Zimply Global GDPR Policy

This GDPR Policy outlines how Zimply Global Ventures LLC complies with the General Data Protection Regulation (GDPR) for personal data of individuals in the European Union (EU) or European Economic Area (EEA). Through https://zimplyglobal.com, we provide travel inspiration, planning tools, and lead generation for travel and vacation businesses, such as hotels, short-term rentals, and restaurants.

Our platform enables businesses to manage customer relationships transparently without OTA-like restrictions. We process payments for services like business listings and affiliate programs but do not handle bookings or reservations. This policy applies to personal data of individuals in the EU/EEA collected through our website or services. This policy, written in clear language, integrates with our Privacy Policy (https://zimplyglobal.com/privacy-policy), Terms of Service (https://zimplyglobal.com/terms-of-service), and Cookie Policy (https://zimplyglobal.com/cookie-policy).

Definitions

For clarity of this GDPR Policy, here are definitions of key terms used in this policy, based on GDPR Article 4:

• Personal Data: Any information relating to an identified or identifiable natural person, such as names, email addresses, or IP addresses.
• Data Controller: The entity that determines the purposes and means of processing personal data—in this case, Zimply Global Ventures LLC.
• Processing: Any operation performed on personal data, such as collection, storage, use, or deletion.

Zimply Global Ventures LLC, registered at 4725 West Ginger Ave, Coolidge, AZ 85128, USA, registered trade name (“Zimply Global“), is the data controller responsible for your personal data. We do not require a Data Protection Officer under GDPR Article 37, as our processing does not involve large-scale monitoring or sensitive data categories. For questions or concerns, contact us at contact@zimplyglobal.com or by mail at the above address.

Consent under GDPR and within this GDPR Policy means a freely given, specific, informed, and unambiguous indication of your wishes to process your personal data for defined purposes. On our platform, you provide consent through clear actions, such as checking a box to save payment details for subscriptions, confirming agreement to share lead data via forms, or accepting non-essential cookies through our cookie banner. For example, when you submit a form with travel preferences to connect with a business, clicking “send” or “submit” indicates your consent to share that data with the selected business. We ensure you understand what you’re consenting to by providing clear notices at the point of data collection, such as on forms or pop-ups.

Our cookie banner provides granular consent options for different categories of cookies, including essential, analytics, and marketing cookies, allowing you to select or deselect as preferred. You can withdraw consent at any time without affecting prior processing by emailing contact@zimplyglobal.com, replying “STOP” to SMS notifications, or adjusting settings in our cookie management tool. Withdrawal instructions are also provided in relevant sections below.

We collect only the personal data necessary to operate our services, adhering to GDPR’s data minimization principle. When users register or engage with our platform, we process identity and contact details, such as names, email addresses, phone numbers, and business information for those managing listings or participating in our affiliate program.

Users may voluntarily share interests, such as being a foodie or nature lover, to connect with others or receive relevant business leads. Business owners provide listing details, including business names, logos, contact information, and travel or vacation-related features. If users opt to save payment details for subscriptions or listings (e.g., via a checkbox), we process payment information through third-party providers.

Technical data, like IP addresses, browser types, and cookies (with consent), supports website functionality and analytics; we may also use other tracking technologies, such as pixels or beacons for analytics or marketing purposes, managed through the same granular consent options in our cookie banner as detailed in our Cookie Policy.

User-generated content, such as reviews or comments, is collected when posted. We do not process special categories of data (e.g., health or religion) unless voluntarily included in user content with explicit consent. Data from children under 16 is not knowingly collected or stored, and we require parental consent for such cases, verified through methods like email confirmation from a parent or guardian or a signed consent form submitted via our contact channels; if we detect accidental collection, we delete the data promptly and may use age verification questions during registration to prevent underage access.

We process personal data to deliver travel inspiration, manage subscriptions, and facilitate business listings. Lead data from forms helps connect users with travel businesses based on shared interests. Technical data improves our platform’s functionality and user experience, often through analytics tools like Google Analytics, subject to your consent for non-essential cookies.

