We believe in creating something better. We understand you are trusting us with information that is important to you, and we want to repay your trust by being transparent about how we use and protect your information.
This Privacy Notice explains the privacy practices for zoneX, applications, software, websites, APIs, products and services (our “zoneX Services”). Specifically, we’ll tell you about:
This Privacy Notice covers personal information. Personal information is any information that tells us something about you.
This could include information such as your name and contact details. Some personal information is categorised as "special" under data protection legislation. This includes information relating to health, racial or ethnic origin, and religious or philosophical beliefs. We may process special categories of personal information in limited circumstances with your explicit consent unless we have a legal reason to do so without your consent. Where we ask for your consent, we will explain at the time the purpose for which the personal information will be used.
We collect your personal information to provide you with our zoneX Services, so that we can stay in touch with you, to improve and personalise our Services for you, to handle any questions or complaints you may have, and to comply with our regulatory obligations. This involves:
We collect information from you when you register an account with us, and when you make a purchase through our website. This includes the information we need to identify you to comply with our regulatory obligations. See the Age-verification and identification section for more.
We collect information you voluntarily provide to us, such as your name and contact details, when you make an enquiry or complaint, sign up for zoneX newsletters or promotions, and when you participate in our surveys. You volunteer information when you leave us feedback or post about yourself on our social media accounts or any public areas of our website.
We collect some information about you automatically, such as information collected by cookies, web beacons and similar technologies when you use, access or interact with us via our website or via one of our zoneX applications.
Some of the information we collect about you comes from third parties such as analytics service providers, social media providers and marketplaces. If you sign up for a zoneX account using your Facebook or Twitter account, we receive information from that service depending on the settings of your social media account. You can change how the information is shared with us by other services by changing your settings with that service.
Identity Data is information that specifically identifies you. It includes your first name, last name, username or similar identifier, title, address, date of birth and gender. We use this information to register and create your account, and to ensure we are dealing with the correct adult consumer. In some cases, we may need your national ID details.
We need to conduct age-verification so that we can comply with applicable local laws and regulations that restrict who we offer our zoneX Services to.
Contact Data includes billing address, delivery address, email address and telephone numbers. We use these details to deliver our zoneX Services to you.
Financial Data includes your bank account and payment card details. Using our website, you submit these details to our payments service provider, WorldPay, when you buy zoneX products online.
Transaction Data is generated as a record of your purchases through our website and includes details about payments to and from you and other details of products you have purchased from us.
Account Profile Data is the personal information contained in your account. It includes your username and password details as well as your Identity Data, Contact Data and Marketing and Communications Data. It is also a record of your engagement with us through your feedback and survey responses.
Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences to ensure we engage with you as you wish.
Technical Data is the information behind the technology and the devices you use, including our website and any of our zoneX applications. It tells us how our products and services are performing and we use this data to make our zoneX Services operate better.
Technical data includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and any of our zoneX applications.
Usage Data is the information generated, including using cookies, as you use our zoneX Services. We use third party analytics providers to analyse how you are using those zoneX Services. This data, especially when we use it as Aggregated Data, tells us how the zoneX experience could be improved and what we can do to enhance the services we offer.
We use a third party service, Google Analytics, to collect standard internet log information and details of your behaviour patterns as you navigate around our website. It does this using information from cookies. This helps us to find out the number of users to the various parts of our website and how they interact with the content on the site. We also use this information to maintain and monitor the performance of our website, and to look for ways of improving our website and the services it offers you. This information does not identify any individuals. You can see our Cookies Policy here.
Third Party Data is the information we receive from analytics providers as mentioned above under Usage Data and, for instance, when we analyse your feedback. We also receive information about you from social media providers when you register for a zoneX account via your social media accounts like Facebook or Twitter.
This might include information on your interests, comments and content you have posted, user name, and other online activities. You can find information on the data sharing policies and practices of the social media providers on their websites, and we encourage you to read this information and adjust your settings to your personal preferences.
