your date of birth is not stored by ZAPPAR. We only use it once to confirm your age.
Alternatively, you can sign up for or log into the Services by using your GOOGLE or FACEBOOK account. If you use GOOGLE we will receive your email address. If you use FACEBOOK we will receive a random token that replicates a “logged-in” session and gives us temporary secure access to your details. FACEBOOK can revoke the token at anytime.
Corporate / business users can also create an organisation contact within our systems. This organisation contact enables corporate / business users to delegate access to their ZapWorks Acount to certain named users within their organisation. ZAPPAR will collect and store any information which you enter into your organisation contact e.g. names of authorised users.
If you choose to email or write to us about your ZapWorks Acount or the Services, or submit a support request via the ZAPWORKS website, we may also collect Information about you from the content of your letter, email or submission e.g. your name, email address, postal address and your likes / dislikes.
We may also collect Information of the kind listed in paragraphs 3.3 to 3.8 below from you whether or not you register to open a ZapWorks Account (e.g. if you are simply browsing our ZAPWORKS website).
Once your access to the Services has been activated, you will be able to enter or upload content to your ZapWorks Acount (e.g. music files, photos, videos and other digital content) and to publish and make content available to the public by connecting it to your zapcodes.
Once entered or uploaded, Your Content will be stored on our secure servers for the purposes of making Your Content available as and when you choose to publish it. Some of Your Content may contain your personally identifiable information. By entering or uploading Your Content you grant us permission in respect of the collection and processing of the personally identifiable information contained in that content.
Before entering, uploading or publishing any content via the Services please BE AWARE of the following important matters:
(i) The nature of the Services means that Your Content will potentially be visible to and capable of use by all users of the ZAPPAR App who scan ('zap') your zapcode regardless of whether or not they are known to you or have been specifically selected by you to receive that content.
(ii) It is not possible to make Your Content private i.e. only accessible by certain selected people; although you can choose whom you share your zapcodes with. Please be careful when publishing content that contains or depicts personal details about you or other persons, e.g. audio, photos or videos featuring you or your friends’ image or voice.
(iv) If you enter or upload information about or depicting individuals other than yourself (e.g. a photo of a friend or a work colleague) you must get their permission first.
(v) Even if you subsequently remove content that you publish via the Services, copies may still remain cached or saved on someone’s device and therefore capable of continued viewing.
IT IS ALSO IMPORTANT TO NOTE THAT YOU AND NOT ZAPPAR ARE RESPONSIBLE FOR, AND CONTROL YOUR CONTENT. IF YOUR CONTENT CONTAINS ANY PERSONALLY IDENTIFIABLE INFORMATION THEN FOR THE PURPOSES OF EU DATA PROTECTION LAW ZAPPAR WILL SIMPLY BE ACTING AS THE PROCESSER OF THAT INFORMATION AND NOT THE DATA CONTROLLER.
ZAPPAR uses a payment solution supplied by a third party to enable us to accept payments on the ZAPWORKS website. This third party payment solution is integrated with our own systems and works as follows: upon your request to checkout and pay, our website will display a form to you that collects the required payment data. The text boxes for entering your details into the form are served from the third party’s website and when you submit the form the payment data and other details are sent directly to the third party. This method prevents your sensitive data from ever residing on our servers and enables ZAPPAR to achieve PCI compliance (SAQ A-EP profile).
The Services are designed for use with the ZAPPAR App. When you use the ZAPPAR App (e.g. to zap a zapcode), our servers will automatically record information that your device sends or transmits, including the following:
(i) a random ID (see paragraph 3.7 below),
(ii) your IP Address,
(iii) the time,
(iv) the make and model of your device (including operating system version),
(v) the version of the ZAPPAR App being used,
(vi) user settings, and
(vii) information about your use of the ZAPPAR App.
We may use this Anonymous Information to analyse and optimise your use of the Services or to develop new features and functionality which we believe may be of use to you or other users of the ZAPPAR App.
The random ID referred to in paragraph 3.6 (i) above is a unique installation ID generated by the ZAPPAR App when it is first run. The ID is a random number, seeded from the system time and does not identify you personally. The ID is stored in the app’s storage directory on a user’s device and used to anonymously track use of the ZAPPAR App in the following ways:
(i) when the user opens the ZAPPAR App;
(ii) when the user taps “ZAP”;
(iii) when the user performs certain actions during a ZAP e.g. completing a game;
(iv) how long a user spends interacting with a ZAP;
(v) to confirm that the user is allowed to use an age-restricted feature of the ZAPPAR App.
