Last update: September 2020
Outspoken Logistics t/a Zedify (“Zedify”, “we” or “us”) holds personal data on its clients. This Client Data Privacy Notice details the personal data Zedify may retain, process and share with third parties relating to your business and any data associated with your deliveries. Zedify is committed to ensuring that your information is secure, accurate and relevant. To prevent unauthorised access or disclosure, we have implemented suitable physical, electronic, and managerial procedures to safeguard and secure personal data we hold.
We respect the privacy rights of individuals and are committed to handling personal information responsibly and in accordance with applicable law. This Notice sets out the personal information that we collect and process as a data processor, the purposes of the processing and the rights connected with it. Zedify are also considered a Data Controller for some personal data, including data we store in relation to the creation and access of user accounts, administration, the methods of processing and service access.
We’re confident that you’ll find the information that you need in this policy but please don’t hesitate to get in touch if you have any questions or concerns.
Who we are
- The Zedify group of companies operate under the umbrella of Outspoken Logistics Ltd, a limited company registered in England & Wales number 9493049, whose registered address is The Bike Depot, 140 Cowley Rd, Cambridge, CB4 0DL. Our VAT number is 281983856.
- Zedify is the brand name of Outspoken Logistics and its use is licenced to a variety of companies who operate under the same set of business processes under a licence or franchise agreement. The details of these companies can be found on our website: www.zedify.co.uk.
Types of personal information we collect
Zedify may collect personal information about you when:
- You use our services through our network of collection and delivery partners
- You use our website
- You contact us
- You are a recipient of our services
We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
We may collect the following types of information:
- Your name
- Email address
- Landline Telephone Number
- Mobile Telephone Number
- Proof of delivery in the form of a signature or photo of left safe location
- Company IT information required to provide access to Zedify systems and networks such as IP addresses, log files and login information
- Information about current, past and prospective employees; customers (including any 3rd party information provided by them), suppliers and supporters.
Purposes for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you (i.e. provision of services), or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
Zedify have policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed without authorisation and only accessed or used for specific legal purposes.
Zedify collect and use this personal information for supporting and managing our delivery service for our clients’ customers – for example address, telephone and delivery instruction.
To collect and deliver goods that you have requested from third parties.
We primarily process this personal information through an online delivery portal (we call ‘ZAPP’), which is a tool that helps us to manage all of our deliveries. This portal has been built specifically for us by our ISO accredited partners, Skotkonung Ltd.
Skotkonung hold strong security requirements to ensure that all appropriate security controls are in place to protect personal information. (see also Annex A)
We use this personal information when it is necessary for the provision of our services, in line with the purposes agreed upon between our client and Zedify.
For advertising and marketing purposes
With your permission and/or where permitted by law, we may use your data for marketing purposes which may include contacting you with information, news and offers on our products and/or services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
In some cases, we will need to use your personal data to fulfil a legal obligation (for example, if we receive a legitimate request from law enforcement agencies), and in other cases (such as the detection of fraud or ensuring the security of the site) we will rely on our legitimate interests as a business to use your data in this way.
We may also collect and use personal information when it is necessary for other legitimate purposes, such as to help us conduct our business more effectively and efficiently – for example, for general IT security management when auditing access of our platforms. We may also process your personal information to investigate violations of law or breaches of our own internal policies.
How do we collect personal information
Zedify collects personal information:
- From our delivery and collection partners. e.g. when you order goods from a third party, that party may pass your information on to Zedify in order to ship your consignment and for further processing.
- From consignments that pass through our sortation systems – we may collect information from the outside of parcels e.g. name and address information so that we can route them through our networks for delivery to the addressee.
- Directly from recipients. e.g. If you submit an enquiry through our website, or contact us directly via. email or telephone.
- When our services are provided together with one of our licensees, the information is collected by them in order for us to provide you with the product or service.
- Directly from job applicants e.g. if you submit a job application to us directly or through our recruitment partners.
- If you connect your social media accounts via our website or any of our apps, certain personal data from your social media account will be shared with us which may include personal data that is part of your profile or your friends’ profiles;
Third parties whose content appears on our Site may use third party Cookies, as detailed below. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to check the privacy policies of any such third parties.