Location Data is used in some features of our zoneX Services. Precise location is generated from GPS signals, device sensors, Wi-Fi access points, and cell tower IDs. We may also derive approximate location from your IP address.
Aggregated Data is derived from your personal information but is not considered “personal data” in law as it is anonymous and the data does not directly or indirectly reveal your identity. This data is used for statistical research and to inform business strategy.
We collect, use and share Aggregated Data, such as statistical or demographic data. Aggregated Data may be derived from personal information (for example, we may aggregate all our website visitors’ website usage to calculate the percentage of them accessing a specific website feature) but it does not identify individuals. However, if we combine or connect this Aggregated Data with your personal information in a way that directly or indirectly identifies you, we treat the combined data as “personal data” which will be used in line with this Privacy Notice.
We collect website and application Usage Data and Technical Data automatically from your mobile or other device using cookies, web beacons and similar technologies.
A cookie is a small file of numbers and letters that we put on your mobile or other device if you agree. These cookies allow us to distinguish you from other visitors to our website or one of our zoneX applications and tells us how you are using our website or our zoneX application. Some cookies are necessary to provide you with a good experience as you browse; others help us to gather information that informs how we can improve our website or the zoneX application for you.
You can block cookies at any time by activating the setting on your browser that allows you to refuse some or all cookies. If using one of our zoneX applications, you can also manage application cookies within your mobile device settings. If you do block cookies there may be parts of our website or one of our zoneX applications that you will be unable to access or that will not function properly.
Our cookies help to:
You must be at least 18 years of age to use zoneX, our website and our zoneX applications. This is to ensure that we meet our legal obligations. Before you enter our website you will be asked to verify your age. When you register an account via the website or a zoneX application, or when you purchase a zoneX product or service, you will need to provide Identity Data so that, with your consent where necessary, we can authenticate your age.
Your Identity Data is sent to our service provider, Persona, who checks the information against public sources to verify your age. If for some reason Persona is not able to verify your age from the information provided, you will be asked to consent to a full identity check by submitting evidence in the form of National ID, such as your passport, directly to Persona.
We will keep your Identity Data all the time that you are a user of our zoneX Services and for the period we need to hold it for legal reasons after that. After your identity check is completed your National ID document is not kept by us or by Persona.
Not participating in the age-verification or identification process will obstruct your interactions with us. If you have any questions about the age-verification or identification process, please contact our Customer Service 08081961799 or via support@zonexuk.com and an advisor will be happy to help you.
zoneX, our website and our zoneX applications are not intended for children and we do not knowingly collect data relating to children.
Your personal information is used for the following purposes:
Account creation. If you sign up for an account with us, either on our website or via our zoneX applications, we use your personal information to register your account and carry out age-verification. .
Delivering your zoneX products and services. We use your personal information to deliver our products and services to you. This includes contacting you about your orders, managing payments, fees and charges, collecting and recovering money owed to us, delivering products and services to you, and providing you with information about the products you have purchased, including any product safety information.
When you submit your Financial Data via our website, your details are transmitted directly to our payments service provider, WorldPay. We do not store your Financial Data.
Account management. We use your personal information to administer your account and to manage our relationship with you, which will include notifying you about any changes to our terms or privacy notice, enabling you to use promotional codes or discounts, using our Live Chat function, and responding to your queries.
Providing customer service. If you contact us, we will save your contact details to respond to your query. It is also possible to contact our Customer Service through our Live Chat function available on the website. The information you provide in the chat is saved in our system to ensure you receive the correct support from our Customer Service team and to inform our understanding of your zoneX experience.
Personalising your zoneX experience. We use information about your behaviour on our website and your use of our zoneX applications (and, with your agreement, your location) to personalise your zoneX experience by tailoring our communications to your preferences.
If you are registered to receive marketing communications, we use information about your online activity to inform the email/SMS/phone updates you receive from us with news, events and offers. You can opt out of receiving these communications in the preference centre in your account. You can also unsubscribe through a link in every communication we send out.
