Privacy Policy


ST – Water for Life, operating as (“we”, “us”, “our”, or “Company”), values privacy and the importance of protecting personal data. This Privacy Policy (“Policy”) describes our privacy practices regarding the activities outlined below. As required by law, we inform you how we collect, store, access, and otherwise process personal information. In this Policy, the term “Personal Data” refers to any information that alone or in combination with other available information can identify a specific individual.

We are committed to protecting privacy in accordance with the most stringent privacy protection laws. As such, we comply with the obligations set forth by the following regulations:

  • Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial regulations
  • Quebec Law 25
  • General Data Protection Regulation (GDPR) of the EU
  • Brazilian General Data Protection Law (LGPD)
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) and California Online Privacy Protection Act (CalOPPA)
  • Colorado Privacy Act (CPA)
  • Utah Consumer Privacy Act (UCPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • South African Protection of Personal Information Act (POPIA)

Scope

This Policy applies to the websites and domains of Zest – Water for Life.

This Policy does not apply to third-party applications, websites, products, services, or platforms that may be accessed through provided links (other than Zest – Water for Life). These sites are owned by others, operated independently of us, and have their own, separate privacy and data collection practices. Any Personal Data provided on these sites is subject to third-party privacy policies. We are not responsible for the actions or policies of third-party sites, or the content contained therein, nor for their privacy practices.

Processing Activities

This Policy applies when a user interacts with us by performing any of the following actions:

  • Uses our app and services as an authorized user
  • Visits any of our websites that reference this Privacy Statement
  • Receives any communication from us, including newsletters, emails, calls, or SMS messages

This privacy policy was generated by Enzuzo.


Personal data collected by us

When a user makes or attempts to make a purchase, we collect the following types of personal data:

This data includes:

  • Account data, such as name, email address, and password
  • Payment data, such as billing address, phone number, credit card, debit card, or other payment methods
  • Financial data, including credit card numbers
  • Purchase data, particularly personalized or unique data

When a user uses our products and/or features, we collect the following types of personal data:

This data includes:

  • Account data, such as name, email address, and password
  • Payment data, such as billing address, phone number, credit card, debit card, or other payment methods
  • Financial data, including credit card numbers
  • Purchase data, particularly personalized or unique data

How We Collect Personal Data

We collect personal data from the following sources:

  • From the user: The user may provide us with account, payment, financial, demographic, purchase, content, feedback, or product information by filling out forms, using our products or services, entering information online, or contacting us by mail, phone, email, or otherwise. This includes submitting personal data when, for example:
    • The user creates an account or makes a purchase on our website;
    • The user uses our products or services;
    • The user creates content using our products or services;
    • The user expresses interest in our products or services;
    • The user downloads software and/or our mobile app;
    • The user subscribes to our newsletter;
    • The user fills out a voluntary market research survey;
    • The user contacts us with a question or to report an issue (via phone, email, social media, or messaging);
    • The user logs into our website via social media.
  • Automated Technologies or Interactions: When interacting with our website, we may automatically collect the following types of data (all described above): device data, usage data regarding actions and browsing patterns, and contact data in case tasks remain incomplete, such as uncompleted orders or abandoned carts. We collect this data using cookies, server logs, and similar technologies. More information on this can be found in the cookies section (below).
  • Third Parties: We may receive personal data about the user from various third parties, including:
    • Account and payment information from another person when they purchase a gift for the user on our website;
    • Device and usage data from third parties, including analytics service providers such as Google;
    • Account and payment information from social media platforms when the user logs into our website via these platforms;
    • Content from communication services, including email providers and social networks, if the user gives us consent to access this data on such third-party services or networks;
    • Account and payment information from third parties, such as organizations (e.g., law enforcement), associations, and groups that share data to prevent and detect fraud and reduce credit risk; and
    • Account, payment, and financial data from technical, payment, and delivery service providers.

In the case of providing us or our service providers with any personal data of other individuals, the user represents that they are authorized to do so and confirms awareness that the data will be used in accordance with this Policy. If the user believes that their personal data was provided to us incorrectly or otherwise wishes to exercise their rights related to personal data, please contact us using the contact information in the “Contact Us” section below.

Device and Usage Data

When a user visits the Zest – Water for life website, we automatically collect and store information about their visit using browser cookies (files sent by us to the user’s computer) or similar technologies. It is possible to configure the browser to reject all cookies or indicate when a cookie is sent. The help feature in most browsers contains information about accepting cookies, disabling them, or notifying when a new cookie is received. If cookies are not accepted, some features of our service may be unavailable, so we recommend leaving cookie functionality enabled.

