Privacy Policy
Who We Are
Zenova Group Plc
Registered office: 172 Arlington Road, London NW17HL
What Information Do We Collect About You?
- Name, email, phone and your enquiry via our contacting form; and
- IP address/MAC address when you use the website.
We collect information about you when you register with us or place an order for products or services. We also collect information when you voluntarily complete customer surveys, provide feedback. Website usage information is collected using cookies.
How Will We Use The Information About You?
We need your name and contact details in order to answer your enquiry and we process this data with your consent. We need your IP address and MAC address for security reasons, and this is a legitimate activity for a business. We will hold your personal data that we collected to answer your queries for 6 (six) weeks after answering you, in case you have additional queries.
Moreover, we collect information about you to process your order, manage your account and, if you agree, to email you about other products and services we think may be of interest to you.
We may send your details to, and also use information from credit reference agencies and fraud prevention agencies.
Marketing
We will not share your information for marketing purposes with companies outside Zenova Limited.
We would like to send you information about our products and services which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.
You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the Zenova Limited.
If you no longer wish to be contacted for marketing purposes, please email: info@zenovagroup.com
Do We Use Any Automated Decision Making?
We do not use any automated decision making.
Do We Transfer Your Personal Data Outside Of The EEA?
We do not transfer your personal data outside of the EEA.
Your Rights
You have rights in respect of our processing of your personal data which are:
- To access your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- we no longer need it;
- if we are processing your personal data by consent and you withdraw that consent;
- if we no longer have a legitimate ground to process your personal data; or
- we are processing your personal data unlawfully
- To object to our processing if it is by legitimate interest.
- To restrict our processing if it was by legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us at info@zenovagroup.com
If you have any questions or concerns, please contact us as most matters can be resolved informally in the first instance.
You also have the right to lodge a complaint about our processing with the UK’s Information Commissioner`s Office.
Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
Other Websites
Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.
Changes To Our Privacy Policy
We keep our privacy policy under regular review, and we will place any updates on this web page. This privacy policy was last updated on 23 March 2021.
How To Contact Us
Please contact us if you have any question s about our privacy policy or information we hold about you:
- By email: info@zenovagroup.com
- By post: Zenova Group Plc, 172 Arlington Road, London NW17HL
- Therefore, the reporting obligations only apply to personal data. It also only applies to living people.
- When considering whether a personal data breach has occurred, the following three factors should be considered:
- A confidentiality breach is where there is an unauthorised or accidental disclosure of, or access to personal data.
- An integrity breach is where there is an unauthorised or accidental alteration of personal data. This can include hard copies being damaged by fire or flood.
- And availability breach is where there is an accidental or unauthorised loss of access to, or destruction of, personal data.
- Not all three abovementioned factors need to be present for it to be a data breach. Any of these factors alone can be sufficient for a personal data breach. Each case will depend on its own facts.
Reporting To ICO
- When a personal data breach has occurred, you need to establish the likelihood and severity of the resulting risk to people`s rights and freedoms.
- Although a data breach may have occurred, not every personal data breach needs to be reported to the ICO.
- Adverse effects and risks of not addressing a personal data breach in an appropriate and timely manner can result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned would be considered a likely risk.
- The Company must report a notifiable breach to the ICO without undue delay and not later than 72 hours after becoming aware of it.
- If it`s likely that there will be a risk, then the Company needs to notify the ICO. If a decision was made that the breach doesn`t need to be reported, then the Company needs to be able to justify such decision and it should be documented.
- When deciding whether to notify the ICO the following factors should be considered:
- severity;
- type of breach (e.g. is the breach a disclosure or loss of data?);
- sensitivity (e.g. is the data related to medical information?);
- how easy is it to identify individuals from that data;
- potential consequences;
- any special characteristics of the individual (e.g. did the data that was compromised belong to a vulnerable individual?)
- When reporting a breach to the ICO the following information must be provided:
- a description of the nature of the personal data breach including, where possible:
- the categories and approximate number of individuals concerned; and
- the categories and approximate number of personal data records concerned.
- the name and contact details of the data protection officer or other contact point where more information can be obtained;
- a description of the likely consequences of the personal data breach;
- a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including where appropriate, the measures taken to mitigate any possible adverse effects.
Reporting To Individuals
- If a breach is likely to result in a high risk to the rights and freedoms of individuals, the Company must inform those concerned directly and without undue delay.
- A “high risk” means the threshold for informing individuals is higher than for notifying the ICO. The Company will need to assess, both, the severity of the potential or actual impact on individuals because of a breach and the likelihood of this occurring. If the impact of the breach is more severe, the risk is higher; if the likelihood of the consequences is greater, then, again, the risk is higher. In such cases, the Company will need to promptly inform those affected, particularly, if there is a need to mitigate an immediate risk of damage to them. One of the main reasons for informing individuals is to help them to take steps in protecting themselves from the effects of a breach.
- In its response the Company would need to describe, in clear and plain language, the nature of the personal data breach and, at least:
- the name and contact details of the data protection officer or other contact point where more information can be obtained;
- a description of the likely consequences of the personal data breach; and
- a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.
Reporting To Individuals
- The Company will ensure that it records all breaches, regardless of whether or not such breaches need to be reported to the ICO.
- Article 33(5) of the GDPR requires the Company to document the facts relating to the breach, its effects and remedial action taken. This is part of the Company`s overall obligation to comply with the accountability principle and allow to verify the Company`s compliance with its notification duties under the GDPR.
- As with any security incident, the Company will investigate whether of not the breach was a result of human error or systemic issue and see how a recurrence can be prevented – whether this is through better processes, further training, or other corrective steps.