Simon Jones t/a Zako Media
Rev 1.1 25 May 2018
This policy explains why, when and how we collect
personal information from the people who visit our website, sign up or purchase
any of our services or request or contact us in any other manner. The policy
also details the conditions under which we may disclose the information to
others and how we keep it secure.
While we encourage clients to read our privacy
policy in full, we do have several base principles we operate by:
We will never sell
your data on.
We will never share
your data for marketing to by any third parties.
We will always keep
your personal data secure using strong encryption, abiding by data protection
rules and by implementing good security practice.
policies have been adhered to since business foundation in 2004 and has always
been the case. If you are ever
concerned or have question about how your personal
data is collected or used, please contact me at email@example.com
trading as Zako Media is a UK based web hosting
business operating from the address:
sets out the basis on which any personal data we collect from you, or that you
provide to us, will be processed by us. Please read the following carefully to
understand our views and practices regarding your personal data and how we will
purpose of the Data Protection Act 1998 (the Act) and GDPR (General Data
Protection Regulation), the data controller is Simon Jones, 39 Gwynfor Road, Cockett, Swansea, SA2 0XF
collect data about you in the following ways:
By filling in forms on our website, this includes
information provided at the time of registering to use our websites,
subscribing to any of our services, posting material or requesting further
If you contact us, we will keep a record of that
If you are
simply viewing our website then we will collect the following information
within our logs: IP Address. This information is held for 1 month on the live
server then a further 2 months in backups. Some IP addresses will be processed
by a program called failtoban, this blocks IP
addresses from being able to access the server. IP addresses are kept
indefinitely but are not linked to any person or individual.
If you sign
up to use our services we will then collect the following information:
actively collected we may store any other personal information that you may
disclose during live chat, tickets or emails.
IP address information for security (DDoS prevention, anti-hacking and fraud
prevention), diagnostics and statistical analysis of traffic used for
improvements to the performance and usability of our services, for GDPR
purposes we collect this information under legitimate interest.
A cookie is
a small file saved on your computer that is used to help store preferences and
other information that is used by websites you may visit.
cookies for the Following:
Analysis of traffic to our website via Google
Analytics (see Google Analytics).
register with us or if you continue to use our site, you agree to the use of
block cookies by activating the setting in your browser which allows you to
refuse the setting of all or some cookies.
may issue cookies as soon as you visit our site.
that we collect from you is stored in the UK and Germany but it may be
processed by staff operating outside the EEA (European Economic Area) who work
for us or for one of our suppliers. Such staff may be engaged in the provision
of support services while working abroad. By submitting your personal data, you
agree to the processing of this data outside of the EEA. Our primary server is
based in Leeds, UK, however the company can and may move data to its secondary
Germany based servers. Backups are accessed and stored using a self-managed
system in Swansea UK.
We take all
steps necessary to ensure that your data, regardless of where it is processed,
(General Data Protection Regulation).
We treat all
data with the utmost care and take appropriate steps in compliance with data
protection regulation to ensure it is kept safe.
All data is stored behind firewalls managed by
Heart Internet and Zako Media
All systems storing personal data have access
All passwords are encoded at rest.
All systems are subject to regular penetration
testing and are monitored for vulnerabilities and attacks.
information held about you in the following ways:
To verify your identity.
To provide you with the products and services you
have purchased from us.
To carry out our obligations arising from any
contracts entered into between you and us.
To ensure that content from our site is presented
in the most effective manner for your device.
To respond to queries.
To provide you with information, products or
services that you request from us where you have consented to be contacted.
To notify you about changes to our services.
To send you marketing emails where you have
given explicit consent.
To display personalised Ads from us.
To prevent fraud.
To detect, prevent and diagnose potential security
protection law sets out the conditions under which personal data can be
collected and which we use as the basis for collection and processing, these
purchase a service, we need to collect personal data to fulfill
our legal contractual obligation, for example: so we can manage and invoice
your account and contact you for technical support purposes.
requires we collect and process data for certain purposes such as for keeping
financial records (i.e. invoicing) and that we can comply with law enforcement
requests for data.
data under legitimate interest in a way that is reasonably expected as part of
the day to day running of our business.
we collect and log IP addresses for fraud protection and security as well as analysis
of our site usage.
will be kept until it is no longer required for the purpose of its collection.
At the end
of the retention period the data will either be deleted or anonymised so it can
no longer be linked back to an individual.
data linked to purchases or any other financial transaction are kept for a
minimum of 6 years as required by UK law to retain financial data.
websites we use a number of third-party services for functionality such as
email sign-up and payment processing. The following is a list of companies we
share data with on a day to day basis. This list does not include services we
share anonymous data with or that provide services on an ad-hoc basis such as
IT contractors. All the suppliers below have been carefully selected to ensure
they provide suitable protections under GDPR.
Internet provide the infrastructure use to host all our websites. They donít
have specific personally identifiable information, however they hold all
databases and web content on my behalf and occasionally need to access it for
support services. This data is never used for contact or distribution. Heart
Internet may use this information to identify you in the case of catastrophe.
Many emails received will be filtered
through Gmail with 2 factor authentication. This includes invoices, personal
contact details and conversations. As contacts and data are finished with,
these are being phased out.
websites we use Google Analytics to collect anonymous data about the users of
our sites such as how often they visit, what pages they visit, what time they
visit, how long the stay and what country they are visiting from.
This data is
collected using cookies and from your IP address, the resulting statistics are
used for the following purposes:
Improving website usability
Tracking the success of marketing campaigns
prevent Google Analytics from collecting this information by installing the
google opt-out browser addon: https://tools.google.com/dlpage/gaoptout
To learn how
Google uses data collected from our own and partner sites please see the
following link: https://policies.google.com/privacy/partners?hl=en-GB&gl=uk
disclose your personal information to third parties:
If Zako Media or substantially all of its assets are acquired
by a third party, in which case personal data held by it (Zako
Media) about its customers will be one of the transferred assets.
If we are
under a duty to disclose or share your personal data in order to comply with
any legal obligation, or in order to enforce or apply our terms and conditions
of supply Terms and Conditions and other agreements; or to protect the rights,
property, or safety of our customers or others. This includes exchanging
information with other companies and organisations for the purposes of fraud
protection and credit risk reduction.
(General Data Protection regulation) you have a number of rights relating to
your personal data, these will come into force on the 25th May
2018, for further information please see https://ico.org.uk
You have the
right to request we restrict processing of your personal data where there is no
legitimate interest for us to do so:
accuracy of the personal data is contested, to restrict the processing until
such time as the accuracy has been sufficiently verified.
object to the processing (See Right to Object), and where we are considering
whether there are legitimate grounds to override the request.
processing is unlawful and you oppose erasure and request restriction instead.
If we no
longer need the personal data but you require the data to establish, exercise
or defend a legal claim.
exercise the right at any time by contacting our team (see Contacting
Access (Access to Information)
The GDPR Act
gives you the right to access information held about you.
exercise this right by contacting us (see Contacting Us).
required to verify your identify before processing any right to access request,
once verified the data shall be provided within 28 days.
shall be provided free of charge however an admin fee may be applied where a
request is manifestly unfounded or excessive, particularly if it is repetitive.
individual you have the right to request the erasure of any data we hold on
you, this is not an absolute right, for example it does not override our
requirement under UK law to keep financial data such as invoice information.
You can make
a request where your personal data is no longer necessary in relation to the
purpose for which it was originally collected/processed, for example if you
cancel all services you have with us.
To make a
right to erasure request please contact our customer services team (see
provides the right to have any personal data rectified that may be incorrect or
can update their own personal details via the client area however if this is
not sufficient please contact our customer services team (See contacting Us).
You have the
right to object to the processing of your personal data where there is no
legitimate or lawful reason to do so.
To make a
right to object request please contact our customer services team (see
contact us in the following ways:
customers can contact us by creating a ticket through their client area.
Email us at
Or write to
us at: Simon Jones t/a Zako Media, 39 Gwynfor Road, Cockett, Swansea, SA2 0XF
will make every attempt to rectify any situation, where you feel your data has
not been handled appropriately you have the right to contact the regulator. In
this case the regulator is the Information commissionerís office (ICO).