We also process information when the user interacts with our services and products. This information may include:

  • Timestamps
  • Location data
  • Individual products displayed
  • Search terms or internet searches that led the user to the website
  • Other operational data

Data Collected from Third Parties

We may receive personal data about users from third parties, such as companies subscribing to Zest – Water for life services, partners, and other sources. This data is not collected by us but by third parties and is subject to the separate privacy policies and data collection practices of the respective third parties. We have no control or influence over how third parties process users’ personal data. Users always have the right to access and correct their data. For any questions, the user should first contact the relevant third party for further information regarding their personal data. If the third party does not respect the rights, the user can contact the data protection officer at Zest – Water for life (contact details below).

Our websites and services may contain links to other websites, applications, and services maintained by third parties. The information practices of other services or social media networks that manage our branded pages on social media are subject to the privacy statements of those third parties, which should be reviewed to better understand third-party privacy practices.

Purpose and Legal Basis for Processing Personal Data

We collect and use personal data with the user’s consent to deliver, maintain, and improve our products and services and to explore opportunities for enhancement.

Purposes include:

  • Delivery of products or services
  • Order fulfillment, including electronic and traditional shipping
  • Delivering, developing, and improving our products and services
  • Providing, maintaining, debugging, and improving our products and services
  • Offering Zest – Water for life services and setting up accounts
  • Organizing and delivering advertising and marketing activities
  • Sending newsletters and other marketing communications regarding current and future products, programs, services, events, contests, surveys, and promotions organized by us or on our behalf
  • Organizing events or registering participants and planning meetings at events
  • Communicating with you regarding Products and Services

When we process personal data to deliver a product or service, we do so because it is necessary to fulfill contractual obligations. All of the above processing activities are essential to our legitimate interest in delivering products and services, maintaining our relationships with users, and protecting our business, for example, from fraud. Consent is required to initiate service provision. If there are any changes to the types of data we collect, new consent will be required. Some services under our agreement may be unavailable if the user does not give consent.

Third-Party Tools

We use external tools to store your information:

  • WooCommerce

International Transfer and Data Storage

As much as possible, we store and process data on servers located in the geographic region where the user resides (note: this may not be the country where the user resides). Personal data may also be transferred and stored on servers located outside the user’s state, province, country, or other governmental jurisdiction, where data protection laws may differ from those in the user’s jurisdiction. We will take appropriate steps to ensure that the user’s personal data is treated securely and in accordance with this Policy and applicable data protection laws. Data may be stored in other countries deemed adequate under the user’s country’s law. In regions not deemed adequate, we will incorporate standard contractual clauses (or equivalent measures) into agreements with parties outside the EEA and ensure appropriate data security controls. More information on these clauses can be found here: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914

Sharing and Disclosure

We share personal data with third parties only as specified in this Policy or at the time of collection.

Our online store is powered by WooCommerce. More information on how Shopify uses personal data can be found here: https://automattic.com/privacy/

We also use Google Analytics to understand how our customers use the site. More information on how Google uses personal data can be found here: https://www.google.com/intl/en/policies/privacy/

You can also opt out of Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=en

We may also use personal data to offer targeted marketing through ads or other forms of communication (such as newsletters).

More information about how targeted advertising works can be found on the educational page of the Network Advertising Initiative (“NAI”) at: http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work

Additionally, you can opt out of some such services by visiting the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/

Legal Requirement

We may use or disclose personal data to fulfill a legal obligation, in connection with a public or governmental request, or in connection with a legal proceeding or tribunal to prevent death or injury, or to protect our rights or property. Where possible and practical, we notify in advance about disclosures.

Service Providers and Other Third Parties

We may use external service providers, independent contractors, agencies, or consultants to deliver and improve our products and services. We may share personal data with marketing agencies, database service providers, backup and data recovery service providers, email service providers, and other entities, but only to maintain and improve our products and services. Get more information about the recipients of Personal Data, please contact us using the information provided in the “Contact Us” section below.

What are cookies?

A cookie is a small file containing information stored by the browser on a device. The information in this file is typically shared with the website owner, as well as potential partners and third parties associated with the activity. Collecting this information may be used to operate website features and/or improve user experience.

How we use cookies

To provide the best experience, we use the following types of cookies:

  1. Strictly necessary – As a web application, we require certain essential cookies to operate our service.
  2. Preference – We use preference cookies to remember how you interact with our service.
  3. Analytics – We collect analytical data about the types of people visiting our website to improve our services and products.
  4. Marketing – We share cookies with external advertisers and/or partners to provide you with a personalized marketing experience.

We also allow third-party partners to place their own cookies on our website.

How to control cookies

As long as the cookie is not strictly necessary, you can enable or disable its use at any time. To change how we collect information, please use our cookie manager.

