Business contacts – What information do we collect about you?
In running and maintaining our website, software and services we may collect and process information provided voluntarily by individuals and businesses. For example, when you submit and enquiry or register to use our services or software. We collect information about you when you create an account with us, when you sign a contract, when you become a customer, when you make an enquiry on the website and/or when you register for an event or meet us at an event, conference or trade show. This includes basic contact details (including but not limited to name, company, email address, telephone) as well as potentially some questions about the nature of your business. This information can be accessed by our team in the UK. Appropriate security measures are in place to ensure your data is secure.
ZigZag Global provide software and logistics to help retailers manage returns globally. We partner with couriers, marketplaces, warehouses and retailers to help them offer a better returns experience to their customers, which may include managing logistics and returns with leading carrier partners and postal partners. In order for us to process an order it is necessary for us to store data about the transaction which may include your name, address, phone number, email address and details of what you purchased so that we can facilitate the order or return. This may include passing details to 3rd parties such as couriers and our payment gateway required to complete the order.
Consumers place a returned order by:
We will then confirm your returned order by:
Once you receive the returned order confirmation you need to:
ZigZag is unable to supply you with the services unless you have complied with the requirements above.
We reserve the right to reject a shipment that contains any illegal, dangerous, flammable or hazardous goods or products. If you wish to use our services to return restricted items you must obtain our prior written consent.
We reserve the right to refuse a refund if you failed to:
ZigZag Global will supply the Services to you using reasonable care and skill. We shall endeavour to meet the timeframes stipulated for the appropriate service selected for the returned order but any such timeframes shall be estimates only and time shall not be of the essence in performance of the services. ZigZag shall not be held responsible for failure of carriers to deliver on time or for Force Majeure events outside our control.
We may perform the services ourselves or we may sub-contract part or all of the services to partners such as carriers or 3PL providers. You acknowledge that we provide a service for the transport of goods with a specified timeframe for delivery, therefore you do not have a right to cancel the Order under the Consumer Contracts (Information, Cancellation and Additional Payments) Regulations 2013 (Regulation 28(1)(h)). This does not affect your statuatory rights.
By using the services, you accept our terms and conditions.
ZigZag Global accepts responsibility for the returns postage label, but by using our services you acknowledge that we are not the retailer of the returned goods. We are a service partner of the retailer providing a returns software solution (returns portal) and return postage or carrier labels on behalf of the retailer.
The cost of using the service is displayed on the portal and are inclusive of taxes applicable.
Payment for the Services is required upon completion of your returned order by credit or debit card via our payment gateway, via PayPal or Apple pay or Android Pay. If you paid for a return, please note that on your debit / credit or bank statement you will see the charges are payable to ZIGZAG GLOBAL as we are the company providing you with the services not the retailer of the returned products.
Some of the retailers we work with may choose to deduct the cost of postage from your refund rather than charging you for a postage label in the checkout. If this option is offered you will need to agree to this deduction before the return label can be provided. Please check the retailers returns policy if you are unsure.
2nd Floor Winchester House
c/o Simmons Gainsford
Registered Company number
2nd Floor Winchester House
If your correspondence requires a response we will confirm receipt of this by contacting you in writing or by return of email. If we have to contact you or give you notice in writing, we will do so by e-mail, by hand, or by pre-paid post to the address you provide to us in the returned order.
Use of Your Information
Access to your information and correction
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email firstname.lastname@example.org or write to us at 2nd Floor, Winchester House, 19 Bedford Row, London, WC1R 4EB. You will need to give us some information when requesting information we hold so that we can match the data requested.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. We will endeavour to return enquiries within 7 working days.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org
How to contact us
Our GDPR Statement
The new EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and will impact every organisation which processes personal data of EU citizens. It introduces new responsibilities, empowers businesses to be accountable for their processing of personal data as well as enabling EU citizens to protect their privacy and control the way their data is processed. Even though the UK will be leaving Europe, the GDPR still applies and will replace the UK’s Data Protection Act 1998 when it comes into force.
Data protection definitions
Personal data is any information that relates to a living individual. It also includes any data that can be used with other sets of data to identify an individual. Typical examples of personal data are name, identification number, location data, online identifier and email address.
Processing relates to any operation carried out on personal data including collection, recording, organising, structuring, storing and using. Processing also doesn’t have to be by automated means which means that processing includes paper-based, non-digital systems.
A Data Subject is the individual whose personal data is being processed
A Data Controller is the organisation which determines how personal data is processed
A Data Processor is an organisation which processes data on behalf of a Controller. This typically means a third party who is used by the Controller to process their data (e.g. a marketing company used to send out marketing materials)
For detailed information about the GDPR and data protection, visit the Information Commissioner’s Office website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Your GDPR responsibilities
When you use our services to store or process your personal data (including customer’s or user’s data), you are the Data Controller and we are a Data Processor. This will be true for any personal data you place on our servers either directly, via a hosted website or by use of any of our other services.