We use information about your online activity together with your response to our newsletter to personalise your online browsing and shopping experience on our website and in our zoneX applications to ensure you will see content that is relevant for you.
Providing product reviews and feedback. If you leave a review about a zoneX product on our website or via one of our zoneX applications, we collect personal information about your experience. You can choose what information you provide. The information is collected to give readers of the review a better understanding of our products and services. We analyse the feedback to learn how we can make improvements.
Events and promotional activities. We use your personal information when we invite you to events hosted by us or on our behalf. If you participate in an event, we collect information about you to better understand your preferences. Offline data collection may be part of a promotional initiative, such as a prize draw or competition.
Conducting surveys. Occasionally we invite you to fill out a questionnaire. You are free to choose if you would like to fill out the questionnaire. The information you provide will be used to better understand your preferences and to serve you better.
Marketing. If you are an existing customer or if you have made a sales enquiry, we may contact you by email / SMS / telephone /post with marketing information about our products which are similar to the products previously provided to you, unless you have told us you do not want to hear from us. Otherwise we will only contact you with our promotional materials if you have agreed we can.
Where appropriate and with your consent (by setting your preferences in the preferences centre during or at any time after the registration process), we may pass your information to our affiliate Imperial companies where you are located so that you receive further personalised information and services that might interest you. You may ask us at any time not to use your information for marketing purposes by contacting us using the contact details below.
In order to provide you with a personalised shopping experience, we will send you marketing information based on your preferences. These preferences can be based on your online behaviour and/or surveys that you have participated in. Based on this, personalised emails will be sent out (if you are subscribed) or personalised advertisements will be shown to you. Based on your online behaviour and preferences, our website and our zoneX applications might also be adjusted accordingly. In certain cases, your personal information will be matched to personal information received from third parties to build up a profile. This profile will give us insight on how we can personalise your experience with us.
You can ask us to stop sending you marketing messages at any time by logging into the website and unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you. You can also opt-out by contacting us at any time. Where you opt-out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a product purchase, product experience or other transactions. Therefore, if you opt-out of marketing, we will still need to send you service communications from time to time, such as information about changes to our services or product recalls.
Research and analysis. We use all the data we collect (largely as Aggregated Data), including your feedback, your responses to surveys and promotional activities, your online behaviour and your use of zoneX and any of our zoneX applications, to conduct research and analysis to improve and develop our business.
We carry out research and analyse the data we have (usually in aggregated form, to improve our zoneX Services, our marketing strategy and our customer relationships and experiences. We also use and share our statistical data and the results of our research and analysis to improve our business and develop new products and services.
Administering and protecting our business. We use all the data we collect to administer and protect our business, our zoneX products, our website and our zoneX applications, and our information and systems. This includes carrying out activities like trouble-shooting, data analysis, testing, system maintenance, system security, support, reporting and hosting data.
When you purchase zoneX products in a market place. If you buy a zoneX product in a market place, we will receive information about your purchase and personal data held by the market place.
The lawful basis that allows us to use your personal information We need to tell you the lawful basis that permits us to use your personal information.
We may use your personal information under more than one lawful basis depending on the specific reasons for using it. Please contact us if you need more details about the specific lawful basis we are relying on to process your personal information.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we will only process your personal information without your knowledge or consent where this is required or permitted by law.
