GDPR Privacy Notice

Effective Date: January 2026

This GDPR Privacy Notice explains how ZAHN Management UK Ltd (“ZAHN”, “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal data relating to individuals in the United Kingdom, European Union, and European Economic Area, in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR.

This Notice supplements our general Privacy Policy and applies specifically to personal data processed through the ZAHN mobile application and associated services.

1. Data Controller Information

ZAHN Management UK Ltd is the data controller responsible for the processing of your personal data.

Registered Office:
ZAHN Management UK Ltd
3rd Floor
1 Ashley Road
Altrincham
Cheshire
WA14 2DT
United Kingdom

Email: info@zahnapp.com

EU Representative:
At present, ZAHN does not have a designated EU representative under Article 27 GDPR. Should this become required due to changes in our operations or user base, we will update this Notice accordingly.


2. Categories of Personal Data We Process

We may collect and process the following categories of personal data:

A table with two columns labeled 'Category' and 'Examples'. Categories include 'Identity Data', 'Contact Data', 'Location Data', 'Device Data', 'Account Data', and 'Technical Data'. The table lists examples for each category such as profile photo, email address, real-time location, device model, login credentials, and crash logs.
A table listing various legal and purpose-related information about an app, including legal basis, consent, contractual necessity, legal obligation, and legitimate interests.

3. Legal Bases for Processing

We process personal data under the following lawful bases:

Where processing is based on consent, you may withdraw consent at any time through app settings or by contacting us.

4. Purposes of Processing

We use personal data to:

  • Operate and maintain the ZAHN App and related services

  • Provide real-time, location-based safety features

  • Personalise user experience and content

  • Send alerts, notifications, and service communications

  • Monitor system performance and detect technical issues

  • Comply with legal and regulatory obligations


5. Automated Decision-Making and Profiling

ZAHN does not carry out fully automated decision-making that produces legal or similarly significant effects.

We may use limited profiling (such as location clustering or safety ratings) to personalise the App experience and improve service functionality. These processes do not produce legal effects or significantly impact users’ rights.


6. Recipients of Personal Data

We may share personal data with trusted third-party service providers who act as data processors on our behalf, including providers of:

  • Authentication and database services

  • Cloud hosting and infrastructure

  • Push notification delivery

  • Analytics and performance monitoring

All third parties are subject to contractual data protection obligations.
We do not sell personal data.


7. International Data Transfers

Personal data may be transferred outside the UK, EU, or EEA, including to countries that do not provide an equivalent level of data protection.

Where such transfers occur, we rely on appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)

  • Data Processing Agreements (DPAs)

  • Vendor security assessments and due diligence


8. Data Retention

ZAHN retains personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with Article 5(1)(e) UK GDPR.

8.1 Active Accounts

Personal data is retained for the duration that a user maintains an active account in order to:

  • Provide core App functionality

  • Maintain account security

  • Enable safety features and notifications

  • Respond to support enquiries

8.2 Account Deletion and Post-Deletion Retention

Upon account deletion or a valid erasure request, personal data is deleted or anonymised without undue delay.

Certain data may be retained for up to 12 months where necessary to:

  • Comply with legal or regulatory obligations

  • Prevent fraud or misuse

  • Establish, exercise, or defend legal claims

  • Maintain system integrity

After this period, data is securely deleted or irreversibly anonymised unless a longer retention period is required by law.

8.3 Anonymised and Aggregated Data

Anonymised or aggregated data that can no longer identify individuals may be retained indefinitely for:

  • Analytics and research

  • App performance improvement

  • Safety trend analysis

Such data cannot be used to re-identify users.


9. Your GDPR Rights

You have the following rights under GDPR:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to object

  • Right to data portability

  • Right to withdraw consent

  • Right to lodge a complaint with a supervisory authority

Requests can be made by contacting info@zahnapp.com. Identity verification may be required.


10. Data Security

ZAHN implements appropriate technical and organisational measures to protect personal data in accordance with Article 32 UK GDPR.

10.1 Technical Measures

  • TLS encryption for data in transit

  • Secure authentication and access controls

  • Role-based access control (least privilege)

  • Server-side validation and database security rules

  • Secure cloud infrastructure with monitoring and firewalls

10.2 Organisational Measures

  • Internal access and confidentiality policies

  • Data minimisation practices

  • Regular system and dependency reviews

10.3 Ongoing Maintenance

  • Vulnerability monitoring and testing

  • Timely security updates and patches

  • Continuous review of security practices

10.4 Limitations

No system is entirely secure. Users are responsible for protecting their login credentials and notifying us of suspected unauthorised access.


11. Children’s Data

ZAHN is not intended for children under the age of 13. We do not knowingly collect or process personal data relating to children. If we become aware that personal data of a child has been collected without appropriate consent, we will take steps to delete it promptly.


12. Personal Data Breaches

In the event of a personal data breach, ZAHN will assess the risk and, where required, notify the relevant supervisory authority and affected individuals in accordance with Articles 33 and 34 UK GDPR.


13. Updates to This Notice

We may update this GDPR Privacy Notice from time to time. Material changes will be communicated via the App or our website.


14. Contact Us

If you have any questions, concerns, or complaints regarding this Notice or our data protection practices, contact us at: 

Email: legal@zahnapp.com

ZAHN Management UK Ltd
3rd Floor
1 Ashley Road
Altrincham
Cheshire
WA14 2DT
United Kingdom