Online safety is of paramount importance to Zenith Choice. We take pride in how we deal with the data we hold and make sure we comply with the General Data Protection Regulation (GDPR).
We take seriously the privacy of all who visit our website, including visitors, registrants, and subscribers.
We are committed to safeguarding the privacy of users while providing personalised and valuable services.
If there are any requests concerning personal information or any queries with regard to these practices please contact our Privacy Officer by e-mail using the contact on the front of the web page.
Our site(s) contain(s) links to third party sites which are not subject to this privacy policy. We recommend that you read the privacy policy of any such sites that you visit.
References to Terms and Conditions are to the terms and conditions applicable to subscribers.
Company’s Registered Address: : Logopact Limited T/A Zenith Choice Registered Number: 07760074
We provide a personalised experience and as such we collect personally identifiable information about visitors to our websites, including registrants and subscribers through
- the use of enquiry and registration forms;
- the request for a trial or the purchase any of our products or services; and
- the provision of details to us either online or offline.
- The elements of Data that we collect may include:
- Name;
- The provision of details to us either online or offline;
- Telephone number;
- E-mail address;
- Payment details such as credit card information and bank account information;
- Market research data
- The name and date of birth of subscribers
We also collect information automatically about site visits to the Zenith Choice web pages via Cookies.
Updating Your Information
You can update your account information by login to your account.
Data kept for marketing purposes can be changed at any time by clicking on the unsubscribe link on any email from us. From this link, you will be able to access the marketing preferences linked to your email address, meaning you can limit contact to free resources, product updates, events and training, free trials and/or special offers, or deselect yourself from all non-account based emails entirely. Alternatively, you can email us at the contact on the home page of this website.
Your Access to Personally Identifiable Data
The General Data Protection Regulation gives you the right to access information held about you.
Your right of access can be exercised in accordance with the regulations. Please login to your account to access the information or email us at the contact on the home page of this web site.
Our Employees
To ensure that the user receives the best customer care, staff have access to user data (dependent upon their role). Staff access is controlled via documented System Access Requests and is only granted on a need-to-know basis.
Disclosure of Personal Identifiable Data to third parties
We have a policy of not sharing any Personal Identifiable Data about visitors, registrants, subscribers, and home users with anyone outside the organisation. (Please note that the usernames/passwords are controlled by the users themselves.)
We do not sell or share your data without your consent.
Legal requirements
We may also disclose Data to third party suppliers if we are otherwise required to do so by law. Security and Protection of Personal Identifiable Data All remote access to web applications are conducted over HTTPS, an encrypted web link secured with a Secure Sockets Layer (SSL). This is the same method used by banks and commercial entities to secure sensitive data from interception.
External Storage of Personal Identifiable Data
We store data on secure database servers – Amazon Webservers and Rackspace Webservers.
Webservers are housed in secure data centres, trusted and used by many of the country’s leading organisations.
Transfer of Personal Identifiable Data Outside of the European Economic Area
All data entered and saved on our products is stored and backed up on secure database servers within the UK. Any email communication with us will go through our email systems (Microsoft Office 365 & Rackspace Webmail) which is held on Privacy Shield compliant servers held in the USA – the US Privacy Shield policy is available to view on request. Wherever possible we request our customers to upload their data directly to us products rather than emailing it to us.
Use of Personal Identifiable Data
By accepting the Terms and Conditions all users and subscribers consent to use and/or disclosure of the Data for purposes which may include:
- providing subscribers with a personalised service;
- providing feedback about use of the services
- processing orders, registrations, changes to registrations and enquiries;
- disclosing certain personal details including account details to a bank, credit card operator or other payment processor for the purposes of setting up a continuous payment authority and/or collecting direct debits;
- conducting market research surveys;
- running competitions;
- providing information about other products and services from us and
- consolidating anonymised Data
Data Retention Schedule -Data Held
We hold data on suppliers, customers, potential customers and subscribers.
- Data may be held electronically on our email systems, payroll, CRM systems, and access control systems. (Please note that our accounts software holds no personal data)
- Our working email servers (Office 365) have a 6-month retention policy.
- Our back up email servers have a 12-month retention policy.
- Payroll will be cleansed every year. The cleansing will be the removal of data relating to employees who terminated employment more than 6 years previous.
- Customers and potential customers in our CRM and access control system are deleted on request.
Breach Notification Procedure
Outline Procedure
Any potential Data Protection Breach (DPB) is notified to the Privacy Officer (PO). The PO will open an incident log and make an initial assessment of the breach’s severity.
The PO will conduct a detailed assessment and investigation of the DPB. The PO will establish a likelihood and severity of a resulting risk to people’s rights and freedoms.
If there is a risk, the ICO will be notified within 72 hours of the notification.
If there is no risk, a documented decision will be made available to the ICO (although the ICO will not be notified).
If a DPB is likely to result in a high risk to the rights and freedoms of individuals, the PO will inform those concerned directly and without undue delay.
Any DPB will be documented and reviewed to ascertain if lessons can be learned.