Our use of your personal information is allowed:
The table below provides more detail about the personal information we use and the legal basis that we rely on in each case.
| Purpose | Personal information used | Lawful basis including basis for legitimate interest |
|---|---|---|
| Age-verification and identification | Identity Data | (a) Consent (b) Public interest and compliance with legal obligation |
| Account creation. | Identity Data, Contact Data, Account Profile Data | (a) Performance of a contract with you (b) Consent |
| Delivering your zoneX products and services. | Identity Data, Contact Data, Financial Data, Transaction Data | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (b) Necessary for our legitimate interests (to recover debts due to us and to protect our business) |
| Account management | Identity Data, Contact Data, Financial Data, Transaction Data | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to develop our relationship with you to progress our business) |
| Providing customer service | Identity Data, Contact Data, Financial Data, Transaction Data | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to develop our relationship with you to progress our business) |
| Personalising your zoneX experience | Identity Data, Contact Data, Transaction Data, Account Profile Data, Marketing and Communications Data, Technical Data, Usage Data, Third Party Data, Location Data | (a) Consent (b) Necessary for our legitimate interests (to develop our products/services and grow our business) |
| Providing product reviews and feedback | (a) Consent (b) Necessary for our legitimate interests (to study how our products/services are used, to develop them and grow our business) | |
| Events and promotional activities | Identity Data, Contact Data | Consent |
| Conducting surveys | Identity Data, Contact Data | (a) Consent (b) Necessary for our legitimate interests (to study how our products/services are used, to develop them and grow our business) |
| Marketing | Identity Data, Contact Data, Transaction Data, Account Profile Data, Marketing and Communications Data, Technical Data, Usage Data, Third Party Data, Location Data | (a) Consent (b) Necessary for our legitimate interests (to develop and grow our business, understanding customers and to inform our marketing strategy) |
| Research and analysis | Identity Data, Contact Data, Transaction Data, Account Profile Data, Technical Data, Third Party Data, Location Data | Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
| Administering and protecting our business | Identity Data, Contact Data, Financial Data, Transaction Data, Account Profile Data, Marketing and Communications Data, Technical Data, Usage Data, Third Party Data, Location Data | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) |
We need some of your personal information by law, to respond to your enquiries, to enter into a contract with you (for example, to make sure we can deliver the products/services you asked for to you). Without this information, we may not be able to continue with the process that you want us to. We’ll explain when this applies where we collect your personal information if it is not clear why we need it.
We will treat all your personal information as confidential and in accordance with data protection laws. We may, however, need to share your personal information with our affiliates that are part of the Imperial Brands group and with third parties who provide us with services.
We limit the amount of third parties that have access to your personal data to only what is needed to provide the zoneX Services.
To do so, there are certain categories of processors (i.e. those third parties who process your personal information on our behalf) that have access to your personal information, which include:
Where we use third parties to process your personal information on our behalf, we will always carry out checks to ensure that there are appropriate protections for safeguarding your personal information. We will also monitor the performance of these third parties (and their approved subcontractors) to ensure that your personal information remains secure.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
We also share information (usually Aggregated Data) with our relevant affiliates for business administration and reporting purposes, to assist with the provision of sales, marketing and customer care services, and for product and services development purposes. For instance, we share statistical customer feedback and survey data with our affiliate responsible for product innovations.
We will not usually disclose your personal information other than as set out above. However, there are certain circumstances where we need to share personal information, for instance:
Your personal information will only be transferred to countries in the European Economic Area (the “EEA”) or where the recipient has confirmed an adequate level of protection for it, for instance, by contractual agreement. You can ask us about the arrangements we have in place.
In some cases, we work with third parties, including our Imperial Brands affiliates, based outside of the European Economic Area (EEA) who store, host or transfer your personal information outside the EEA.
If we transfer your personal information out of the EEA, we will ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
Information sent via the internet is not always secure. We cannot guarantee the security of the information while it is being transmitted to our website or one of our zoneX applications as you register your account; any transmission is at your own risk. However, once we’ve received it, we take appropriate security measures to keep it safe.
We limit access to your personal information to those who have a business need to know. Where we use service providers, we require them to take appropriate security measures to protect your personal information from accidental or unlawful destruction, loss, or alteration and unauthorised access or disclosure. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so.
We keep your personal information for as long as is necessary to fulfil the purposes for which it was collected. After that we will delete or de-identify your personal information unless we hold it to comply with our legal obligations, resolve disputes and enforce our agreements.
