We’ll only ever collect, use and share your information in ways that are described in this policy.
We’re committed to the confidentiality and security of the personal data you give us.
You’re In Control
Update your profile and communication preferences at any time.
You’ll come across the term ‘personal data’ a lot in this policy. By that, we mean any information relating to you as an identifiable individual. For example, this includes information that may itself identify you e.g your name, contact details, internet protocol (“IP”) address, cookie strings or device IDs, as well as information that may not on its own identify you, but which we store alongside such identifiers, such as how you are using our services or the country you are in when you do so.
Everyone who uses our services will have bits and pieces of information about them collected, stored and processed. However, we don’t collect more information than we need.
When you use our services or make a purchase, we have to collect, keep and share some personal data and ask that you agree to that in line with this policy. We collect information in three ways:
You give it to us voluntarily
Information you choose to give us might include personal data needed for you to be referred to a third party supplier or payment processer for yourself and/or others. This ranges from the dates and products you choose in a search, to the basic stuff for making an information request such as names and contact details. Most importantly, it’s always up to you whether or not you choose to give us this kind of information.
We generate or collect it automatically
We generate or collect some information from your computer or device automatically as you use our services. This includes things like your IP address, information about the device and browser you are using to access our products, services, the website URL you visited us from and the third party sites you visit when you click on links to exit this site. We may also know your location from your mobile or your IP address. This helps us to improve your experience and make sure you receive the content that’s most relevant to you.
We receive it from third parties
Sometimes we’re given information about you from third parties, depending on how you choose to interact through them, with us. For example, when you come to our website via a promotional partner, or when you log into your account using our social network login feature.
Our services and products are not intended to be available for children under 13 years of age, and no one under the age of 13 should provide any information to, on or via our services. We don’t knowingly collect personal data from children under 13, and will delete any that we learn we have collected or received that was not provided by, or with express consent on behalf of, the child’s parent or legal guardian.
We only keep your data for as long as we need it, or are required to for legal reasons. We’ll then either delete it or anonymise it so it doesn’t identify you. We treat data differently depending on what it’s used for, but you can ask us to delete your personal data at any time.
We have different retention policies for different types of personal data, taking into account:
- The purpose for collecting the personal data;
- How long it will take to fulfil that purpose; and
- Any specific reason or overriding legal obligation to retain the personal data for a specific amount of time.
Also, if you have an account with us, we will keep personal data such as your email address, name and other details so you can log in and access our services for as long as you have an account. We may keep other information indefinitely – such as site activity linked to an IP address – which we use to help us understand our clients, improve our products and services and protect our business interests.
No matter how long the retention period, you can ask us to delete your personal data in certain circumstances. Find out more about how you can manage your personal data in the “What are your choices and rights?” section of this policy.
We share information relating to our users with selected third parties who provide us with a variety of different services that support the delivery of our services (let’s call them “Third Party Processors”). These Third Party Processors range from providers of technical infrastructure to customer service and authentication tools. We require any Third Party Processor which handles information on our behalf to do so pursuant to contractual terms which require that the information is kept secure, is processed in accordance with applicable data protection laws, and used only as we have instructed and not for that Third Party Processor’s own purposes (unless you have explicitly consented to them doing so).
Third Party Processors may be located in, or process your information, outside of the country in which you are based. Where our use of a Third Party Processor involves the transfer of personal data from within Europe to a location outside of the European Economic Area, we will put in place appropriate measures to ensure that the personal data is adequately protected in that location, most often by applying European Commission-approved standard contractual clauses alongside robust security checks.
The types of Third Party Processors we may share elements of your personal data with include:
- payment processors engaged by us to securely store or handle payments information, such as credit or debit card details;
- providers of email management and distribution tools – for example, if you sign up to receive newsletters or other marketing messages we will manage the delivery of these to you using a third party email distribution tool;
- providers of security and fraud prevention services – for example, we use these providers to identify automated software agents that might disrupt our services or to prevent misuse of our APIs;
- providers of data aggregation and analytics software services that enable us to effectively monitor and optimise the delivery of our services;
- providers of tracking tools that we use to monitor instances where you click on a link to a website and redirect from our main web platform to that third party’s website;
- providers of software platforms that assist us in communicating or providing customer support services to you ; and
- providers of online cloud storage services and other essential IT support services.
Sharing your information with third parties, or allowing them to collect it, for processing outside of our control
We will share personal data with third parties where you expressly authorise us to, such as where we run a promotion in conjunction with a partner and you instruct us to share your email address with that third party for the purpose of receiving promotional emails.
