Privacy Policy
This Privacy Policy is designed to inform you about how we collect, use, and protect your personal data. We strive to be transparent in our practices, ensuring that you have a clear understanding of how your information is handled.
Please take a moment to review this policy carefully, as it outlines the types of information we may collect, the purposes for which we use it, and the measures we take to safeguard your data. By using our services, you agree to the practices described in this Privacy Policy.
We are committed to maintaining the confidentiality and integrity of your information and keeping you informed about any changes to our privacy practices. If you have any questions or concerns after reading this notice, please don't hesitate to contact us at dpo@zipworld.co.uk.
Who We Are
The data controller for your personal data (information) is ZWPV Limited the parent company of Zip World Limited (Zip World). ZWPV Limited is registered with the UK's Information Commissioner's Office (ICO), our registration reference is: ZB275755
Our Contact Details
Zip World Basecamp
Denbigh Street
Llanrwst
Conwy
Ll26 0LL
Our Relationship With You As A Data Controller And Data Subject
When you are booking Activities or accommodation through our website Zip World is the data controller and you are a data subject.
The Data We Collect From You
Personal Data
We collect your personal details including your name, address, email addresses, telephone numbers, title and country of residence. If you enter a competition or interact with us on social media, we may collect your social media identifiers. We sometimes check this data using publicly accessible sources used to verify identity.
If you are part of a group of, we may collect personal details of members of your party. It is your responsibility as the lead booker to inform them of this privacy policy and that you have provided their data.
We have to collect some of this personal data from you to create and maintain an account for you on our systems. We manage our interactions with you using an account system and we will tell you when additional information is required for us to provide our services.
We collect financial data including transactions we have made with you, but we do not generally collect or retain payment card details as this processing is outsourced but we may (if you consent) retain an authorisation to charge a payment method.
We record calls to or from our call centre. This will include the number dialled or called from as well as the recording itself. We use these recordings for training purposes, fact verification. In a similar way we retain transcripts of live chats, text messages and other social media direct messaging that we send to you, or you send to us.
If you have booked with us through another website such as booking.com, Buy-a-Gift, Virgin Experience Days, Expedia.com then we will receive your personal data from them rather than collecting it from you directly. The personal data we receive depends on the relevant website and their own privacy policy.
We also collect personal data from you about other people who are in your party. You are responsible for telling them that you have given us their personal data to facilitate a booking, which is governed by this privacy policy. Where you provide us with information about children you are responsible for gaining the relevant consent from them or their parents/guardians.
We collect data for marketing and website management purposes including details of how you have used our website, your responses to surveys and feedback requests, your marketing preferences and your cookie consents.
We collect technical data including internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. Some of this personal data is used for website management and marketing purposes.
Special Category Data
In certain instances, we may collect special categories of personal data to provide you with specific services or to comply with legal obligations. This may include information about your current and historical health conditions to evaluate your eligibility for participating in our adventures when speaking to you over the phone.
It may also be necessary to collect additional details from you should an accident occur whilst on site.
What We Do With Your Personal Data And Our Legal Basis For Doing So
Providing Our Services To You
Booking and Reservation Purposes:
We use your personal data to facilitate the booking process, ensuring that your reservation is confirmed, and necessary arrangements are made for your participation.
Legal Basis: Performance of a contract – processing your personal data is necessary for the fulfilment of our agreement with you.
We may provide you with access to a customer portal on our website. This uses your personal data to provide you with information about your bookings and the feedback you have given and to give on site offers, that are personalised to you.
We do this either because it is necessary for the performance of our contract with you or because it is in our legitimate interests of providing an excellent service to give you information you want in a way that enables us to remain a successful business.
We will also communicate with you by any means (including email, SMS and phone) about changes to our terms and conditions, your contract with us or changes to our Privacy Policy or other policies that may affect you. This is on the basis of compliance with a legal obligation and/or because it is necessary for the performance of a contract with you.
We may contact you if you didn’t complete an order with us on our website. We use Soft Opt-in (also known as legitimate interests) to inform you about items and services that may interest you based on incomplete orders we hold.
Sending You Information And Advertising Our Services And Performance
Marketing And Sales Materials
We will use your personal data to personalise our advertising and marketing in relation to future bookings or related products. We do this on the basis of legitimate interests using SMS (text), email, postal communications and telephone calls. You can opt-out of digital messages at any time by clicking the relevant opt-out link, or by informing the staff during a during a telephone conversation. You can also change your preferences by changing your preferences in the customer portal or by emailing dpo@zipworld.co.uk and telling them that you wish to opt-out of marketing communications. Opting out of marketing communications does not affect Zip World sending you transactional emails concerning your bookings and other requests.
You may also be eligible to enter competitions or to take part in loyalty schemes or promotions. We will process your personal data to check your eligibility and to provide these services on the basis of legitimate interests.
Zip World will never knowingly request details from or market to anybody under the age of 18. Should an adventure require details of any person under the age of 18, these details must be provided by a parent or legal guardian. Further details of these requirements will be present on any forms relating to the event.
Marketing and sales materials for customers of businesses that we acquire
We will rely on our legitimate interests as the acquirer of the business to process your personal data in line with the privacy policy of the company you have a contract with.
Our Legal Obligations
We are subject to certain legal obligations and we may need to process your personal data to comply with these legal obligations from specific reporting that may be required to general legal obligations This may involve co-operating with public sector organisations such as government agencies, local government, and regulators like the ICO.
Financial Information
We will process your personal data to manage payments, collections, fees, and charges. We do this because it is necessary for the performance of our contract with you.
General Business Purposes
We may process your personal data for security purposes (including cyber security) and to generally administer our business including for group reorganisations, system maintenance and reporting, preparation of our accounts, the generation of aggregated information for public disclosure, training our staff, auditing of our accounts and processes, verification of compliance with laws and regulations and other internal administration. We will normally do this the basis of legitimate interests
Behaviour Analysis
As a technology driven company, we have a strong legitimate interest in understanding consumer behaviour, and we use various technologies to do so. This will not generally involve use of directly identifiable information such as your name or email address but may include use of IP addresses or cookie information (where you have not declined the use of cookies). We do this because it is in our legitimate interests both to improve the user experience and but to maintain the security of our systems.
Customer Service
Where you make a complaint or have a query, we will need to process your personal data. We do this because it is necessary to fulfil our booking conditions which are part of the contracts between us and you. Where you make queries, we will also need to process your personal data to answer. We may use our call recordings for fact verification in customer service queries.
User Experience Research
We may use your personal data to select people for user experience or market research related to our services, websites, or customer services. We will generally provide you with further information about use of your personal data relating to the particular study we are carrying out at the time. We will not use your information for direct marketing purposes when we perform research. We do this on the basis of our legitimate interests in having robust information about our performance and future trends in the market.
Who We Share Your Data With
IT Service Providers
Our technology is mostly hosted in the cloud, and we use a number of service providers such as Microsoft, Guestline, Viewpoint, Ticket Plan and Fuse Metrix to support our websites and other technology stacks. Most of these companies will be data processors acting entirely on our instructions. Some of these companies will not be in the EEA. Where required we will put in place appropriate safeguards such as Data Processing Agreements and if needed International Data Transfer Agreements (IDTAs).
Professional Advisors
We use external auditors, legal advisors, insurers and banks among others who will sometimes receive your personal information. The services they provide may be based outside the EEA.
Public Authorities
This may include law enforcement bodies, the courts, regulators, government and local government bodies and agencies, HMRC and other public bodies.
Payment Services Providers
We use specialist companies to process payment card details. Currently these include:
- Paya Card Servies
- Klarna
- Payment Sense
- DoJo
- Apple Inc
- Google LLC
This list may change, or be added to, over time.
Marketing Partners
We use many service providers to assist in our marketing efforts or to leave reviews. These include:
- CTI Digital
- Shuttlerock
- Quod
- FuseMetrix
- Force24
- Honcho
- Golly Slater
- Guestline
- BrandSwap
- MentionMe
This list will be updated over time.
Photos And Videos Partners
Viewpoint Videos provide an automatic photo and video recording service during your adventure. Cameras are located throughout our site, and you will be recorded during each adventure. Viewpoint will then use the images to create a personalised video of your experiences for you to purchase. Viewpoint uses automatic recognition software to be able to identify you across our different adventures.
You do not need to make a purchase, but your image will still be recorded. If you make a purchase, your data will be held for up to 12 months. If you do not make a purchase, your data will be deleted after 30 days.
In addition, Zip World operates live streaming cameras on some of our adventures to capture your image to display on screens across the site. Images from these cameras are not recorded or broadcast off-site.
Third-party Booking Providers
These include, but are not limited to, AirBnB, Booking.com, TripAdvisor, Expedia and similar companies. They may also pass the information on to other advertising partners.
