Version date: 22/05/2018
1.1 Zeal and Zest Pty Ltd (“Us” or “Our” or “We”) provides software branded as Nutickets Botswana that allows registered users who maybe event organisers and planners ( “You” or “Your” ) to advertise events, sell online tickets to events, manage events, and collect payments with respect to the sale of tickets and other services that have been registered via the use of the Nutickets Botswana software (the “Services” ) including the registration of end users (“Customers” or “Customer”) who want to attend such events.
1.2 We are committed to safeguarding the privacy of Our Service and software users, including You and Your Customers; in this policy We explain how We will treat personal information.
2.1 Our Service is not designed, or intended to be used by children, and as such We do not knowingly collect personal data from children under the age of thirteen (13).
2.2 If You are under the age of thirteen (13) please do not submit any personal information through Our Services.
2.3 If You believe a child has submitted data into Our system, please let Us know and We will endeavor to erase it from Our databases.
3. Lawful basis for processing
3.1 This Section 3 sets out Our lawful basis for processing personal information which You provide to Us via electronic and traditional means and during face-to-face conversations.
3.2.1 We may collect and process Your personal information on the lawful basis of ‘consent’ where:
(a) You have given Us express consent to do so;
(b) the personal information is of the following kinds: Your name, email address;
(c) the personal information is processed for the purpose of sending You direct marketing communications via: email.
3.3.1 We may collect and process Your personal information on the lawful basis of ‘contract’ where:
(a) the processing is necessary to fulfil Our contractual obligations to You, or
(b) You have asked Us to do something before entering into a contract with Us, and
(c) the personal information may be of the following kinds, for example: Your name, email address, telephone numbers, address and postal code, country, VAT number, employment status, educational details, date of birth, company name, other necessary information to enter into a contract with us;
(d) the personal information may be processed for one or multiple purposes, including but not limited to: to administer Our website and business, to enable Your use of the Services available on Our website, to supply to You Services purchased through Our website, to send statements, invoices and payment reminders to You, and collect payments from You, to send You non-marketing commercial communications, to deal with enquiries and complaints made by or about You relating to Our website and to verify compliance with the terms and conditions governing the use of Our website.
3.4 Legitimate interests
3.4.1 We may collect and process Your personal information on the lawful basis of ‘legitimate interests’ where the processing of the information:
(a) is necessary, but not in connection with the performance of a contract, or
(b) is necessary, but not for the purpose of sending You direct marketing communications via email, and
(c) is in ways You would reasonably expect, and
(d) has a minimal privacy impact.
We will rely on legitimate interests as Our lawful basis for processing Your personal data when We receive an inbound enquiry from You, for example via the telephone. You may ask Us for information about Our services and We have a legitimate interest in ensuring that Your enquiry is followed up using Your details as provided to Us.
Additionally, We will rely on legitimate interests for processing Your personal data when You enquire about Our services in person, for example at a meeting or at trade fairs, shows and exhibitions. We have a legitimate interest in ensuring that Your enquiry is followed up using Your details provided to Us.
There may be other occasions where We rely on legitimate interests as Our lawful basis for processing Your personal data.
For example, We may want to keep a record of when You enter and leave Our offices for security reasons. Our records may allow for Your entry and exit times to be identified, thus constituting to Your personal data. We do not need to keep this information to perform Our contractual obligations or for the purposes of sending You direct marketing communications, We will rely on Our legitimate interests in maintaining security as the legal basis for processing.
Another example of where We may rely on Our legitimate interests as the legal basis for processing is where We retain records of past conversations with You for the purpose of training and developing Our staff. Again, We do not need to keep this information to perform Our contractual obligations or for the purposes of sending You direct marketing communications, but We will rely on Our legitimate interests in training and developing staff as the legal basis for processing.
4. Our data processor responsibilities
4.1 This section 4 sets out Our responsibilities and liabilities, where We act as a data processor of Your Customer data, in which case You are acting as the data controller.
4.2 The subject matter of the data processing is Your Customer data.
4.5 The categories of data subjects include:
(a) Any individual accessing and/or using the Services We provide to You through Your account or who You have provided an account to by adding as a user in the System.
(b) Any Customer whose information is stored on or collected via the Services.
4.6 We will only process personal and Customer data in accordance with Your written instructions, unless required to do so by law.
4.7 We are legally obliged to ensure that We obtain a commitment of confidentiality from anyone We allow to process the personal and Customer data.
4.8 We will assist You in providing subject access to Customers and allowing Customers to exercise their rights under the GDPR.
4.9 We will notify You of any personal data breaches relating to Your or Your Customers data and assist You in meeting Your GDPR obligations to notify Your supervisory authority of breaches deemed likely to be of high risk to the rights and freedoms of individuals.
