PRIVACY POLICY

This Privacy Policy applies to the services offered by Devolex Global Pty Ltd (“Company”).

1. Personal information:

The Company is committed to safeguarding personal privacy. It recognizes that individuals have a right to control how their personal information is collected and used. Providing personal information is an act of trust and it is taken seriously. Unless given consent to do otherwise, the Company will only collect and use personal information as set out below.

2. Collecting personal information:

The Company will not collect or monitor any personal information about an individual without their consent. The only personal information collected is what has been provided voluntarily.

  1. Consumer Logistics Services

ZigZag Global provide software and logistics to help retailers manage returns globally. We partner with couriers, marketplaces, warehouses and retailers to help them offer a better returns experience to their customers, which may include managing logistics and returns with leading carrier partners and postal partners. In order for us to process an order it is necessary for us to store data about the transaction which may include your name, address, phone number, email address and details of what you purchased so that we can facilitate the order or return. This may include passing details to 3rd parties such as couriers required to complete the order.

  1. Use of tracking technologies:The Company uses tracking technologies such as cookies or web beacons to make use of the website and services as convenient as possible. Cookies are pieces of information that a web site transfers to a computer’s hard disk for record keeping purposes. Most web browsers are set to accept tracking technologies such as cookies or web beacons. These tracking technologies do not themselves personally identify users, although they do identify a user’s browser.
  2. Using and disclosing your personal information:Personal Information will be used for the following primary purpose:- To fulfill obligations under any sale and purchase contract and/or any other contract between the individual and the Company.- To render services related to Company’s business such as warranty or after sales services.For the purpose described above, information may be shared with Company’s group companies either in Australia or overseas. Also, in order to operate the web site or deliver a service, personal information may also be shared with a service provider, a non-Company group company.6. Contact by the Company:The Company may contact individuals using the information, which was provided by them in order to:- Provide information that may be of interest about upgrades, new Company products, special offers and other matters that may be of interest.

    – To send newsletters.

    7. Individual’s right of access:

    Individuals have the right to review the information that may be recorded on the Company’s database. Information may be reviewed by contacting the Company on the customer enquiry number +61 449 969 186.

    8. The Company and links to other web sites:

    The Company provides links to web sites outside of the Company site. These linked sites are not under the control of Company, and the Company is not responsible for the conduct of companies linked to the Company web site, nor for the performance or otherwise of any content and/or software contained in such external websites.

    9. Problems or queries:

    Queries relating to the Privacy Policy, or any problems or complaints may be directed to the Personal Information Officer by calling the customer enquiry number +61 449 969 186.

  3. GDPR

The new EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018 and will impact every organisation which processes personal data of EU citizens. It introduces new responsibilities, empowers businesses to be accountable for their processing of personal data as well as enabling EU citizens to protect their privacy and control the way their data is processed. Even though the UK will be leaving Europe, the GDPR still applies and will replace the UK’s Data Protection Act 1998 when it comes into force

Data Protection Definitions

Personal data is any information that relates to a living individual. It also includes any data that can be used with other sets of data to identify an individual. Typical examples of personal data are name, identification number, location data, online identifier and email address.

Processing relates to any operation carried out on personal data including collection, recording, organising, structuring, storing and using. Processing also doesn’t have to be by automated means which means that processing includes paper-based, non-digital systems.

A Data Subject is the individual whose personal data is being processed

A Data Controller is the organisation which determines how personal data is processed

A Data Processor is an organisation which processes data on behalf of a Controller. This typically means a third party who is used by the Controller to process their data (e.g. a marketing company used to send out marketing materials)

For detailed information about the GDPR and data protection, visit the Information Commissioner’s Office website: https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation

Our Role as a Data Processor

You are the owner of the data you submit to our servers.

When your data is placed on our servers, you are the Data Controller and Devolex Global, the Data Processor. We do not access the data you store on our services and any processing (as a Data Processor) is only stored to help facilitate the transactions we manage on behalf of our clients and suppliers. Our clients and suppliers are typically Retailers, Marketplaces, Couriers or 3rd Party Fulfilment partners.

We do not use personal data for any processing of our own.

Devolex Global needs to process your personal information in order to facilitate collection of returns.

Whilst we do need to share your data with suppliers such as a courier we do not share or provide access to any of your data with other third parties unless required to do so by law. Where law enforcement or other authorised parties request access to our servers, we follow strict internal policies for dealing with such requests in line with existing law. Furthermore, the third parties are required to demonstrate they have a lawful reason to access the data and under what authority.

Data location

Devolex operate servers in two data centres in AWS (Amazon Web Services).

Maintaining Security

All our employees keep up to date with all technical aspects of security and ensure the ongoing security of our servers and systems. This means that any security patches are applied to our systems as a matter of priority and any changes or updates to our own systems are done so, always, with data protection and privacy in mind and where appropriate, in discussion with our customers. Where we have an agreement in place with our customers to do so, we also maintain the security of our customer’s own servers or hosted applications.

Access to Servers

Remote admin access to our servers is strictly restricted to key personnel within our Technical Support team. Our team will access a server only to resolve an issue reported by the client. Or to ensure that the Managed Hosting Service Level opted for by a client is met.

Devolex Global Employees

All Devolex Global employees are trained and made aware of their responsibilities under GDPR including their duties with regards to access, security and processing of any personal data stored on our servers. Security and data governance are covered in our employee handbooks and actively discussed as part of quarterly meetings to ensure all staff are up to date.

Changes to our approach

Should our approach to any aspect covered by this statement change we will make sure, where your data is impacted, that we notify you within a reasonable timeframe and in line with any contractual terms in place between us.

Data Breaches

In the unlikely event of a breach occurring (as defined in the GDPR) we will notify you within 48 hours of the breach coming to our attention. This will be enough time for you to consider your requirements, under GDPR, for reporting the breach to the ICO and Data Subjects.

Data Protection Contact

Any questions, queries or requests for further information regarding our GDPR compliance should be sent to:

Email support@devolexglobal.com