We will keep any personal information in your account, and any of our zoneX applications you use for as long as you have an account with us and generally for a period of 27 months following your last purchase of a product or when you last accessed your account, provided that you are not subscribed to our newsletter.
We may need to keep your personal information for a longer period under certain limited circumstances (for example, where we have a legal reason to keep the personal information for a longer period or in case of a legal claim or dealing with on-going queries or complaints
Our website and our zoneX applications may include links to third party websites, plug-ins and applications (such as Facebook and Twitter). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party links and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
If you wish to exercise the rights set out in this section, please make your request in writing using the contact details in the Who we are and how to contact us section below. We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information we need.
In summary, you have the right, within certain legal parameters, to ask us:
Sometimes you will be able to exercise your rights through your account settings. We have noted where this is possible in the further information provided below.
For details about how we use your personal information. This Privacy Notice tells you this and in any further updates to it;
To see what personal information we hold about you. You can access your personal information through your account settings or you can ask us to provide you with it.
To correct your personal information. You can ask us to correct inaccurate information that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct it on our systems as soon as possible. You can also update your own personal information at any time through your account settings via our zoneX website.
To erase your personal information in certain circumstances. You can ask us to delete your personal information in certain circumstances (for example, if we have processed your personal information unlawfully or if we no longer need it for the purposes set out in this Privacy Notice). If you ask us to delete your personal information but you do not want to close account, we will usually need to keep processing your data in a personally identifiable form, so you should be aware that we may not be able or obliged to anonymise your personal information. If you ask to delete your account, we will stop using your account but we will retain some details for legal or evidential purposes.
Not to use your personal information in a particular way. You can object to us processing any personal information that we process where we are relying on legitimate interests as the legal basis of our processing. If we have compelling legitimate grounds to carry on processing your personal information, we will be able to continue to do so. Otherwise, we will stop processing your personal information.
To port your personal information in a commonly used electronic format. You can ask us to send you a copy of the personal information that we hold about you in a commonly used electronic format.
To restrict how we use your personal information. You can ask us to restrict processing of your personal information in some circumstances (for example, if you think the personal information is inaccurate and we need to verify its accuracy, or if we no longer need the information but you require us to keep it so that you can exercise your own legal rights). This means that we only store your personal information and we won’t carry out any further processing on it unless you give us consent or we need to process the information to exercise a legal claim or to protect a third party or the public.
Not to send you marketing materials. You can ask us not to send you direct marketing or advertising. You can do this by opting out of the advertising you no longer want to receive in the Preferences section of your account settings. You can also opt out by using the "unsubscribe" option in any of our emails.
Not be subject to automated decisions about you and to request human intervention. You can object to automated decisions being made about you and request human intervention.
If you have given us permission to use your personal information in any particular way, you have the right to withdraw that permission at any time. You can do this in the preference centre in your account or by contacting us.
We will keep this notice up to date and you can find the date it was last updated at the bottom of the page. If there are any changes to the way in which your personal information is used, we will update this privacy notice and, where appropriate, notify you of the changes by email. We recommend that you check this page from time to time to ensure that you are aware of any changes.
The data controller of all personal information collected from your use of the zoneX Services is Imperial Tobacco Limited of 121 Winterstoke Road, Bristol, BS3 2LL (registered number: 01860181).
If you have any queries about this Privacy Notice or complaints about the way we use your personal information, please contact us at dataprotection@uk.imptob.com and we will assist in resolving the issue.
By post: Data Protection Imperial Tobacco Limited 121 Winterstoke Road Bristol BS3 2LL
By email: dataprotection@uk.imptob.com
We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk), with registration number ZA106554. If we cannot resolve your compliant or you are unhappy with how we have processed your personal information, you have the right to make a compliant at any time to the ICO. You can find out how to do this by visiting www.ico.org.uk. We would however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the contact details above.
This Privacy Notice is effective from 26th July 2019.