International Transfers Of Your Personal Data
Where we need to transfer your personal data outside the EEA we will either transfer it to a country that meets Data Protection Adequacy or put in place an IDTA. Where the supplier is based in the USA, we will be relying on the UK-US data bridge.
How Long We Keep Your Data
We keep different categories of personal data for different time periods depending on what they are used for, and we seek to securely remove of what we do not need as early as possible. We are required to keep some information for longer periods by law and we keep some because it is in our legitimate interests.
As a guide, you can expect us to retain enough data to identify you for seven years after you last interacted with us, or we had a commercial relationship with you. After this time your data will be anonymised in our systems.
While we have a commercial relationship with you, we retain full records, including data from more than six years ago and if we reasonably contemplate there may be litigation or there has been a complaint in relation to your booking, we may retain information beyond the six-year standard.
It may also be necessary to collect additional details from you should an accident occur whilst on site. These details will be retained in line with our obligations under UK law and our insurers. The required retention periods for this personal data varies depending on the individual as below.
Details of incidents involving minors may need to be retained for up to three years following their 18th birthday.
Information concerning incidents involving adults will be retained for no longer than 5 years following the incident unless there is a legal obligation to keep longer.
Your Data Subject Rights
Right Of Access (Subject Access Requests)
You have the right to ask us for a copy of the personal data we hold about you or any part of that personal data along with some further information about how we process it and keep it safe. We are allowed to ask you for more information about your identity and to ask you to narrow down your request to help us find your personal data. You cannot make an access request for someone else’s personal data without their written authorisation.
Right Of Erasure (Right To Be Forgotten)
This is not an automatic right and does not always apply. We will erase your personal data if it is no longer needed or if you object to marketing and/or withdraw your consent and there are no other data processing options available like contractual.
We will also not delete your personal data if there is an ongoing complaint, if there has been a complaint in the last year, or if we reasonably believe there may be legal action taken in relation to the contract by us, you, or a third party.
We will erase your personal data if we have processed it unlawfully, if you have successfully objected to the processing of your personal data and/or if we have a legal obligation to do so.
If your concern is about marketing communications, you can easily opt-out of digital marketing communications by clicking the opt-out link and for all others by emailing: dpo@zipworld.co.uk
Right To Rectification
You always have the right to require us to make sure that the personal data we hold about you is accurate. Please let us know if it is not and we will amend. Where we disagree that it is wrong, we will tell you why and give you the opportunity to provide evidence that we have made a mistake.
Right To Restriction
Where you have objected to our data processing, and we are still in discussions or there is a dispute over the accuracy of the personal data or we have agreed our processing is unlawful but you wish to preserve evidence or you require the personal data for a legal claim you can ask us to restrict processing, so that we can only continue to store it.
Right To Data Portability
Where our basis for processing your personal data is for the performance of a contract or based on another legal basis you can ask us to provide your data in a machine-readable format for transmission to another data controller.
General Right To Object
Where our basis for processing your personal data is based on legitimate interests you can object at any time and the Data Protection Officer will consider whether the company has an overriding legitimate interest that would mean we would continue to process your data or whether we should stop. You should note that legal claims would generally be regarded as an overriding interest.
Right To Object To Direct Marketing
This is an absolute right, and you can exercise it at any time by getting in touch with us.
Right To Appeal An Automated Decision
If we have made a decision purely by automated means, generally meaning a computer made the decision, you can ask us to have that decision reviewed by a human. We will tell you when a decision has been made by purely automated means.
Right To Withdraw Consent
Where our data processing is based on consent you can withdraw that consent at any time. However, any changes take effect from when you withdraw consent, it does not apply retrospectively.
Exercising Your Rights
You can ask our customer services team on the phone to exercise your rights, send an email to dpo@zipworld.co.uk or drop us a letter to our postal address at Zip World Basecamp, Denbigh Street, Llanrwst, Conwy, LL26 0LL, United Kingdom.
Normally we will complete your requests within one calendar month, but for particularly complex requests, it may take longer. We will let you know if there will be any delays.
Making A Complaint
Any complaint about our data processing should be sent to the Data Protection Officer in the first instance who will investigate and respond to you directly. The Data Protection Officer acts independently of the management of the company in considering complaints about Data Protection.
You always have the right to complain to the regulator and for all customers this is the Information Commissioner’s Office (ICO) whose details can be found at www.ico.org.uk
The ICO will expect you to have complained to us first and to have given us 30 days to respond and will refer you back to us if you have not. We would also really appreciate the opportunity to try and resolve your complaint first because we would prefer to deal with matters amicably where we can.