The ID is not accessible to other apps or sites on your device and does not track you beyond the ZAPPAR app. We do not share the ID within any third party.
Our system will automatically record and store information created by your access to and use of the Services (“Log Data”). This may include information about your device, your IP Address, browser type, the pages that you visit, time spent on pages and other statistics. We use this information to better tailor the Services to our users’ needs and to provide you with targeted communications that you are happy to receive from us. We may also link this automatically collected information to Personal Data (e.g. if you submit a “get in touch” request to us). We do not use Log Data to track you outside of our services and any “do not track” requests sent to us by your browser will be respected.
(i) to enable us to provide you with access to all features and functionality of the Services, including your zapcode(s);
(ii) to enable you to upload, enter, change, edit, publish, share and communicate Your Content;
(iii) to provide you with service related updates, including promotional emails, newsletters and other messages that relate to the Services;
(iv) to provide you with personalised content and communications that you are happy to receive from ZAPPAR in relation to the Services;
(v) to provide customer service in relation to your use of the Services;
(vi) generally to administer, support, improve, promote and develop the Services, including automatically updating our software installed on your device; and
(vii) as otherwise stated in this Policy.
We would like to send you information about products and services of ours other than ZAPWORKS that may be of interest to you. If at any time you decide that you no longer wish to be contacted for this purpose, you can opt out by either changing the mailing settings within your ZapWorks Acount or letting us know and we will remove you from our mailing list. PLEASE NOTE THAT IT IS NOT POSSIBLE TO OPT OUT OF SERVICE RELATED EMAILS AS THESE ARE NECESSARY FOR THE PERFORMANCE OF THE SERVICES.
We may from time to time contact selected customers to ask them if they would be willing to provide a testimonial in relation to the Services. We will agree the wording of any testimonial with you. Once agreed, the testimonial will be displayed on the ZAPWORKS website or sometimes via press releases depending on what is agreed at the time.
As part of the services offered to you through ZAPWORKS, your Information may be transferred to countries outside of the European Economic Area (EEA) including the USA. By way of example, this may happen if any of our servers are located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. Equally, we may appoint third parties to carry out certain data processing on our behalf, e.g. we may appoint a third party as a payment provider, to host the Services, or to administer electronic mailings on our behalf. We will continue to be the data controller in respect of Information transferred to such third parties and shall remain responsible for the processing undertaken by them. We may also share Information between our group companies, which are located in countries worldwide. Countries outside of the EEA may not have similar data protection laws to the UK. If we transfer your Personal Data outside of the EEA in the manner referred to in this section, we will take steps with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use the Services while you are outside the EEA, your Information may be transferred outside the EEA in order to provide you with those services. As the ZAPPAR App is available for use internationally it is possible that any personally identifiable information contained in Your Content (e.g. your picture) may when a zapcode is zapped be automatically transferred by our servers to a device being used in a country outside the EEA where they have a different level of data protection.
By using the Services you specifically give your consent to the international transfers described in this Section 5.
Other than as expressly set out in this Policy, or as otherwise required or permitted by law or regulatory requirement, ZAPPAR will not share, sell or transfer your Information without your prior consent.
WE MAY DISCLOSE YOUR INFORMATION TO OR SHARE IT WITH THE FOLLOWING:
(i) users of the ZAPPAR App where you allow Your Content to be made public via a zapcode;
(ii) social media services you choose to share Information with;
(iii) any third party to whom disclosure is necessary to enable us to provide you with the Zappar Services including, but not limited to, our payment services provider and our server provider;
(iv) other users of the Services i.e. creators and publishers of zapcodes who will get to see information about your device and your use of the ZAPPAR App, but only in de-identified and aggregated form;
(v) our business partners, which may include advertising, brand and retail partners for the purposes of providing certain services that are offered in conjunction with those partners;
(vi) to inform business partners about use of the Services and products and services made available through the Services, in the form of aggregated statistics or otherwise in a format that does not identify you personally;
(vii) any third party to whom disclosure is necessary to protect the rights, property or safety of the Services, its users and the public. This may include exchanging Information with other companies and organisations or fraud protection and spam prevention;
(ix) any prospective purchaser of ZAPPAR, its parent company, or the Services or any part thereof, (see Section 7);
(xi) outside parties (e.g. judicial or regulatory authorities) to comply with the law and our legal obligations.