Through your browser or device or through our servers:
Certain information is collected by most browsers or automatically through your device, and we also collect your IP address (this enables us to recognise your computer or device when you use the site) via our server log files.
Who we share personal information with
We take care to allow access to personal information only to those who require such access to perform their tasks and duties in relation to the provision of our services, and to third parties who have a legitimate purpose for accessing it to support these purposes. Whenever we permit a third party to access personal information, we will implement appropriate measures to ensure the information is used in a manner consistent with this notice and that the security and confidentiality of the information is maintained.
Transfers to other Zedify group companies
As a franchised network of operators, Zedify subcontracts last mile delivery to our network of depots around the country. Each depot only receives the information it needs to deliver the service in that area and all data is processed through our main delivery portal, ZAPP. See also Annex A
Transfers to third-party service providers
In addition, we make certain personal information available to third parties who provide services to us. We do so on a “need to know” basis with appropriate security measures in place – this is done in accordance with applicable data privacy law. A list of key service providers can be found in Annex A.
Transfers to other third parties
We may also disclose personal information to third parties on other lawful grounds, including:
- To comply with our legal obligations, including where necessary to abide by law, regulation or contract, or to respond to a court order, administrative or judicial process, including, but not limited to, a subpoena, government audit or search warrant
- In response to lawful requests by public authorities (including for national security or law enforcement purposes)
- As necessary to establish, exercise or defend against potential, threatened or actual litigation
- Where necessary to protect the vital interests of our employees or another person
- In connection with the sale, assignment or other transfer of all or part of our business; or
- With your expressed consent
International transfer of your data
Some of the processes involved in our use of your personal data may require our data to be stored or processed in countries outside of Europe. For example, your data may be held in countries outside of Europe as a result of third party data hosting agreements. Whenever we send (or permit a third party to send) your personal data outside of Europe, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we may implement specific contract terms or we may rely on service providers who adhere to certain compliance programmes overseas, or we may select service providers based in countries with strong local laws to protect your personal data.
Data retention periods
Personal information will be stored in accordance with applicable laws and kept for as long as needed to carry out the purposes described in this Notice or as otherwise. Our data retention policy details this.
The Zedify online portal (ZAPP) automatically deletes the following personal data from the delivery record after 3 months:
- names of sender and recipient
- telephone number
- delivery instruction
Proof of Delivery (POD) data is kept for 12 months before being deleted.
Data privacy rights
The following rights are available under applicable data protection law:
- Access, correct, update or request deletion of personal information
- Object to processing of personal information, ask us to restrict processing of personal information or request portability of personal information.
- If we have collected and processed personal information using a person’s consent, then this can be withdrawn at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to withdrawal, nor will it affect processing of personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. You can read more about these rights at: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
Updates to this Notice
This Notice may be updated periodically to reflect any necessary changes in our privacy practices.
Please address any questions or requests relating to this Notice to Zedify’s Data Protection Officer at email@example.com or by mail: The Bike Depot, 140 Cowley Road, Cambridge, CB4 0DL.
Annex A – Third-party processors
Key third-party processors
The following are Zedify’s key third-party processors in relation to client data.
ZAPP – developed by Skotkonung Ltd
Skotkonung are an ISO 9001 and ISO27001 company and have their own policies and procedures to manage and protect data. In summary data is protected is the following way:
- Only collects information that is required to enable the service
- A UK government registered IT company is used to Pen-Test all active solutions prior to external user access (to see if they can break in to get to the data).
- All data on devices and data in transit to devices is encrypted. Data on devices is cleared nightly.
- ZAPP allows manager level staff to delete clients full record (if no consignment added against their record since creation).
This data is stored in data centres located in the UK.
Zedify uses Google tools for business for eg email and cloud-based storage. Please see Google’s Privacy Notice for more information.
Additional third-party processors
Data may be shared with several third-party processors to meet legal requirements, where Zedify outsources aspects of its processes or when providing specific services relating to maintaining our services. These organisations may include, but are not limited to, the following:
- Xero (Accounting & Payroll)
- Deputy Scheduling
- People HR
Where the above third-party processors transfer data overseas outside of the European Economic Area (EEA), appropriate safeguards are in place to protect the data transferred.