The GDPR requires you, as a Data Controller, to ensure that any Data Processor services you use to process personal data are GDPR compliant. This means that when you use any of our services to process your personal data you need to carry out due diligence on our services and ensure certain contractual terms are in place.
This GDPR statement is our way of helping you meet these GDPR regulatory requirements and to offer you an assurance that we take GDPR and the security of your personal data as part of the everyday running of our services.
Our GDPR Commitment
As UK Company, ZigZag Global is committed to ensuring our business, services and internal processes are GDPR compliant. This GDPR Statement provides our assurances to GDPR compliance.
By the GDPR implementation deadline, ZigZag Global will have put in place:
– Employee data protection training to ensure all staff understand their role in data protection compliance
– Updated internal policies relating to data protection and responsibilities within our businesses for ongoing GDPR compliance
– Check all our systems, processes and services to ensure they meet the requirements of GDPR, particularly around security of data and our use of any external third-party services
– Procedures to ensure ongoing compliance past the GDPR deadline
– Updated terms and conditions of services that meet the contractual requirements of GDPR in the Data Controller – Data Processor relationship
Our services are compliant because:
– We have fully assessed our GDPR compliance both regarding the services we offer to our customers and regarding our internal policies and procedures
– We have appropriate technical and personnel protocols in place to ensure the security of your data
– We carry out due diligence against any sub-processors or other third party processors we use to ensure their GDPR compliance (such as data centres)
– We only allow specific members of staff access to our servers and what access that is available is limited to specific circumstances
– Our staff are trained in GDPR compliance and understand their responsibilities for managing the systems that process your data
Our role as a Data Processor
You are the owner of the data you submit to our servers.
When your data is placed on our servers, you are the Data Controller and ZigZag Global, the Data Processor. We do not access the data you store on our services and any processing (as a Data Processor) is only stored to help facilitate the transactions we manage on behalf of our clients and suppliers. Our clients and suppliers are typically Retailers, Marketplaces, Couriers or 3rd Party Fulfilment partners.
We do not use personal data for any processing of our own.
ZigZag Global needs to process your personal information in order to facilitate collection of returns.
Whilst we do need to share your data with suppliers such as a courier (in order to collect goods from your house for example) we do not share or provide access to any of your data with other third parties unless required to do so by law. Where law enforcement or other authorised parties request access to our servers, we follow strict internal policies for dealing with such requests in line with existing law. Furthermore, the third parties are required to demonstrate they have a lawful reason to access the data and under what authority.
ZigZag operate servers in two data centres in the UK. Both data centres are hosted by Microsoft Azure, in Cardiff and in London. Staff at our Head Office in London also have restricted access to some data.
Each data centre we operate from has hardware security access for example:
All our employees keep up to date with all technical aspects of security and ensure the ongoing security of our servers and systems. This means that any security patches are applied to our systems as a matter of priority and any changes or updates to our own systems are done so, always, with data protection and privacy in mind and where appropriate, in discussion with our customers. Where we have an agreement in place with our customers to do so, we also maintain the security of our customer’s own servers or hosted applications.
Access to Servers
Remote admin access to our servers is strictly restricted to key personnel within our Technical Support team. Our team will access a server only to resolve an issue reported by the client. Or to ensure that the Managed Hosting Service Level opted for by a client is met.
Microsoft’s Data centre staff have physical access to the servers, but we have strict protocols in place to ensure they only do so, if requested by a member of our technical support team and such a request will only be in cases when they need to carry out a visual check of a server or carry out physical maintenance on the server itself.
ZigZag Global Employees
All ZigZag Global employees are trained and made aware of their responsibilities under GDPR including their duties with regards to access, security and processing of any personal data stored on our servers. Security and data governance are covered in our employee handbooks and actively discussed as part of quarterly meetings to ensure all staff are up to date.
Changes to our approach
Should our approach to any aspect covered by this statement change we will make sure, where your data is impacted, that we notify you within a reasonable timeframe and in line with any contractual terms in place between us.
In the unlikely event of a breach occurring (as defined in the GDPR) we will notify you within 48 hours of the breach coming to our attention. This will be enough time for you to consider your requirements, under GDPR, for reporting the breach to the ICO and Data Subjects.
We are registered with the ICO.
We help you to comply with GDPR
Our approach to our own compliance also helps you comply with your own GDPR compliance requirements. This statement should go some way to explain our approach to GDPR compliance. By using our services, you can be assured that your use is GDPR compliant.
If required we will assist you or the Information Commissioner’s Office with any query relating to the GDPR compliance of our services.
Data Protection Contact
Any questions, queries or requests for further information regarding our GDPR compliance should be sent to:
2nd Floor Winchester House
19 Bedford Row, London WC1R 4EB.
Tel 0203 286 8223
Get in touch to have a chat or arrange a demo