ZAPPAR may from time to time expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of ZAPPAR or the Services. Information provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part as one of the transferred assets. The new owner or newly controlling party will, under the terms of this Policy, be permitted to use your Information for the purposes for which it was originally supplied to us.
We also reserve the right to disclose de-identified user data to the prospective buyer of such business or assets.
The Services may contain links to resources, websites, microsites and other on-line services that are operated by third parties (i.e. businesses other than ZAPPAR) (“Third Party Services”). We do not control these Third Party Services and are in no way responsible for their content, or information collection practices. This Policy does not extend to your use of any Third Party Services.
Data security is of great importance to ZAPPAR. We have put in place commercially reasonable physical, electronic and managerial security measures to protect your Information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
Specifically we use the following measures:
(i) The Information you send us is protected by SSL/TLS end-to-end encryption when transmitted from your servers to our servers.
(ii) Information stored on our servers is protected by key authentication and by a firewall. Your Information will only be accessed by authorised employees. These employees are obliged to preserve the confidentiality of all information that comes to their attention, unless disclosure is compulsory by law or necessary for the fulfilment of their duties.
Despite these measures, you should be aware that we cannot fully eliminate security risks associated with sharing Personal Data on-line. No method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
We will retain your Information for the duration of your use of the Services and for a reasonable period thereafter for backup, archival and/or audit purposes or for as long as the law otherwise requires or permits. Specifically, we are required by EU law to retain your IP Address and billing address for 10 years to confirm compliance with VAT rules. If we archive Your Content following the deactivation of your ZapWorks Account, we reserve the general right to delete that content at any time thereafter.
You are entitled to details of the Personal Data that ZAPPAR holds about you and you may ask us to make any necessary changes to ensure that it is accurate and kept up to date. If you wish to do this, please contact us using the contact information given below. We may make a small charge for this service. We may also ask you to submit reasonable proof of your identity before we disclose any information to you.
If you wish to exercise your ‘subject access right’ described in paragraph 11.1, or if you have any other questions regarding this Policy or how we collect and use your Information, you may contact us in writing or by email at the following addresses:
Data Protection Officer
Barley Mow Centre
10 Barley Mow Passage
London W4 4PH
If you would prefer to speak to us, please request a call back on the following page: www.zappar.com/contact/
When making a request please be aware that we may be unable to delete Information that resides in our archives, and the requested removal of certain Information may mean we are no longer able to provide you with the Services.
By submitting your Information you consent to the use of that Information as set out in this Policy. Individuals may withdraw their consent for ZAPPAR to process their Personal Data for direct marketing purposes at any time by notifying us in writing (an email will suffice).
You are always free to opt-out from the future collection of your personal information by ZAPPAR in accordance with this Policy by discontinuing use of the Services, and uninstalling the ZAPPAR App and all other ZAPPAR software from your devices.
ZAPWORKS is a general audience service. The Services are not specifically directed to, or targeted at Children. We may, however, allow Children to use our Services with parental consent or, in the case of Education Accounts, with the consent of their school.
NOTE TO PARENTS: We are required by the Children’s Online Privacy Act (COPPA), with limited exceptions, to obtain verifiable parental consent prior to collecting, using or disclosing personally identifiable information from Children. If an individual indentifies themselves as under 13 when registering for a ZapWorks Personal Account we will not activate their access to ZAPWORKS until we have obtained parental consent. In the case of ZapWorks Education Accounts, COPPA allows the Child’s school, school districts and other educational institutions (collectively “Schools”) to act as the parents’ agent and consent to the online collection of personally identifiable information from Children who are pupils or students of the School. This consent mechanism applies to our Education Accounts.
