ZayPOS is built with UK GDPR compliance in mind. We are a UK-based company, and data protection is fundamental to how we design and operate our platform — not an afterthought.

1. Overview

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 govern how personal data must be handled in the United Kingdom. As a UK-registered company, Zayn Productions Ltd is fully subject to these laws and takes our obligations seriously.

This page explains how GDPR applies to your use of ZayPOS, both as a user of our platform and as a business that may process the personal data of your own customers and staff.

2. Zayn Productions Ltd as data controller

For personal data relating to ZayPOS account holders, trial users, and website visitors, Zayn Productions Ltd is the data controller. This means we determine the purposes and means of processing your personal data.

Our full data controller details:

Name: Zayn Productions Ltd
Company number: 16892199
Address: 1 Alvin Street, Gloucester, England, GL1 3EJ
Email: [email protected]

3. You as data controller — we as processor

When you use ZayPOS to manage data about your own customers (e.g. loyalty members, review contacts) or your staff (e.g. clock-in records, payroll data), you are the data controller for that data, and Zayn Productions Ltd acts as your data processor.

This means:

You are responsible for having a lawful basis to collect and process your customers' and staff's personal data
You must ensure individuals are informed about how their data is used (e.g. via your own privacy notice)
We process that data only on your instructions and in accordance with our Data Processing Agreement
We implement appropriate technical and organisational measures to protect the data we process on your behalf

4. Lawful basis for processing

We process personal data only where we have a valid lawful basis. The bases we rely on include:

Processing activity	Lawful basis
Creating and managing your account	Contract performance
Billing and subscription management	Contract performance / Legal obligation
Platform security and fraud prevention	Legitimate interests
Product improvement and analytics	Legitimate interests
Marketing communications	Consent
Compliance with food safety law	Legal obligation
Responding to legal requests	Legal obligation

5. Your rights under UK GDPR

As a data subject, you have the following rights:

Right	What it means	How to exercise
Access	Receive a copy of your personal data	Email [email protected]
Rectification	Correct inaccurate or incomplete data	Email or in-app settings
Erasure	Request deletion of your data	Email [email protected]
Restriction	Limit how we process your data	Email [email protected]
Portability	Receive data in machine-readable format	Email [email protected]
Object	Object to processing based on legitimate interests	Email [email protected]
Withdraw consent	Stop consent-based processing at any time	Unsubscribe link or email

We will respond to all requests within 30 days. We may ask you to verify your identity before processing your request. There is no charge for exercising these rights in most circumstances.

6. Data Processing Agreement

If you are a business using ZayPOS to process the personal data of your customers or staff, you may require a formal Data Processing Agreement (DPA) with us to comply with your own GDPR obligations.

Our standard DPA is available on request. Please email [email protected] with the subject line "DPA Request" and we will provide it within 5 business days.

The DPA covers: the nature and purpose of processing, categories of data, duration, sub-processors, security measures, and data subject rights assistance.

7. International data transfers

ZayPOS primarily stores and processes data within the United Kingdom. Where we use third-party sub-processors located outside the UK (such as Amazon Web Services infrastructure in the EU), we ensure that appropriate safeguards are in place, including:

UK adequacy decisions or equivalent safeguards
Standard contractual clauses (SCCs) approved for UK transfers
Transfer impact assessments where required

8. Data breach notification

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it, as required by UK GDPR Article 33.

Where a breach is likely to result in a high risk to affected individuals, we will also notify those individuals directly without undue delay.

If you become aware of any potential security issue relating to your ZayPOS account, please contact us immediately at [email protected].

9. Data protection contact

We do not currently meet the threshold to require a formal Data Protection Officer (DPO) appointment. However, all data protection queries are handled by our privacy team:

Email: [email protected]
Post: Data Protection, Zayn Productions Ltd, 1 Alvin Street, Gloucester, GL1 3EJ

10. ICO registration and complaints

Zayn Productions Ltd is registered with the Information Commissioner's Office (ICO) as required under the Data Protection Act 2018.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the ICO:

Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would always welcome the opportunity to resolve any concerns directly before you contact the ICO — please reach out to us first.

GDPR & Data Protection