Here comes the legal bit...
These Terms set out the rules for using our website.
Please read these Terms and Conditions carefully before using this site.
By using our site, you confirm that you accept the terms of this policy and that you agree to comply with them. If you do not agree to these terms, you must not use our site. We recommend that you print a copy of these terms for future reference. We amend these terms from time to time. Every time you wish to use our site, please check these terms to ensure you understand the terms that apply at that time. These terms were most recently updated on the 24th of July 2019.
What's in these terms?
These terms tell you the rules for using our website Zappi.io (our site).
Who we are and how to contact us
Zappi.io is a site operated by ZappiStore Limited, part of the Zappi Group also containing ZI Group Limited, ZappiStore Inc, ZappiStore (PTY) Ltd and ZappiStore Pte Limited ("We"). ZappiStore Limited is registered in England and Wales under company number 08185247 and has our registered office and main trading address at Theatre House, 97 – 99 Camden High Street, London, NW1 7JN, United Kingdom.
Our VAT number is 142676309. To contact us, please email email@example.com or telephone our customer service line on +44 (0) 203 889 7682.
Other terms may apply to you
Any agreement or terms and conditions that have been agreed with you or incorporated into our relationship relating to the provision of ZappiStore services (“Client Agreement”).
We may make changes to our site
We may update and change our site from time to time to reflect changes to our products, our users' needs, and our business priorities.
We may suspend or withdraw our site
Our site is made available free of charge (but services that are offered via our website may be available at a cost, as set out in our Client Agreement).
We do not guarantee that our site, or any content on it, will always be available or be uninterrupted. We may suspend or withdraw or restrict the availability of all or any part of our site for business and operational reasons.
You must keep your account details safe
If you choose, or you are provided with, a user identification code, password or any other piece of information as part of our security procedures, you must treat such information as confidential. You must not disclose it to any third party.
If you know or suspect that anyone other than you knows your user identification code or password, you must promptly notify us at firstname.lastname@example.org.
How you may use material on our site
We are the owner or the licensee of all intellectual property rights in our site, and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved.
You may print off one copy, and may download extracts, of any page(s) from our site for your personal use and you may draw the attention of others within your organization to content posted on our website. Our Client Agreement with you (if applicable) may set out additional license terms and usage restrictions relating to your use of our materials and reports available via our site.
Our status (and that of any identified contributors) as the authors of content on our website must always be acknowledged.
Do not rely on information on this site
The content on our site is provided for general information only. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
Although we make reasonable efforts to update the information on our site, we make no representations, warranties or guarantees, whether express or implied, that the content on our site is accurate, complete or up to date.
We are not responsible for websites we link to
Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them.
We have no control over the contents of those sites or resources.
User-generated content is not approved by us
This website may include information and materials uploaded by other users of the site. This information and these materials have not been verified or approved by us. The views expressed by other users on our website do not represent our views or values.
Our responsibility for loss or damage suffered by you
Whether you are a consumer or a business user:
We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents, or subcontractors and for fraud or fraudulent misrepresentation.
Different limitations and exclusions of liability will apply to liability arising as a result of the supply of any products to you, which will be set out in our Client Agreement with you.
If you are a business user:
We exclude all implied conditions, warranties, representations or other terms that may apply to our site or any content on it.
We will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty or otherwise, even if foreseeable, arising under or in connection with:
use of, or inability to use our site; or
use of, or reliance on any content displayed on our website.
In particular, we will not be liable for:
loss of profits, sales, business, or revenue;
loss of anticipated savings;
loss of business opportunity, goodwill or reputation; or
any indirect or consequential loss or damage.
How we may use your personal information
Uploading content to our site and acceptable use
Whenever you make use of a feature that allows you to upload content to our site, or to make contact with other users of our website, link to our site or interact with our site in any other way you must comply with the following content and use standards:
You may use our website only for lawful purposes. You may not use our site:
In any way that breaches any applicable local, national or international law or regulation or applicable codes or practice;
In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect;
In any way which breaches the rights of any third party;
In a socially irresponsible or offensive way;
For the purpose of harming or attempting to harm minors in any way;
To transmit, or procure the sending of, any unsolicited or unauthorized advertising or promotional material or any other form of similar solicitation (spam);
To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to affect the operation of any computer software or hardware adversely.
You also agree:
Not to access without authority, interfere with, damage or disrupt:
any part of our site;
any equipment or network on which our site is stored;
any software used in the provision of our site; or
any equipment or network or software owned or used by any third party.
Failure to comply with these acceptable use standards constitutes a material breach of these terms and conditions and may result in our taking all or any of the following actions:
Immediate, temporary or permanent withdrawal of your right to use our site.
Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
Further legal action against you.
Disclosure of such information to law enforcement authorities as we reasonably feel is necessary or as required by law.
The actions we may take are not limited to those described above, and we may take any other action we reasonably deem appropriate.
Any content you upload to our site will be considered non-confidential and non-proprietary. You retain all of your ownership rights in your content, but you are required to grant other users of our website and us a limited license to use, store and copy that content and to distribute and make it available to third parties.
We also have the right to disclose your identity to any third party who is claiming that any content posted or uploaded by you to our site constitutes a violation of their intellectual property rights or their right to privacy.
We have the right to remove any posting you make on our site if, in our opinion, your post does not comply with the content standards set out in these acceptable use standards
You are solely responsible for securing and backing up your content.
We are not responsible for viruses, and you must not introduce them
We do not guarantee that our site will be secure or free from bugs or viruses.
You are responsible for configuring your information technology, computer programs, and platform to access our site. You should use your own virus protection software.
You must not misuse our site by knowingly introducing viruses, trojans, worms, logic bombs or other material that is malicious or technologically harmful. You must not attempt to gain unauthorized access to our site, the server on which our site is stored, or any server, computer or database connected to our website. You must not attack our site via a denial-of-service attack or a distributed denial-of-service attack. By breaching this provision, you would commit a criminal offense under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities, and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.
Rules about linking to our site
You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it.
You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.
You must not establish a link to our site in any website that is not owned by you.
Our site must not be framed on any other site, nor may you create a link to any part of our site other than the home page.
We reserve the right to withdraw linking permission without notice.
The website in which you are linking must comply in all respects with the content standards set out in these terms and conditions
If you wish to link to or make any use of the content on our site other than that set out above, please contact email@example.com.
Which country's laws apply to any disputes?
ZappiStore (UK registered trade mark No.2627192), Zappi and the Zappi logo are trademarks of ZappiStore Limited and the Zappi Group.
At Zappi we are dedicated to protecting all Customer Data and maintaining high Data Privacy standards using best-in-class industry standards.
Information Security and Data Privacy form part of our Zappi’s DNA.
Zappi’s most important concern is to put the consumers at the heart of all your business decisions and minimize risk. As part of minimizing this risk, we invest in securing your data and ensuring that data privacy matters are addressed comprehensively. We combine well renowned enterprise-class security features with comprehensive audits of our employees, vendors, applications, systems, and networks to ensure our customers’ and respondents’ data is protected.
Security Certifications and Attestation
Zappi conducts a variety of audits to ensure continuous security and data privacy compliance with industry-standard best practices:
Zappi is ISO27001 compliant and achieved certification in June 2018 by the British Standards Institute with the following scope:
“The Information security management system for the provisioning of the Zappi online market research platform including our Store, Data Collector, Reporting Platform and our Sampling Engine”
Zappi has a dedicated Information Security and Data Privacy team that continuously works on evolving and improving Zappi’s security standing with respect to our customers’ and the industry’s needs.
Zappi maintains security policies and procedures that have been approved and by our senior management to ensure everyone knows their security responsibilities and their code of conduct when it comes to data security. Our policies are audited regularly as a part of our continual ISO 27001 certification.
Zappi’s platform code development is done through our documented Secure SDLC process. Lightweight threat modelling and risk assessments are done on all new product functionality and reviewed by the security team. As part of our SDLC, Zappi conducts mandatory code reviews fore code changes. Zappi’s development and testing environments are separate from our production environment.Our employee hiring process includes background screening.
As part of our on-boarding processes, our employees go through Zappi security training.At least once a year, our engineers participate in secure code training which also covers common flaws such as the OWASP Top 10, common attack vectors, and Zappi security controls.
Responsible Disclosure Policy
At Zappi we recognize and prioritize the safety and privacy of both our internal and external stakeholders by assuring that we provide secure products and service offerings. As such, we are committed to investigating and addressing any potential security issues that are brought to our attention.
This policy aims to specify the process by which Zappi handles responsible disclosure on matters related to our offerings and business.
General Data Protection Regulation (GDPR)
Zappi is committed to assist our customers to understand their rights and obligations under the EU GDPR and how it relates to them conducting business with Zappi.
Zappi has implemented a GDPR (General Data Protection Regulation) readiness program with a dedicated Data Privacy monitored function.
Zappi continues to introduce tools and processes to ensure our compliance with the requirements of the EU GDPR.
Zappi’s platform is hosted on Amazon Web Services (AWS) facilities. AWS provides an extensive host of regulatory compliance assurances. The data is currently hosted on North Virginia.
All Zappi platform servers are deployed within our own virtual private cloud’s (VPC’s), which we restrict using Network Access Controls and Security Groups allowing only the minimal required communication with our servers.
All Zappi platform network deployments are regularly scanned for open vulnerabilities and patched continuously.All Zappi servers are hardened and regularly audited to ensure that only the necessary services are exposed.
Zappi’s platform AWS facilities are closely monitored with Intrusion Detection Systems implemented for any suspicious or malicious activities
We apply encryption for all data in transit using SSL and for any connection attempts done over HTTP are permanently redirected to HTTPS. We aim to maintain our “A” grade for our SSL test on Qualys/SSL Labs.All the customer data we host (stimulus) is encrypted both in transit and at rest.Data access and authorization requests are provided on a need to know bases, and based on a principle of least privilege. Access to our AWS production system is restricted to authorized personnel and is carried out using our SSO platform that has restricted roles.
Zappi has an extensive automated testing program, we conduct application penetration testing to our entire platform by a third party at least annually.Zappi runs a security champion program which has each application development team assigned a trained Security Developer who ensures that secure coding practices are followed and all code changes have a security sign off before being deployed to production.Zappi allows users to authenticate using Basic authentication and also supports Single sign-on using SAML (Okta and OneLogin) subject to request.Zappi uses AWS Cognito to manage authentication requests and all passwords stored are not accessible to any of our internal staff. Audit logging lets account administrators see when users last logged in and disable any dormant accounts.
All-access to Zappi’s platform is logged and audited. Logs are kept for at least 3 years. Zappi maintains a formal incident response plan and procedures in the case of major events. All Zappi access logs are analyzed and researched on through our Security Information and Event Management system (SIEM) For any security queries, please contact firstname.lastname@example.org.
This statement is made pursuant to section 54(1) of the Modern Slavery Act 2015. This statement sets out ZappiStore Ltd's approach on understanding and mitigating any potential risks concerning slavery and human trafficking taking place within its own operations and supply chain and the actions undertaken to mitigate any such risks during a financial year.
Due to the nature of the market research services, our supply chain is uncomplicated and consists of suppliers of data, research services and survey respondents. We are committed to applying high quality ethics and practices in all our business dealings and relationships wherever we operate and implementing and enforcing effective systems to counter slavery and human trafficking.
ZappiStore Ltd. have assessed that the risk of slavery and human trafficking taking place within its own operations and supply chain is very low risk due to the nature of ZappiStore Ltd's business and governance structure.
Modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labour and human trafficking, all of which have in common the deprivation of a person's liberty by another in order to exploit them for personal or commercial gain.
The Company has a zero-tolerance approach to modern slavery, and we are committed to acting ethically and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or in any of our supply chains. We are also committed to ensuring there is transparency in our own business and in our approach to tackling modern slavery throughout our supply chains, consistent with our disclosure obligations under the Modern Slavery Act 2015.
We expect the same high standards from all of our contractors, suppliers and other business partners, and as part of our contracting processes. We specifically prohibit the use of forced, compulsory or trafficked labour, or anyone held in slavery or servitude, whether adults or children, and we expect that our suppliers will hold their own suppliers to the same high standards.
This policy applies to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners. This policy does not form part of any employee's contract of employment and we may amend it at any time.
Responsibility for the policy
The Chief Executive Officer has overall responsibility for ensuring this policy complies with our legal and ethical obligations, and that all those under our control comply with it.
The Chief People Officer has primary and day-to-day responsibility for implementing this policy, monitoring its use and effectiveness, dealing with any queries about it, and auditing internal control systems and procedures to ensure they are effective in countering modern slavery.
Management at all levels are responsible for ensuring those reporting to them understand and comply with this policy and are given adequate and regular training on it and the issue of modern slavery in supply chains.
You are invited to comment on this policy and suggest ways in which it might be improved. Comments, suggestions and queries are encouraged and should be addressed to the Chief People Officer.
Compliance with the policy
You must ensure that you read, understand and comply with this policy. The prevention, detection and reporting of modern slavery in any part of our business or supply chains is the responsibility of all those working for us or under our control.
You are required to avoid any activity that might lead to, or suggest, a breach of this policy.
You must notify your line manager OR a company Director as soon as possible if you believe or suspect that a conflict with this policy has occurred or may occur in the future. You are encouraged to raise concerns about any issue or suspicion of modern slavery in any parts of our business or supply chains of any supplier tier at the earliest possible stage. If you believe or suspect a breach of this policy has occurred or that it may occur, you must notify your line manager or company Director OR report it in accordance with our Whistleblowing Policy as soon as possible.
You should note that where appropriate, and with the welfare and safety of local workers as a priority, we will give support and guidance to our suppliers to help them address coercive, abusive and exploitative work practices in their own business and supply chains. If you are unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any tier of our supply chains constitutes any of the various forms of modern slavery, raise it with your line manager or company Director. We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this policy, even if they turn out to be mistaken. We are committed to ensuring no one suffers any detrimental treatment as a result of reporting in good faith their suspicion that modern slavery of whatever form is or may be taking place in any part of our own business or in any of our supply chains.
Detrimental treatment includes dismissal, disciplinary action, threats or other unfavourable treatment connected with raising a concern.
If you believe that you have suffered any such treatment, you should inform your line manager immediately. If the matter is not remedied, and you are an employee, you should raise it formally using our Grievance Procedure, which can be found in the current employee handbook.
Communication & awareness of this policy
Training on this policy is provided to new and existing employees, and updates will be provided using established methods of communication between the business and staff members.
Our zero-tolerance approach to modern slavery must be communicated to all suppliers, contractors and business partners at the outset of our business relationship with them and reinforced as appropriate thereafter.
Breaches of this policy
Any employee who breaches this policy will face disciplinary action, which could result in dismissal for misconduct or gross misconduct. We may terminate our relationship with other individuals and organisations working on our behalf if they breach this policy.
Steve Phillips, CEO