We collect your personal information when you interact with us or use our services, such as when you use our Sites to place an order. We also look at how visitors use our Sites, to help us improve our services and optimise customer experience.
We collect information:
We also collect information from third party sites, such as advertising platforms and our fraud detection provider.
As part of our commitment to the privacy of our customers and visitors to our Sites more generally, we want to be clear about the sorts of information we will collect from you.
When you visit the Sites or make a Zapp order through the Sites, you are asked to provide information about yourself including your name, contact details, delivery address, order details and payment information such as credit or debit card information.
We also collect information about your usage of the Sites and information about you from any messages you post to the Sites or when you contact us or provide us with feedback, including via email, letter, phone or chat function. If you contact us by phone, we record the call for training and service improvement purposes, and make notes in relation to your call.
We collect technical information from your mobile device or computer, such as its operating system, the device and connection type and the IP address from which you are accessing our Sites.
We also collect technical information about your use of our services through a mobile device, for example, carrier, location data and performance data such as mobile payment methods, interaction with other retail technology such as use of NFC Tags, QR Codes and/or use of mobile vouchers. Unless you have elected to remain anonymous through your device and/or platform settings, this information may be collected and used by us automatically if you use the service through your mobile device(s) via any Zapp mobile application, through your mobile's browser or otherwise.
We process health information about you only where you volunteer and consent to this, for example if you specify any food allergies.
We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information: if we need to process your information in order to provide you with the service you have requested or to enter into a contract; we have your consent; we have a justifiable reason for processing your data; or we are under a legal obligation to do so.
Where we need to in order to provide you with the service you have requested or to enter into a contract, we use your information:
We also process your data where we have a justifiable reason for doing so— for example personalisation of our service, including processing data to make it easier and faster for you to place orders. We have listed these reasons below:
We will also analyse data about your use of our services from your location data to create profiles relating to you and for you. This means that we may make certain assumptions about what you may be interested in and use this, for example, to send you more tailored marketing communications, to let you know about special offers or products which we think you may be interested in. This activity is referred to as profiling. You have certain rights in relation to this type of processing. Please see 'Your Rights' section below for more information.
Where we rely on legitimate interest as a basis for processing your personal information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests. You can find out more information about these balancing tests by contacting us using the details above.
Where we are under a legal obligation to do so we may use your information to:
Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law) we will use your information to let you know about our other products and services that may be of interest to you and we may contact you to do so by email or phone. You can control your email marketing preferences by clicking the links in the footer of our emails or contacting us.
We conduct fraud checks on all customers. Where we believe we may detect fraudulent activity we may block you from placing an order and using our Sites.
We undertake fraud checks on all customers because this is necessary for us to perform our contracted services to customers, by ensuring that the services we provide are duly paid for, and also so that individuals themselves are protected from fraudulent transactions on their cards.
Given the volumes of customers and orders we deal with, we use automated systems including a third party fraud detection provider called Ravelin, which analyses your order data in order to make automated decisions as to whether or not we will accept an order. We find this is a fairer, more accurate and more efficient way of conducting fraud checks since human checks would simply not be possible in the timeframes and given the volumes of customers that we deal with.
The checks and decisions that are made look at various components including known industry indicators of fraud which our expert fraud detection provider makes available to us, as well as fraud patterns we have detected on our Sites. When combined, these generate an automated score indicating the likelihood of a fraudulent transaction. If our systems indicate a high score for you, then we may decline an order or even block you from our services. The specific fraud indicators are dynamic so will change depending on what types of fraud are being detected in the wider world, country and our Sites at any particular time.
You have certain rights in respect of this activity - please see 'Your Rights' section below for more information. Our fraud detection is in place to protect all of our customers as well as Zapp. You have the right to contest any fraud decision made about you and to be given more information about why any such decision was made by contacting us as set out in section 1 above.
We will not retain your information for any longer than we think is necessary.
Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of my information’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.
When determining the relevant retention periods, we will take into account factors including:
Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
The information we collect about you will be transferred to and stored on our servers located within the EU. We are very careful and transparent about who else your information is shared with.
Sharing your information internally:
Sharing your information with third parties:
We share your information with third party service providers. The types of third party service providers whom we share your information with includes:
If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.
We may also share your information:
International transfers of data:
We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected.
We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
Where you have chosen a password that allows you to access certain parts of the Sites, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact our Data Protection Officer using the contact details set out above. For additional information on your rights please contact your data protection authority and see below.
The right to be informed:
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this policy.
The right of access:
You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (see Contact Details).
The right to rectification:
You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (see Contact Details).
The right to erasure:
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you by contacting us (see Contact Details).
The right to restrict processing:
You have rights to 'block' or 'suppress' further use of your information. When processing is restricted, we can still store your information, but will not use it further.
The right to data portability:
You have the right to obtain your personal information in an accessible and transferable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (see Contact Details).
The right to lodge a complaint:
You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.
The right to withdraw consent:
If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Details). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
The right to object to processing:
You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences, disabling cookies as set out in sections 7 and 8 above or by getting in touch (see Contact Details).
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone number: 0303 123 1113
Quick Commerce Ltd., 1st Floor, Buckhurst House 42/44 Buckhurst Avenue Sevenoaks, Kent, England, TN13 1LZ
What We Collect From You:
CVs and Cover Letters may be submitted to us through recruitment agencies, through our website or to individuals within our organisation. Should they be submitted to any individuals within our organisation they will be passed on to our Recruitment Team and the individual who originally received these documents will immediately delete them from their email. We will store and assess all the information held within your CV and Cover Letter for recruitment purposes only.
Some of the information you may include on your CV and Cover Letter are classed as personal and/or sensitive data:
We process your information according to GDPR regulations.
As part of our recruitment and pre-employment process, we will also review any further information provided to us as part of that process, including from background check providers (if applicable), applicant testing providers, and references from former employers. We do so to assess our applicants. our background check (if applicable) and applicant testing suppliers to the extent it is necessary for them to perform their services to us;
should the CV and Cover Letter have been submitted via a recruitment agency then that agency will have a copy of these documents;
As you have provided the CV and Cover Letter to us, either directly or through a recruitment agency, then you will have consented to us processing the data. To the extent that your CV and Cover Letter contain special categories of data (such as medical information), then you will have explicitly consented to us processing the data.
We will undertake the further recruitment and pre-employment processing based on our legitimate interests:
we have a legitimate interest in recruiting the most suitable candidates for our roles;
to do so, we need to be able to test those candidates to ensure they have the right aptitudes for our roles;
the processing we undertake is limited and concentrates on assessing your abilities in a recruitment context;
Some of our third-party suppliers are based outside of Europe and therefore, some of your data will be transferred there. Further information on how we will safeguard your rights in these circumstances is available from our Data Protection Officer.
We do not make automated decisions using this information.