If we participate in a merger, acquisition, or asset sale, the user’s personal data may be transferred. We will notify you before your personal data is transferred and begins to be subject to a different privacy policy. In certain circumstances, we may be required to disclose your personal data if required by law or in response to a legitimate request from public authorities (e.g., a court or government agency).

We implement appropriate security measures and organizational safeguards to protect personal data from accidental loss, misuse, unauthorized access, alteration, or disclosure.

Whenever personal data is involved, communication between the user’s browser and our website is done through a secure, encrypted connection.

We require any third party engaged to process personal data on our behalf to implement security measures to protect the data and to process it in accordance with the law.

In the unfortunate event of a data breach, we will notify the user and any relevant regulatory authorities if we are legally required to do so.

User rights are subject to local data protection regulations depending on their geographical location and citizenship. These rights may include:

RIGHT OF ACCESS (PIPEDA, ART. 15 GDPR, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA)
The user has the right to know if we process their personal data and to request a copy of the personal data we process about them.

RIGHT TO RECTIFICATION (PIPEDA, ART. 16 GDPR, CPRA, CPA, VCDPA, CTDPA, LGPD, POPIA)
The user has the right to rectify any incomplete or inaccurate personal data we process about them.

RIGHT TO BE FORGOTTEN (RIGHT TO DATA DELETION) (ART. 17 GDPR, CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA, LGPD, POPIA)
The user has the right to request the deletion of their personal data, except when we need to retain it for legal obligations or to establish, exercise, or defend legal claims.

RIGHT TO RESTRICT PROCESSING (ART. 18 GDPR, LGPD)
Under certain circumstances, the user has the right to restrict the processing of their personal data. In this case, we will only store the data, not process it further.

RIGHT TO DATA PORTABILITY (PIPEDA, ART. 20 GDPR, LGPD)
The user has the right to obtain their personal data in a structured, electronic format and transfer it to another data controller, if the data (a) was provided to us and (b) is processed based on the user’s consent or a contract with the user or a third party subscribing to the services.

RIGHT TO OPT-OUT (CPRA, CPA, VCDPA, CTDPA, UCPA)
The user has the right to opt out of the processing of their personal data for (1) targeted advertising; (2) the sale of personal data; and/or (3) profiling for decisions that have legal or similarly significant effects on the user. Under CPRA, the user has the right to opt out of sharing their personal data with third parties and from using or disclosing sensitive personal data for purposes necessary to deliver the products and services the user reasonably expects.

RIGHT TO OBJECT (ART. 21 GDPR, LGPD, POPIA)
When the legal basis for processing personal data is our legitimate interest, the user has the right to object to such processing based on their specific situation. We will comply with such a request unless we have compelling legitimate grounds for processing that override the user’s interests and rights or we need to continue processing for legal claims.

ANTI-DISCRIMINATION AND RETALIATION (CCPA/CPRA, CPA, VCDPA, CTDPA, UCPA)
The user has the right not to be denied service or have their experience altered as a result of exercising their rights.

APPEALING DECISIONS (CPA, VCDPA, CTDPA)
The user has the right to appeal if they disagree with our response to their exercise of any of the above rights. If the user disagrees with our resolution, they can contact the Attorney General’s office, found at:

If you are based in Colorado, please visit this website to file a complaint.
If you are based in Virginia, please visit this website to file a complaint.
If you are based in Connecticut, please visit this website to file a complaint.

FILING COMPLAINTS (ART. 77 GDPR, LGPD, POPIA)
The user has the right to lodge a complaint with the relevant data protection authority.

Residents of the EEA can visit the website (https://edpb.europa.eu/about-edpb/about-edpb/members_pl), which includes a list of local data protection authorities.

WITHDRAWAL OF CONSENT
If the user has given consent to process their personal data, they have the right to withdraw that consent at any time, such as if they wish to unsubscribe from marketing messages. To withdraw consent, they can contact us using the information provided at the bottom of this page.

HOW TO ENFORCE YOUR RIGHTS
The user can enforce any of these rights by submitting a request to our privacy team via the form below.

For privacy and security reasons, we may require the user to verify their identity before processing their request.

We may update this Policy at any time. In the event of changes, we will publish the new version on this website. When using our services, we will ask the user to review and accept our Privacy Policy. This way, we can record the user’s acceptance and notify them of any future updates to the Policy.

To request a copy of your information, unsubscribe from our mailing list, request data deletion, or ask any questions regarding data privacy, we’ve made the process simple:

Submit a data protection request

To contact us, please send an email to zestmeup@zestwaterforlife.com

Write to us:
Personal Data Protection Inspector of Zest – Water for life
ZEST WFL INTERNATIONAL LIMITED 35 LINDLEY AVENUE
NG17 2SY SUTTON-IN-ASHFIELD