Automated Profiling
For marketing and recommendation purposes, we may process your personal data using legitimate interests in ways that tell us what you are likely to want to see from us and what products may interest you. We may also make certain offers available to you on this basis. This profiling is automated and may use Machine Learning or Artificial Intelligence tools to give us the results.
Links To Other Websites Or Social Media
Our website may include links to and from third-party websites, social media, plug-ins and applications. By clicking on these links or enabling connections you may be allowing third parties to collect or share your personal data. We have no control over these third-party websites, plug-ins or applications and are not responsible for their privacy policies, therefore you should also read their privacy policies to understand what personal data they collect about you and how they use it.
Cookies
We employ cookie technology to help log visitors to our web site as well as to enable certain functions of our web services such as logging in to secure areas and processing registrations. Cookies are pieces of data that are often created when you visit a website, and which are stored in the cookie directory of your computer. A number of cookies may be created when you visit Zip World websites.
The Zip World website uses Cookie Bot which allows you to disable all cookies apart from Strictly Necessary Cookies, when you first visit the website.
Certain browsers also provide the option to accept or decline cookies. This is a global setting that applies to every website you visit. If you do switch off cookies at a browser level, your device won't be able to accept cookies from any website. This means you will struggle to access the secure area of any website you use, and you won't enjoy the best browsing experience when you are online.
You may wish to visit http://www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer as well as more general information about them.
The type of cookies used on most websites including zipworld.co.uk can generally be put into 1 of 4 categories, based on the International Chamber of Commerce guide to cookie categories: Strictly Necessary, Performance, Functionality and Targeting.
Strictly Necessary Cookies
These cookies are essential and enable you to move around the website and use its features, such as accessing secure areas. Without these cookies, the services you've asked for can't be provided. These cookies don’t gather information about you that is used for marketing or remembering where you've been on the internet.
Performance Cookies
These cookies collect information about how you use a website, for example which pages you go to most often and if you get error messages from certain pages. These cookies don’t gather information that identifies you. All information these cookies collect is anonymous and is only used to improve how a website works. These cookies are not used to target you with online marketing. Without these cookies we can't learn how our website is performing and make relevant improvements that could better your browsing experience. We use Meta pixels on our site to track conversations from our Meta advertising.
Functionality Cookies
These cookies allow a website to remember choices you make (such as your username, language or the region you're in) and tailor the website to provide enhanced features and content for you. For instance, a website may be able to provide you with local weather reports or traffic news. These cookies can also be used to remember changes you've made to text size, font and other parts of pages that you can customise. They may also be used to provide services you've asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track your browsing activity on other websites. Without these cookies, a website cannot remember choices you've previously made or personalise your browsing experience.
Targeting Cookies
These cookies are used to tailor marketing to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website, and this information may be shared with other organisations such as advertisers. Although these cookies can track your visits to other websites, they don’t usually know who you are. Without these cookies, online advertisements you encounter will be less relevant to you and your interests. We use Facebook re-targeting pixels to serve you advertising that may be relevant to you and your interests and help us measure the effectiveness of our advertising.
Log Files
When you visit a Zip World website, we collect web statistics concerning your visit which are stored in a log file. Log files allow us to record visitors’ use of the site as well as monitor site performance and address any errors. The web teams use analytics to record visitors’ use of the site and use this information to make changes to the layout of the website and to the information provided on the website. Log files do not contain any personal information and they are not used to identify any individual patterns of use of the site.
This Privacy Policy only covers websites and personal data maintained by Zip World Limited and does not cover other personal data or websites linked to or associated with our websites.
Changes To Our Privacy Policy
We may change our Privacy Policy from time to time in line with Data Protection legislation and industry standards. We may not be explicitly notifying all website users about these changes and therefore recommend that you check this Privacy Policy occasionally for any changes. Below is a change log of all revisions made.
- 04/05/2018 – Privacy Statement Created
- 14/05/2018 – Updated to include marketing consent retention period.
- 05/06/2018 – Updated customer record retention period
- 17/07/2018 - Updated information on use of Facebook Pixels
- 20/07/2018 – Updated information on use of Facebook re-targeting
- 23/10/2018 – Updated to include timeframe for unsubscribe process.
- 08/08/2019 – Updated to include Revl video capture.
- 09/06/2023 – Updated to include Viewpoint video capture and remove Revl.
- 05/07/2024 – Full review and updating to Legitimate Interests