Certain information may also be collected from you by third parties such as advertisers, marketing networks and affiliates using cookies and similar technologies. For example your IP address and events relating to your activity like searches you have carried out or pages you have viewed on this website may be collected and transmitted to these third parties to allow them to serve relevant advertising to you across the web. The information that is collected in this way will never include your name, contact details or other information that would enable you to be identified in the offline world.
Disclosing information for legal and other reasons
We may disclose your information where necessary to enforce our Terms of Service or other agreements, or to a prospective or ultimate buyer if Tall Ship Zebu CIC itself (or part of our business) is sold. We may also disclose your information if necessary to prevent, detect or prosecute illegal or suspected illegal activities, including fraud, or to prevent other damage or where necessary in response to legally binding requests, legal action against us, or to enforce our rights and claims.
Keeping your personal data secure is our highest priority. We limit access to only those employees who have to come into contact with your information to do their jobs and deliver our products and services.
Unfortunately, no website or app can guarantee complete security but we have created an organisation-wide security programme designed to keep your personal data as safe as possible. It uses a range of technical, organisational and administrative security measures and best-practice techniques, depending on the type of data being processed. For example, the computer systems we use to store your data have access limitations and in-cloud based servers that use industry-standard disc encryption. We use TLS and HTTPS encryption to protect your personal data when we transfer it across the internet. And we carry out security assessments on Third Party Processors who handle your data.
To make sure we maintain a culture of ‘Privacy by Design’, we provide thorough data protection and privacy training to all employees. We develop our services with the goal of using the minimum amount of personal data possible, including through use of data minimisation techniques like anonymisation and pseudonymisation. Also, whenever we develop or update our services in ways that involve the collection or use of new forms of personal data, we conduct a privacy impact assessment to understand, and reduce, the likelihood of any unintended impact on you.
We store the information we collect from you on secure servers in various locations, depending on where you are in the world when you access our site. Currently, we use servers that are located in the UK. These servers are provided and/or supported by third parties acting under our instruction (see When is your information shared with or collected by third parties? for more information).
Sometimes the countries that your data is transferred to, or stored in, may have different, or less stringent, data protection and security standards than your own. However, subject to the local laws in these countries, we’ll provide the safeguards needed to protect your data regardless of location. We do this through a combination of appropriate technical, organisational and administrative security measures, and by putting in place the necessary legal contracts to backup these requirements. For example, we will only store European users’ personal data outside the European Economic Area where a European Commission-approved method of validating the transfer has been put in place.
We use a combination of cookies and other technologies such as pixels/web beacons and tracking codes (explained below) to collect information for use in line with the purposes set out in this policy.
What is a cookie?
Cookies on our website may be set by us, third parties we’re working with, or independent third parties (such as advertisers).
What are web beacons and pixels?
Web beacons or pixels are small, transparent image files inside a web page or email. We use them to understand how you interact with our services, or if you’re redirected to a supplier’s website or app. We might use the pixel to confirm if you went on to purchase from them, and what you purchased. We also use pixels to gather information such as whether you’ve opened an email, so that we can improve our communications to you.
What are tracking codes?
Tracking codes are snippets of code placed in the page to measure things like visits and interactions. We use tracking codes to find out more about how you interact with our services, the adverts you see and more generally, how you use us.
If you’ve got a Tall Ship Zebu account, you can access, edit, download or delete the key personal data associated with your profile at any time by going to your Profile. From here you can also manage your subscription and marketing preferences.
You also have rights in relation to the personal data we have about you, which we explain in more detail below. You can exercise these rights by getting in touch with us.
You have the right to ask us for a copy of your personal data; to correct, delete or restrict processing of your personal data; and to obtain the personal data you have provided to us in a structured, machine readable format. In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement). Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Tall Ship Zebu processing your data, this will not affect any processing which has already taken place at that time.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have unresolved concerns, you have the right to complain to a data protection authority.
To the extent that you’re unable to satisfactorily exercise any of these rights via your Profile, you can do so by contacting us by post at Data Protection Dept., Tall Ship Zebu CIC, 110 Station Road, Chingford, London, England, E4 6AB, or electronically via our online contact form.
If you have unresolved concerns, you have the right to complain to a data protection authority.
Although Tall Ship Zebu CIC has made every reasonable effort to ensure the accuracy of information provided on this website we cannot accept responsibility for any loss which might arise from reliance on this information or any damage which may be caused by downloading it from this site.
Tall Ship Zebu CIC has made every effort, for the imagery for which the Tall Ship Zebu CIC does not hold the copyright, to obtain permission from the appropriate copyright holders. However, please contact us if you believe there has been an infringement or error (follow the link below).