Who we are
Our core principles about your data:
- User privacy and data protection are human rights
- We have a duty of care to the people within our data
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or make public your personal information
Our Commitment to Legislation
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
- Australian Privacy Act 1988 (APA)
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer at firstname.lastname@example.org
What personal data we collect and why we collect it
We only collect information that will better provide our customers with a better experience. This includes both browsing visitors and purchasing visitors. Please see our oultined data collection.
Site Visitation Tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see third party list below)
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
When making a purchase for any item on our website, we will ask you to provide data on yourself. You will be asked to complete your name, billing and shipping addresses, as well as an email address. This information is used purely to allow us to complete your purchase, and send the product, or products to you. Your provided shipping address will be used with third party shipping companies. We ensure that all shipping companies we share your address with are also GDPR compliant. This information is not used for any account creation or for any email newsletters. The creation of an account with Zara’s Watersports is covered in the below section.
We utilise the third party API Square payments as our payment gateway. Square payments process all payment data on zara’s watersports and we do not have access to square payments data. All square privacy policies can be viewed (here).
You have the option to create an account with zaraswatersports.com the creation of an account allows you to track your previous orders, as well as checkout quicker. The information required for an account includes, your name, email and address. All data is used only for the creation of your my account, and is not used for an email newsletters.
Your my account can be deleted at any time, as per your rights. This deletion removes all data we have on your my account.
Should you choose to contact us using the contact form on our contact us or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined in section 6.0. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
As previous we do not share your information we hold with anyone else. As previous outlined we utilise Google Analytics and Square Payments as our third party vendors. Please see the corresponding sections in relation and links to there privacy policies.
How long we retain your data
If you purchase an item from our website your information will be stored for a minimum of 3 years. This allows us to comply with standard British accounting practises. The stored information also allows us to process any returns and warranty claims you may have.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Your contact information
For any additional information about our privacy policiy please feel free to contcat us at:
66 Main Road
How we protect your data
All data we store is located on our hosting partners servers. Our hosting partner is Nethosted.
All of our web servers are located right here in the UK. Our UK data centre is an ultra secure, state-of-the-art facility in Newbury, Berkshire. An ex-US Air Force nuclear bunker it features 3m thick reinforced concrete walls, solid steel doors, CCTV system with 24-hour video recording, Electro Magnetic Pulse (EMP) protection and more to ensure your websites and data are kept safe and secure.
Nethosted terms can be seen (here)
What data breach procedures we have in place
If we or our hosting partner incurres a breach in data security. You will be informed via email within 72hrs of the brach, outlining the data that could of been breached, and procedure of what you should do next.