Privacy Policy

This Privacy Policy sets out the data processing practices carried out through the use of the Internet and the World Wide Web by Zyma.com

Introduction

For the purposes of the Data Protection Act 1998 the Data Controller for this website is Zyma.com. The privacy and security of our customers is important to us.This privacy policy explains how we use the information we collect about you, how you can instruct us if you prefer to limit the use of that information, and the procedures that we have in place to safeguard your privacy.

The information we collect and how we use it

In order to purchase products or services from us, we need to know your name, address, and email address and various other details. We gather this information to allow us to contact you efficiently and deal with your order. The relevant information is then used by to communicate with you regarding our products and services or as otherwise required.If you wish to register for our Mail service you must provide us with your name and email address. From time to time we may provide the information that you have provided in subscribing to the Mail service or in purchasing products or services through the website to our customer service agencies for research and analysis purposes so that we can monitor and improve the services we provide. We may also wish to provide you with information about special features of our website or any other services or products from Zyma.com that we think may be of interest to you. If you would rather not receive this information, please contact us. Your personal data will not be disclosed to any third party without your consent.

Our use of cookies and sessions

Zyma.com uses cookies on this site, collecting information and statistics about the users. Cookies are small pieces of information that are stored on your computers hard drive by your browser. The purpose of gathering such information is to assist us to analyse the use of the website and revise it for the benefit of our customers by making your visit to the site more efficient and to improve and increase the content found to be most popular. Most browsers allow the ookie function to be turned off. If you want to know how to do this, look at the help menu on your browser.

Disclosures

We will not pass your information to any third parties. You can also email us to stop receiving any information about us and our services by clicking here. If you have any queries about our Privacy Statement you should contact us by e-mail. We will never store your financial information including any credit and debit card details that you use to make payment.

Cookies and IP Addresses

Data files that are placed on computer hard drives are known as cookies. These data files allow Web sites to determine if a user is a return customer whenever the user visits the Web site again. These data files may also be used to review how a user uses a Web site. Browsers usually accept cookies automatically, but users may change their browser settings so that cookies can only be accepted by clicking on an accept button.

Personal Data Storage

The data protection principles help to govern how data is stored. Under the eighth principle, any data transfer that is going outside of the EEA is only allowable if the receiving country offers adequate data protection or the data subject consents to the transfer. Consent is most often used to authorize a transfer of data to a country that is outside of the EEA. If data will be transferred outside of the EEA, this should be disclosed in a site privacy policy, along with information about how the data will be processed. Web site operators should also list all of the countries to which personal data may be sent.

Data transfer can include posting information on a site that offers overseas access. Web site operators who publish personal data are most affected by this, as it makes it difficult to list which countries data will be transferred to. Examples of this type of site include forums and discussion groups, where users can contact each other. Auction sites and instant messaging programs are also problematic. Anyone who owns one of these sites should implement a code of conduct for all users so that the privacy of all site users can be protected. This code of conduct can be outlined in the site privacy policy.

Because users want to know that their data will be kept secure, the privacy policy also includes information on the security of data. The Data Protection Act requires data controllers to maintain data security. This information is accompanied by a statement to the effect that data transfers are never completely secure. The standard policy excludes the site operator from liability arising from personal data that is lost during transmission to the site.

Data Usage

Site users must be informed about the purpose of data collection and processing. This information can be general in nature, but data controllers need to outline any obscure uses of data in detail. The privacy policy should also outline whether any data collected will be used for marketing and let users know if the data will be published on the site. Data controllers should consider data transfer when creating a privacy policy, as many users do not want their data shared with third parties.
Any online form that is used to collect data should contain tick boxes that allow users to opt in or opt out. Users may be asked to mark these boxes before their data is submitted so that the Regulations requirements are met. The privacy policy is also an area where data controllers can let users know about the types of products and services that will be marketed in the future using the collected data. This is not required under the law, but should be included so that users can give informed consent for data collection.

The rules for consenting to data collection and processing for the purpose of direct marketing vary based on how communication occurs. The privacy policy allows a Web site operator to list the types of communication that might be used for marketing. These communication methods include e-mail and telephone. If marketing is being done electrically, via e-mail or SMS, there are special requirements that must be followed. Prior to the issue of the Regulations, advertisers could send marketing communications until the recipient expressly requested that they stop sending the communications under section 11 of the Data Protection Act. The Regulations have limited this practice; Regulation 22 makes it a requirement that all electronic marketing be done on an opt-in basis only. The only exceptions are if the recipient’s information was obtained through prior sales or if the communication is related to other goods and services that the recipient has purchased.

Even if these conditions exist, the Web site operator has to give the recipient a way to opt out of future marketing messages, and the user must be provided with information on opting out. The privacy policy was developed to make sure that the site operator is in compliance with this requirement. Any online form that is used to collect personal data should include tick boxes that allow the user to opt in or out of getting marketing information electronically. If the purpose of the data collection changes, the policy must be amended to reflect that change. The amended policy must then be given to data subjects. Web site operators should carefully consider how they might use information in the future so that the risk of having to obtain further consent is minimized. A statement regarding aggregate information on how the site is used is not necessary, but can help in gaining customer trust.

Information Disclosure

Users should be informed if a Web site operator plans to give access to data or sell data to third parties, and the purpose of this disclosure must be given to users. One example of disclosure is selling a customer list to marketing companies or advertisers. Data controllers need to have the ability and authorization to transfer data if a business is being sold.

Your Rights

No information in the data protection laws and regulations prevent consent being withdrawn. However, site operators are not required to remind users that they may object to any type of data processing at any time, unless the site is collecting cookies or marketing using e-mail or SMS. Including this information may help build consumer trust, although a site operator may prefer not to let users know that they have the right to withdraw their consents. If a site has links to third-party Web sites, users may give their data to the third party site’s owners without realizing that the original site privacy policy does not govern this data processing. The privacy policy was developed to inform users that they need to check third party privacy policies when submitting any personal data.

Information Access

Under section 7 of the Data Protection Act, an individual may make a request in writing to be informed if personal data is subject to processing or to be informed of the purposes of such data collection. These requests must be made to data controllers.
In many cases, the person making the request may also ask to receive a copy of any data that is being stored by the data controller, and to be informed about where the data came from. The data controller typically has 40 days to provide this data, and a fee of up to 10.00 pounds may be charged for each request. The privacy policy reminds users that they have the right to request access to their data. This is not legally required, but consumer confidence may be improved if such a statement is included.

Privacy Policy Changes

To ensure that the privacy policy can be continually enforced, it contains a notice that informs users that any changes will be disclosed to them. The Web site operator may not be able to make changes and enforce them retroactively unless the user is informed and gives consent. The Commissioner stated that any changes made will affect how controllers will respect the assurance contained in the change statement. Users who give information prior to a policy change will have done so under a previous version of the privacy policy, so data controllers must be careful to honour any assurances made in that original statement. If a Web site controller wishes to change how personal data is used, the ideal situation would be to get opt-in consent from data subjects by sending them a notice of the new uses and getting their agreement. If someone does not respond to a notification of the change, their consent should not be assumed. It is accepted that it may be enough to inform people about the planned changes and give them the opportunity to disagree. If the new use is not for a new purpose, or if the new use is very similar to the use outlined in the original statement, this will be the case.

Copyright

All contents, this includes images, artworks, and designs on the Zyma.com website are copyright protected.
By submitting your information you consent to the use of that information as set out in this policy. If we change our privacy policy we will post the changes on this page, and may place notices on other pages of the website, so that you may be aware of the information we collect and how we use it at all times.