INFORMATION WE COLLECT, USE AND SHARE: In general, we collect the same information from Children that we collect from other users of the Services, and use and share such information for the same purposes. In addition, our ZapWorks Education Accounts allow Schools to review and edit the content that their pupils / students are publishing to zapcodes. Parents should take note that the Services enable a Child to make personally identifiable information publicly available: if your Child publishes content to a zapcode that content will be viewable by anyone who scans the zapcode. If your Child’s School allocates an Education Seat to your Child, the School may share certain information about your Child with us. We may add this information to the information we have already collected from your Child via the Services, and we may use it as described in this Policy. We may also share your Child’s personally identifiable information with: (a) the Child’s Parent’s consent, or (b) your Child’s School or those directed by your Child’s School. ZAPPAR is not responsible for any errors in information your Child’s School provides to us.
RIGHT OF PARENT TO REVIEW INFORMATION COLLECTED: As required by COPPA, we allow Parents to make certain choices regarding the personally identifiable information collected from their Children. Specifically, you have the right to (a) review the personally identifiable information collected from your Child; and (b) refuse to permit our further use or future online collection of personally identifiable information from your Child and to direct us to delete your Child’s personally identifiable information from our systems. A Parent may prohibit us from sharing a Child’s personally identifiable information with a third party by requesting such prohibition in writing to us, or through the Child’s School (as applicable). Notwithstanding any such requests, we may continue to share a Child’s personally identifiable information for the purposes of making the Services available to the Child (e.g. allowing content to be viewed by anyone who zaps your Child’s zapcode) and for the purposes referred to in paragraphs (vii), (viii) and (ix) of Section 6.2.
If a Parent’s Child has a ZapWorks Personal Account, the Parent can access, change or delete the personal identifiable information that the Services have collected by either (a) logging into their Child’s account (Parents will need their Child’s login email and password); or (b) by contacting us direct at firstname.lastname@example.org
If a Parent’s Child is using an Education Seat provided by their School, Parents should make any permitted requests relating to their Child’s personally identifiable information to the School and have the School, as the Parent’s agent, pass on those requests to us. We may rely on the instructions that we receive from the School that we reasonably believe are given by a Child’s Parent to the School. For example, if a representative of the Child’s School contacts us and provides the account information we request, we may assume that the person contacting us is acting on behalf of the Child’s Parent.
If a Parent chooses to prohibit any future collection, use or disclosure of their Child’s personally identifiable information, the Parent may do so by submitting a written request to us to close the Child’s ZapWorks Account and delete his/her information (in the case of a Personal Account), or by terminating the Child’s access to ZapWorks through the School (in the case of an Education Account). Upon receiving such a request from a Parent, we will delete the Child’s ZapWorks Account and all information and content stored for such account. ZAPPAR will not have any liability whatsoever for any deletion of a Child’s ZapWorks Account carried out pursuant to a request made by a Parent to us or a School; or related deletion of the Child’s personally identifiable information and content. When we delete personally identifiable information and content, it will be deleted from our active databases, but may remain in our archives.
In any correspondence to Zappar, such as email, Parent’s should include their Child’s login email, together with the Parent’s email address and contact phone number. To protect Children’s privacy and security, we will take reasonable steps to verify the requestor’s identity before granting access to any personally identifiable information.
Except as described above, the Services do not knowingly collect or solicit personally identifiable information from Children. In the event ZAPPAR learns that the Services have inadvertently collected personally identifiable information from a Child without the consent of their Parent or School (e.g. a Child lies about their age when registering for ZapWorks), we will delete that information as quickly as possible. If a Parent becomes aware that their Child has provided us with personally identifiable information, without proper consent, please contact us using one of the methods listed in Section 11 above and we will delete all such information from our systems.
PARENTAL CAUTION: Please be aware that the Services are an open information system and as such some user content linked to a zapcode may be of a nature unsuitable for children. We have no control over this and we strongly advise that you monitor your child’s use of the ZAPPAR App and if you have any concerns, then do not allow your child to use the ZAPPAR App with certain materials displaying zapcodes.
As the Services and the laws which apply to them will change over time, we reserve the right to make changes to this Policy from time to time. Any such changes to the Policy will be posted to the ZAPWORKS website and we will change the “Last updated” date shown below. If such changes to the Policy are material, we will provide a separate notification to you. You are deemed to have accepted the terms of the amended Policy on your first use of the Services following the changes. We encourage you to visit this page from time to time for the latest on our information collection practices.
Irrespective of which country you reside in or submit Information from the law which applies to this Policy shall be the law of England and Wales.
Last Updated: August 2016