4.10 Following the receipt of a written, reasonable and justified request, We will assist You in meeting Your obligation to carry out Data Protection Impact Assessments, at Your expense; including assisting You with Your obligation to consult with Your supervisory authority where such DPIA indicates there is likely to be of unmitigated high risk to the rights and freedoms of the individuals due to the processing.
4.11 We will take appropriate measures to ensure the security of processing.
4.12 Following the receipt of a written, reasonable and justified request, and at Your expense, We will submit to audits and inspections to provide You with information required to ensure We and You are meeting Our and Your Article 28 obligations.
4.13 We will tell You if we are asked to do something with Your or Your Customer data, which infringes on the GDPR or other data protection law of the EU or a member state.
4.14 Upon termination of Your contract with Us, at Your choice, We will either delete or return all personal data We have been processing for You unless we are otherwise required to retain it by law.
4.15 We will provide an up-to-date list of the sub-processors, that We have appointed to help Us to process Your and Your Customer data, upon receipt of a written request from You.
4.16 We shall not engage another sub-processor to help Us to process Your and Customer data without prior written consent from You this consent maybe in the form of Your continued use Our services once You have been notified of any changes to Our sub-processors.
5. Collecting personal information
5.1 We may collect, store and use the following kinds of personal information relating to You:
(a) Information about Your computer and about Your visits to and use of Our website(s) (including Your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
(b) Information that You provide when completing Your profile on Our website (including Your email address, Your name, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details) for purposes including; subscribing to Our email notifications and/or newsletters; purchases of Our Services;
(c) Information contained in or relating to any communication that You send to Us or send through Our website.
5.2 Before You disclose to Us the personal information of another person or user, You must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
6. Using personal information
6.1 Personal information submitted to Us through Our website will be used for the purposes specified in this policy or on the relevant pages of the website.
6.2 We may use Your personal information to:
(a) Administer Our website and business;
(b) Enable Your use of the Services available on Our website;
(c) Supply to You Services purchased through Our website;
(d) Send statements, invoices and payment reminders to You, and collect payments from You;
(e) Send You non-marketing commercial communications;
(f) Send You email notifications that You have specifically requested;
(g) Send You Our email newsletter, if You have requested it (You can inform Us at any time if You no longer require the newsletter);
(h) Send You marketing communications relating to Our business which We think may be of interest to, by post or, where You have specifically agreed to this, by email or similar technology (You can inform Us at any time if You no longer require marketing communications);
(i) Provide third parties with statistical information about Our users (but those third parties will not be able to identify any individual user from that information);
(j) Deal with enquiries and complaints made by or about You relating to Our website;
(k) Verify compliance with the terms and conditions governing the use of Our website
6.3 We will not, without Your express consent, supply Your personal information to any third party for the purpose of their or any other third party’s direct marketing.
7. Disclosing personal information
7.1 We may disclose Your personal information to any of Our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
7.2 We may disclose Your personal information:
(a) To the extent that We are required to do so by law;
(b) In connection with any on-going or prospective legal proceedings;
(c) In order to establish, exercise or defend Our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
(d) To any person who We reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in Our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
7.3 Except as provided in this policy, We will not provide Your personal information to third parties.
8. International data transfers
8.1 Information that We collect will be stored and processed via the use of 3rd party providers including Amazon Web Services (“AWS”) and may be transferred between any of the AWS data centres within the EEA Region that include Ireland (Dublin), the UK (London), Germany (Frankfurt) and France (Paris).
8.2 We will not transfer Information that We collect to countries that do not have data protection laws equivalent to those in force in the European Economic Area.
8.3 If You provide Personal information that You publish on Our website or submit for publication on Our website this may be available, via the Internet, around the world. We cannot prevent the use or misuse of such information by others.
8.4 You expressly agree to the transfers of personal information described in this Section 8.
9. Retaining personal information
9.1 This Section 9 sets out Our data retention policies and procedure, which are designed to help ensure that We comply with Our legal obligations in relation to the retention and deletion of personal information.
9.2 Personal information that We process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
9.3 Notwithstanding the other provisions of this Section 9, We will retain documents (including electronic documents) containing personal data:
(a) to the extent that We are required to do so by law;
(b) if We believe that the documents may be relevant to any on-going or prospective legal proceedings; and
(c) in order to establish, exercise or defend Our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
10. Security of personal information
10.1 We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of Your personal information.
10.2 We will store all the personal information You provide on Our secure (password- and firewall-protected) servers.
10.3 All electronic financial transactions entered into through Our website will be protected by encryption technology.
10.4 You acknowledge that the transmission of information over the internet is inherently insecure, and We cannot guarantee the security of data sent over the internet.
10.5 You are responsible for keeping the password You use for accessing Our website, Service and software confidential; We will not ask You for Your password (except when You log in to Our website).
12. Your rights
12.2 You have the right to instruct Us to provide You with any personal information We hold about You. Provision of a copy of such information will usually be:
(a) granted for free; but We reserve the right to charge a ‘reasonable fee’, based on the administrative cost of providing the information, when a request: Is manifestly unfounded or excessive or is for further copies of the same information provided in a previous request, and
(b) granted without delay and within one calendar month of Your request; but We reserve the right to extend this period by a further two months for complex or numerous requests and We will inform You and provide an explanation if this is the case, and
(c) subject to the verification of Your identity, to do which We will usually require that You provide a photocopy of Your passport certified by a solicitor or bank plus an original copy of a utility bill showing Your current address, and
(d) provided in a commonly used electronic format.
12.3 You have the right to have personal data rectified if it is inaccurate or incomplete, subject to the same criteria as in ‘12.2 (b)’.
12.4 You have the right to be forgotten, and can request the erasure of Your personal data, subject to:
(a) the processing of Your data no longer being necessary in relation to the purpose for which it was originally collected/processed, or
(b) the withdrawal of Your consent, or
(c) if You object to the processing and there is no overriding legitimate interest for continuing the processing, or
(d) the data being unlawfully processed.
We reserve the right to refuse to comply with a request for erasure where the personal data is being processed for the following reasons:
(a) to exercise the right of freedom of expression and information, or
(b) to comply with a legal obligation for the performance of a public interest task or exercise of official authority, or
(c) for public health purposes in the public interest, or
(d) archiving purposes in the public interest, scientific research, historical research or statistical research, or
(e) the exercise or defence of legal claims.
12.5 You have the right to restrict the processing of Your personal data; but We reserve the right to continue storing the data and to retain enough of Your information to ensure that the restriction is respected in the future.
12.6 You have the right to move, copy or transfer Your personal data from one IT environment to another in a safe and secure way, without hindrance to usability; only in the circumstances where:
(a) the data in question was provided by You to Us, or
(b) the processing of the data is based on Your consent or for the performance of a contract, and
(c) the processing is carried out by automated means, subject to the same criteria as in ‘12.2 (b)’.
12.7 You have the right to object to the processing of Your personal data, provided the objection is on ‘grounds relating to Your particular situation’, in the circumstance(s) where:
(a) the data is used for the purposes of direct marketing (including profiling), or
(b) the processing is based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); and
(c) the processing is for the purpose of scientific/historical research and statistics.
We reserve the right to reject an objection to processing, provided We can:
(a) demonstrate compelling legitimate grounds for the processing, which override Your interests, rights and freedoms; or,
(b) the processing is for the establishment, exercise or defence of legal claims.
12.8 You have the right to not be subject to a decision whereby the decision is:
(a) based on automated processing; and
(b) the decision produces a legal effect or similarly significant effect on You.
This right does not apply if the decision:
(a) is necessary for entering into or performance of a contract with Us, or
(b) is authorised by law, or
(c) is based on Your explicit consent, and We have put in place suitable measures to safeguard Your rights, freedoms and legitimate interests.
12.9 You have the right to lodge a complaint with a supervisory authority.
13. Third party websites
13.1 Our website includes hyperlinks to, and details of, third party websites.
13.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
14. Updating information
14.1 Please let Us know if the personal information that We hold about You needs to be corrected or updated.
15.2 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
15.3 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
15.4 Cookies do not typically contain any information that personally identifies a user, but personal information that We store about You may be linked to the information stored in and obtained from cookies.
15.5 We may use both session and persistent cookies on Our website.
15.6 Most browsers allow You to refuse to accept cookies; for example:
(a) in Internet Explorer (version 11) You can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
(b) in Firefox (version 39) You can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and
(c) in Chrome (version 44), You can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.
15.7 Blocking all cookies will have a negative impact upon the usability of many websites.
15.8 If You block cookies, You will not be able to use all the features on Our website.
15.9 You can delete cookies already stored on Your computer; for example:
(a) in Internet Explorer (version 11), You must manually delete cookie files (You can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);
(b) in Firefox (version 39), You can delete cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show Cookies”, and then clicking “Remove All Cookies”; and
(c) in Chrome (version 44), You can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Cookies and other site and plug-in data” before clicking “Clear browsing data”.
15.10 Deleting cookies will have a negative impact on the usability of many websites.
16. Our details
16.1 This website is owned and operated by Nuweb Systems Ltd
16.2 The principal place of business of Zeal and Zest Pty Ltd is Plot 163/164, Unit 16, Gaborone International Commerce Park, Gaborone, Botswana
16.3 You can contact Us by writing to the business address given above, by using Our website contact form, or by email to firstname.lastname@example.org.