Zenstores and the GDPR

Data Privacy Officer

Data Protection Officer
support@zenstores.com
0117 205 0604
Zenstores, Utility House, 3 York Court, Upper York Street, Bristol, BS2 8QF

As part of our ongoing efforts to protect the security and privacy of our users, we are working to meet or exceed the GDPR (General Data Protection Regulation). This site contains information on what steps we are taking, their progress, and who to contact for any security concerns.

Make A Data Request

We respect the rights of individuals to know how their data is being used, export it or request that it be deleted.

Data Processing Partners

We rely on a number of trusted 3rd parties to assist with our operations. Depending on the exact nature of your account and what you've requested we do, your data may be shared with one of these partners. We carefully evaluate each to make sure they're handling your personal data with the utmost of respect, security, and privacy.

Services
Partner Locale Data Shared Purpose
AdRoll IP Address

AdRoll is a retargeting platform with a mission to make display advertising simple for business of all sizes.

CloudFront IP Address

Amazon CloudFront is a web service for content delivery. It integrates with other Amazon Web Services to give developers and businesses an easy way to distribute content to end users with low latency, high data transfer speeds, and no commitments.

Cookie Info Script IP Address

Lightweight script to tell a user the website uses cookies.

Digital Ocean IP Address

SSD VPS hosting environment.

Facebook Pixel IP Address

Facebook Pixel is Facebooks conversion tracking system for ads on Facebook to websites.

FullStory IP Address

FullStory lets product and support teams understand everything about the customer experience.

Google Analytics IP Address

Google Analytics offers a host of compelling features and benefits for everyone from senior executives and advertising and marketing professionals to site owners and content developers.

Google Apps for Business IP Address

Web-based email, calendar, and documents for teams. Renamed to Google Apps for Work, but now known as G Suite From Google Cloud.

Google Conversion Tracking IP Address

This free tool in AdWords can show you what happens after customers click your ad (for example, whether they purchased your product, called from a mobile phone or downloaded your app).

Google Hosted Libraries IP Address

Google Hosted Libraries is a globally available content distribution network for the most popular, open-source JavaScript libraries.

Google Remarketing IP Address

Google code specifically for remarketing/retargeting based advertising.

Google Universal Analytics IP Address

The analytics.js JavaScript snippet is a new way to measure how users interact with your website. It is similar to the previous Google tracking code, ga.js, but offers more flexibility for developers to customize their implementations.

Help Scout IP Address

Scalable customer support software.

Intercom IP Address

Intercom is a customer relationship management and messaging tool for web app owners

Ladda UI IP Address

Buttons with built-in loading indicators, effectively bridging the gap between action and feedback - for Bootstrap.

Mandrill IP Address

Mandrill is an email infrastructure service. Detailed analytics offer insight to measure email performance.

New Relic IP Address

New Relic is a dashboard used to keep an eye on application health and availability while monitoring real user experience.

Retina JS IP Address

Retina.js is an open source script that makes it easy to serve high-resolution images to devices with retina displays.

Segment IP Address

Segment gives you the ability to instrument your web app for analytics once, and then send your data to any number of analytics services. Previously known as Segment.io

Ubuntu IP Address

Ubuntu is a free, Debian derived Linux-based operating system, available with both community and professional support.

Varnish IP Address

Varnish is a web accelerator / reverse proxy caching server.

Compliance Tasks

GDPR Compliance requires maintenance and ongoing work. We are tracking our efforts here.

Data Mapping
Status Name
Completed Add Performance Monitoring Applications to Data Providers
Completed Add Exception/Error Reporting Services to Data Partners
Completed Add Web Analytics Service to Data Partners
Completed Add Internal Email Service to Data Partners
Completed Add Hosting Provider to Data Partners
Completed Add Social Embeds to Data Partners
Completed Add Third Party Web Font Services to Data Partners
Completed Add Customer Support (Helpdesk) Service to Partners
Completed Add Transactional Email Service to Partners
Completed Add Email Newsletter Service to Partners
Completed Add CDN Provider to Data Partners
Completed Add File Collaboration Service to Data Partners
Completed Add Database Provider to Data Partner
Marketing Site Security
Status Name
Completed HSTS (HTTP Strict Transport Security) added to SSL/TLS of Marketing Site
Completed Reviewed list of users with access to site
Completed SSL (TLS) Deployed on Marketing Site
Privacy Procedures
Status Name
Completed Informed all Employees and Contractors about GDPR Compliance
Completed Privacy Policy Updates
Completed Procedure established to allow for people to request that inaccuracies in their data are fixed.
Completed Process established for subject data requests
Completed Get Management Approval for GDPR Efforts
Completed Data Protection Policy Created
Completed Developed a Data Processing Agreement
Completed Briefed all Staff on GDPR Impact to the organization
Completed Nominate a Data Protection Lead or Data Protection
Security Procedures
Status Name
Completed Data Breach Notification Policy has been established
Completed Publish statement on public website on how to report security and data issues.

Frequently Asked Questions

If you have any concerns not answered here, please reach out to our contact (listed above) and we'll be happy to assist.

What's the GDPR?

The General Data Protection Regulation (GDPR) is a new piece of privacy legislation enacted by the European Union. It represents a significant change in how personal (IP Addresses, Emails, Names) and sensitive (religion, ethnic origin, health, orientation) data is handled by companies.

How Do I Report a Security Issue?

We take all security reports seriously. Please email our security contact (information listed above) with any information you have regarding any potential data breaches, vulnerabilities or concerns.

Do Non EU Companies need to comply with the GDPR?

While it remains to be seen if the EU has the legislative power to levy fines and enforcement against organizations around the globe, GDPR compliance is being sought by non EU companies for a variety of reasons.

  • Customers and Prospects are making it a requirement
  • It's a solid framework for improving the handling of personal information and complying with the GDPR requirements improves our own security.