GDPR Privacy Notice
This Notice explains how ZAHN Management UK Ltd collects, uses, stores, shares, and protects personal data in accordance with the UK GDPR and EU GDPR. It supplements our general Privacy Policy and applies specifically to personal data processed through the ZAHN app and associated services.
ZAHN Management UK Ltd is the data controller responsible for the processing of your personal data.
ZAHN Management UK Ltd
3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT, United Kingdom
Email: legal@zahnapp.com
ICO Registration Number: [ICO REGISTRATION NUMBER]
[Insert DPO status here — either confirm appointment or state that a DPO is not mandatory and name the privacy lead contact.]
EU RepresentativeZAHN is a UK-based organisation. Where we offer services to individuals in the EU/EEA, we are assessing our obligations under Article 27 EU GDPR regarding the appointment of an EU representative. We will update this Notice when an EU representative is appointed. In the meantime, EU/EEA users may contact us directly at legal@zahnapp.com.
We may collect and process the following categories of personal data:
| Category | Examples |
|---|---|
| Identity Data | Name, profile photo, username |
| Contact Data | Email address, phone number |
| Location Data | Real-time GPS location, background location, Saved Spots, check-in data |
| Device Data | Device model, operating system, app version, language settings |
| Account Data | Login credentials, feature preferences, account settings |
| Technical Data | Crash logs, app performance metrics, usage diagnostics |
| Communications Data | Support messages, feedback, and enquiries submitted to us |
We process personal data under the following lawful bases under UK GDPR Article 6:
| Legal Basis | When We Rely On It |
|---|---|
| Consent Art. 6(1)(a) | Precise and background location data; push notifications; optional safety features |
| Performance of a contract Art. 6(1)(b) | Creating and operating your ZAHN account; providing core app functionality |
| Legitimate interests Art. 6(1)(f) | Platform security; fraud prevention; app performance monitoring; service improvement |
| Legal obligation Art. 6(1)(c) | Compliance with applicable laws and regulatory requirements |
Where processing is based on consent, you may withdraw it at any time through your device settings or in-app controls. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
We use personal data to:
- Operate and maintain the ZAHN app and related services
- Provide real-time, location-based safety features including live sharing, Ghosting, Saved Spots, and check-ins
- Personalise user experience and app content
- Send safety alerts, notifications, and service communications
- Monitor system performance and detect technical issues
- Prevent fraud, misuse, and unauthorised access
- Comply with legal and regulatory obligations
ZAHN does not carry out fully automated decision-making that produces legal or similarly significant effects on users, as described in Article 22 UK GDPR.
We may carry out limited, non-significant profiling to improve service functionality — for example, analysing aggregated location patterns to improve Saved Spots suggestions. This profiling does not produce legal effects, does not result in any decision being made about individual users, and cannot be used to identify you personally. Contact us at legal@zahnapp.com if you have questions about how profiling affects you.
We may share personal data with trusted third-party service providers who act as data processors on our behalf, including providers of:
- Authentication and database services
- Cloud hosting and infrastructure
- Push notification delivery
- Analytics and performance monitoring
- Customer support tooling
All third-party processors are subject to contractual data protection obligations in accordance with Article 28 UK GDPR. We do not sell personal data and do not share it for advertising or marketing purposes.
Personal data may be transferred outside the UK, EU, or EEA, including to the United States, where some of our third-party service providers are based. Where such transfers occur, we rely on:
- UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs)
- Data Processing Agreements (DPAs) with all relevant processors
- Vendor security assessments and ongoing due diligence
An up-to-date list of key processors is available on request by contacting legal@zahnapp.com.
ZAHN retains personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with Article 5(1)(e) UK GDPR.
8.1 Active accountsPersonal data is retained for the duration that a user maintains an active account in order to provide core app functionality, maintain account security, enable safety features, and respond to support enquiries.
8.2 Account deletion and post-deletion retentionUpon account deletion or a valid erasure request, personal data is deleted or anonymised without undue delay. Certain data may be retained for up to 30 days where necessary to:
- Comply with legal or regulatory obligations
- Prevent fraud or misuse
- Establish, exercise, or defend legal claims
- Maintain system integrity
After this period, data is securely deleted or irreversibly anonymised unless a longer retention period is required by law.
8.3 Anonymised and aggregated dataAnonymised or aggregated data that can no longer identify individuals may be retained indefinitely for analytics, research, app performance improvement, and safety trend analysis. Such data cannot be used to re-identify users.
You have the following rights under UK GDPR and EU GDPR. To exercise any of these rights, contact us at legal@zahnapp.com. We will respond within one month. Identity verification may be required.
| Right | What It Means |
|---|---|
| Right of access Art. 15 | Request a copy of the personal data we hold about you |
| Right to rectification Art. 16 | Request correction of inaccurate or incomplete data |
| Right to erasure Art. 17 | Request deletion of your data, subject to legal limitations |
| Right to restrict processing Art. 18 | Ask us to limit how we use your data in certain circumstances |
| Right to object Art. 21 | Object to processing based on legitimate interests |
| Right to data portability Art. 20 | Receive your data in a structured, machine-readable format |
| Right to withdraw consent Art. 7(3) | Withdraw consent at any time without affecting prior processing |
| Right to lodge a complaint | Contact the ICO at ico.org.uk or 0303 123 1113 |
ZAHN implements appropriate technical and organisational measures to protect personal data in accordance with Article 32 UK GDPR.
Technical measures- TLS encryption for data in transit
- Secure authentication and access controls
- Role-based access control (least privilege)
- Server-side validation and database security rules
- Secure cloud infrastructure with monitoring and firewalls
- Internal access and confidentiality policies
- Data minimisation practices
- Regular system and dependency reviews
- Vulnerability monitoring, testing, and timely security updates
No system is entirely secure. Users are responsible for protecting their login credentials and notifying us promptly of any suspected unauthorised access.
ZAHN is not intended for children under the age of 13 in the United Kingdom, or below the applicable age of digital consent in other jurisdictions (up to 16 in certain EU member states). We do not knowingly collect or process personal data relating to children. If we become aware that personal data of a child has been collected without appropriate consent, we will take steps to delete it promptly and disable the associated account.
In the event of a personal data breach, ZAHN will assess the risk to individuals and, where required under Articles 33 and 34 UK GDPR, notify the Information Commissioner's Office (ICO) within 72 hours and affected individuals without undue delay. We maintain an internal breach register and incident response procedures to support this obligation.
We may update this GDPR Privacy Notice from time to time. Material changes will be communicated via the App or our website. The effective date at the top of this Notice will be updated accordingly.
If you have any questions, concerns, or complaints regarding this Notice or our data protection practices, please get in touch: