Last updated: 8th May 2025

http://www.zinga-uk.com (the “Website”) is provided by M.G. Duff International Limited ("we", "us", "our"). In providing this Website, we may receive and process personal information about you. As the data controller, we are committed to processing your personal data fairly and transparently, in line with data protection laws, including the UK General Data Protection Regulation (UK GDPR).

This Privacy Notice (“Notice”) outlines how we handle your personal information. It forms part of our Terms and Conditions, which govern your use of the Website.

We aim to ensure you are fully informed before we collect your personal data. Unless processing is necessary for one of the lawful reasons outlined in Clause 2 below, we will only process your data with your explicit consent.

Some types of personal data are classified under the GDPR as special categories (e.g., health data or ethnicity). These require additional safeguards, which we explain further in this Notice.

You may browse most of our Website without providing personal information or accepting cookies. In such cases, we are unlikely to collect or process any data about you.

We begin by explaining the legal bases under which we process your data. If you prefer, you may skip to Clause 4 for a summary of the types of data we collect.

We also describe the measures we take to protect your data and outline your rights, including how you can opt out of marketing communications.

1. Identity and Contact Details

1.1 Company Registration Number: 02621868
1.2 Registered Office:

• Unit 1, Timberlane Industrial Estate,
  Gravel Lane, Chichester,
  West Sussex, PO19 8PP

1.3 General Enquiries Email: finance@mgduff.co.uk
1.4 Data Protection Officer (DPO):
If you have any questions or concerns regarding your data, please contact our DPO:

• Email: dpo@mgduff.co.uk

• Postal Address: As above (Clause 1.2)

2. Legal Grounds for Processing Personal Data

We will only collect and process your personal information if one or more of the following conditions is met:

2.1 Consent: You have given clear permission for us to process your data for a specific purpose.
2.2 Contractual necessity: Processing is necessary for the performance of a contract with you.
2.3 Legal obligation: Processing is required to comply with the law.
2.4 Vital interests: Processing is necessary to protect someone’s life.
2.5 Public interest: Processing is necessary for the performance of a task carried out in the public interest.
2.6 Legitimate interests: Processing is necessary for our legitimate interests (or those of a third party), provided they are not overridden by your rights and interests.

3. How We Obtain and Manage Consent

3.1 When we collect your information, we will clearly explain how we intend to use it and for which purposes. If consent is required, we will ask for your explicit permission.
3.2 You may withdraw your consent at any time by contacting us. We will then either stop processing your data or delete it, unless we have another lawful reason to retain it.
3.3 If you do not consent to a specific type of processing, we will make reasonable efforts to continue providing our services without needing that data.

4. Information We May Collect from You

4.1 We may request and process the following categories of personal information:

Information Type	Purpose and Related Details	Justification
Contact Information (address, phone number, email address)	We ask for this to fulfil your request to message you about the products and services	It's necessary for the performance of a contract with you

 

4.2 How We May Collect Personal Information

We may collect personal data from several sources, including:

4.2.1 Directly from you when you request a product or service, which may include contact details, date of birth, payment method, and bank details.
4.2.2 When you contact us—for example, with an enquiry or in response to communication from us—your response may give us insight into how you use our services.
4.2.3 From public records, such as the electoral register.
4.2.4 From authorised third parties—if you have given consent for your information to be shared with us. We will inform you as soon as reasonably practical when we receive such data.

4.3 Mandatory Information

If you choose not to provide certain information that we request and it is necessary for the provision of a product or service, we may be unable to continue providing that service to you.

4.4 Transparency at Collection

Whenever we collect personal data—regardless of the method—we will explain:

• The purpose for collecting the data,

• The legal basis for processing,

• Whether the information will be shared with any third parties, and

• Whether the data will be transferred outside the European Economic Area (EEA).

If you believe we are requesting information without a clear explanation, you are entitled to object and ask for clarification.

5. How We Use Your Personal Information

5.1 We take data protection, privacy, and security seriously. We will only use your personal data for specific purposes and will retain it only for as long as necessary to fulfil those purposes. Below are some common examples of how your data may be used, alongside the relevant GDPR justifications:

5.1.1 Identification when you contact us – necessary for contract performance.
5.1.2 Identifying potential products or services—may involve automated processing and third-party data (with your consent).
5.1.3 Managing your account or service—some activities may be contractual, while others may require your consent.
5.1.4 Marketing analysis, profiling, and statistical research—may require your consent or qualify as market research.
5.1.5 Fraud prevention and loss detection—processed when legally necessary or justified.
5.1.6 Electronic marketing communications (e.g. emails, texts) if:

• They relate to similar services you’ve already used,

• You were given the opportunity to opt out at the time of data collection, and

• You have not opted out.

5.1.7 Direct marketing from us or selected partners—only with your express consent.
5.1.8 Monitoring communications (e.g. phone calls, emails):

• You will be informed prior to recording, and

• Consent will be requested where recordings are not necessary or justified.

5.1.9 Legal compliance, including fraud checks. If fraud is suspected, this may be recorded.

5.2 Sharing Your Information

We will not share your personal information with third parties except as outlined below:

5.2.1 Data processors acting on our behalf will be bound by GDPR-compliant contracts ensuring equivalent levels of data protection.
5.2.2 Other data controllers—we will notify you before sharing.
5.2.3 In your interest—only with your explicit agreement.

5.3 Representing Others

If you provide personal information on behalf of someone else, you must confirm that you have informed them about this Privacy Notice and that they have not objected.

5.4 Corporate and Legal Disclosures

We may share your data:

5.4.1 If our business or assets are acquired.
5.4.2 When required for legal or regulatory obligations.
5.4.3 With third-party service providers who perform tasks on our behalf (e.g. fulfilment, analytics, communications). These parties must adhere to strict confidentiality and security standards under GDPR.

Some recipients may be based outside the EEA. In these cases, we take appropriate steps to ensure data protection.

6. Protecting Your Information

6.1 We implement strict security measures to protect your data.
6.2 Data transmission is encrypted using SSL (Secure Sockets Layer) technology.
6.3 We only display the last five digits of credit card numbers during confirmation.
6.4 Our infrastructure includes physical, electronic, and procedural safeguards.
6.5 You are responsible for protecting access to your account, including logging out of shared devices.

7. Internet-Based Communications

7.1 We may contact you via email about products or services, subject to your communication preferences.
7.2 Note that internet communications are not always secure. We are not responsible for data breaches outside of our control.
7.3 Our Website may contain links to external sites. We do not share your personal data with third-party sites unless you consent.
7.4 We are not responsible for losses incurred from using third-party websites.

8. Further Information and Your Rights

8.1 For any questions, contact our DPO (see Clause 1.4).
8.2 This Notice may change from time to time—updated versions will be posted on our Website.
8.3 You may request a copy of this Notice via email or post.
8.4 You may request access to your personal data. If your request is excessive or unfounded, we may charge a fee or decline the request.
8.5 You may ask us to correct, complete, or delete inaccurate information.
8.6 You may request deletion of data we no longer need, or object to certain types of processing.
8.7 We will notify you of any breach or likely breach of your data rights.