Customer Privacy Policy

ZIETARS LIMITED
CUSTOMER PRIVACY POLICY
(UK GDPR & Data Protection Act 2018)
Last Updated: 11 February 2026

This Privacy Policy explains how Zietars Limited ("Zietars", "we", "us", "our") collects, uses, stores and protects personal data of individuals and businesses who use the Zietars digital marketplace platform ("Platform"). This Policy forms part of the legally binding Zietars Customer Terms & Conditions.

1. Data Controller
Zietars Limited (Company No: 14093701) is the Data Controller responsible for processing your personal data.
Registered Office: Zietars Limited, 124 City Road, London EC1V 2NX
Email: [email protected]

2. Legal Framework
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Privacy and Electronic Communications Regulations (PECR), Consumer Rights Act 2015, Consumer Contracts Regulations 2013, Electronic Commerce Regulations 2002, and other applicable UK legislation.

3. Categories of Personal Data Collected
We may collect and process the following categories of data:

- Identity Data (name, date of birth, account credentials);
- Contact Data (email address, telephone number, address);
- Booking Data (service history, booking details, preferences);
- Subscription Data (plan type, payment status, usage data);
- Payment Data (transaction references processed via Stripe);
- Technical Data (IP address, device ID, browser type, cookie identifiers);
- Usage Data (platform interactions, support communications);
- Location Data (if enabled via device permissions).

4. Lawful Bases for Processing
We rely on the following lawful bases under Article 6 UK GDPR:

- Contract: to create accounts, process bookings and manage subscriptions;
- Legal Obligation: to comply with tax, fraud prevention and regulatory duties;
- Legitimate Interests: to improve services, prevent fraud, enforce rights and monitor platform security (subject to balancing tests);
- Consent: for marketing communications and non-essential cookies (withdrawable at any time).

5. Automated Decision-Making & Profiling
Zietars does not make decisions based solely on automated processing that produce legal or similarly significant effects. Automated systems may assist in fraud detection, account monitoring and subscription calculations, subject to human oversight.

6. How We Use Personal Data
We use personal data to operate the Platform, facilitate bookings, process subscription payments, communicate updates, provide support, investigate disputes, enforce platform rules, detect fraud, improve services and comply with legal obligations. Failure to provide required personal data may prevent account creation or booking completion.

7. Sharing Personal Data
We may share limited personal data with:

- Service Providers (for booking fulfilment);
- Stripe and authorised payment processors;
- IT hosting and infrastructure providers;
- Fraud detection services;
- Legal and regulatory authorities;
- Professional advisers.
We do not sell personal data. All third parties are subject to confidentiality and data protection obligations.

8. International Transfers
Where personal data is transferred outside the UK, we rely on UK Adequacy Regulations, the UK International Data Transfer Agreement (IDTA), or Standard Contractual Clauses with appropriate safeguards.

9. Data Retention
We retain personal data only as long as necessary:

- Account data: active use + 6 years;
- Booking records: 3–6 years;
- Payment records: 6 years;
- Support logs: 2–6 years;
- Fraud monitoring data: as necessary;
- Cookies: as set out in the Cookies Policy.
Data is securely deleted or anonymised thereafter.

10. Your Rights Under UK GDPR
You have the right to:

- Access your data;
- Rectify inaccuracies;
- Erase data (subject to legal limits);
- Restrict processing;
- Object to processing (including marketing);
- Data portability;
- Withdraw consent;
- Lodge a complaint with the Information Commissioner’s Office (ICO).
ICO Website: www.ico.org.uk

11. Data Security
We implement appropriate technical and organisational measures including encryption (SSL/TLS), secure hosting, access controls, authentication safeguards, fraud monitoring systems and regular security testing. Where a personal data breach poses high risk, affected individuals will be notified in accordance with UK GDPR.

12. Cookies
Zietars uses essential, analytical and optional marketing cookies. Further details are provided in the Zietars Cookies Policy.

13. Children’s Privacy
The Platform is intended for users aged 18 or over. We do not knowingly collect personal data from children.

14. Updates to This Policy
We may update this Privacy Policy for legal, regulatory or operational reasons. Material changes will be notified via the Platform.

15. Contact
Data Protection Officer
Zietars Limited
124 City Road
London EC1V 2NX
Email: [email protected]