Communications, such as updates, support responses, or optional SMS notifications, keep users informed. We process data to meet legal obligations, such as tax reporting for payments related to listings or affiliate commissions. Affiliate program participants may provide banking details through third-party payout platforms to receive commissions, which we process solely for payout purposes. All processing is limited to specified purposes, ensuring compliance with GDPR’s purpose limitation principle.

Under GDPR Article 6, we process personal data on specific legal grounds. We rely on contract performance to deliver services, such as managing listings or subscriptions, as outlined in our Terms of Service. Consent, provided through actions like checking boxes or submitting forms, enables sharing lead data with businesses, using non-essential cookies, or sending marketing communications. Consent is freely given, and you may withdraw it at any time by contacting us or using provided opt-out mechanisms.

Legitimate interests support essential activities like responding to support inquiries or analyzing anonymized data to improve services; we conduct legitimate interests assessments (LIAs) to ensure such processing is necessary, proportionate, and balanced against your rights and freedoms, considering factors like data minimization and opt-out options—these LIAs are documented and available upon request. Legal obligations justify processing for tax compliance or regulatory requirements, particularly for payments and affiliate payouts. We document these bases to ensure lawful processing.

Personal data is shared only when necessary and under strict conditions. Lead data submitted via forms is shared with travel businesses you choose to contact, who act as independent data controllers under their own privacy policies. We use third-party processors, such as Stripe and PayPal for payments, AffiliateWP’s Payouts Service for affiliate commissions, and analytics providers like Google Analytics (with consent), all bound by GDPR-compliant data processing agreements.

Affiliate banking details provided through third-party payout platforms are processed solely for commission payments. Data may be shared with legal authorities if required by law, such as for tax reporting or court orders. We do not sell your data or share it for third-party marketing without explicit consent, and all sharing adheres to GDPR’s accountability principle.

To provide transparency under GDPR Article 13(1)(e), here are the categories of third-party processors we use, along with examples and links to their privacy policies:

We ensure all processors comply with GDPR through data processing agreements and regular reviews; for a full list of sub-processors, contact us at contact@zimplyglobal.com.

As a US-based company, we process EU/EEA data primarily in the United States, necessitating safeguards for international transfers under GDPR Chapter V. Where applicable, we rely on the EU-U.S. Data Privacy Framework for certified processors. Standard Contractual Clauses are incorporated into agreements with third parties like Stripe and PayPal to ensure equivalent data protection.

We conduct transfer impact assessments and implement supplementary measures, such as encryption and pseudonymization, to address risks, following Schrems II guidance. Users are informed of transfers at data collection points (e.g., via form notices or cookie banners), with opt-out options where feasible. We regularly review our processors’ compliance to maintain protection standards.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals, as defined by GDPR Article 22. For example, while user interests (e.g., “foodie” or “nature lover”) may inform manual lead matching or content suggestions, these processes do not involve automated decisions with significant impacts and are based on your explicit consent or legitimate interests, with the option to object at any time. If we introduce such features in the future, we will update this policy and obtain appropriate consent or provide safeguards, including the right to human intervention.

We retain personal data only as long as necessary for its intended purpose, as determined by what users choose to provide and maintain on our platform, in line with GDPR’s storage limitation principle. Users, including those seeking bookings or paying for services like subscriptions or listings, may opt to save their data (e.g., via a checkbox) or request its deletion at any time by contacting us at contact@zimplyglobal.com.

If data becomes problematic, users can reach out, and we will assist in resolving issues, such as deletion or updates. Lead data submitted to travel businesses via forms is retained by us for 30 days for audit purposes, unless deleted earlier at your request; however, we have no control over how businesses, acting as independent data controllers, handle your data post-transfer, despite requiring them to agree to GDPR and privacy policy compliance via a checkbox.

Account and subscription data are kept for the duration of your engagement, plus seven years post-cancellation for tax and accounting obligations, as required by U.S. tax law (e.g., IRS guidelines). Technical data, such as cookies, is stored for up to 13 months, as detailed in our Cookie Policy. User-generated content, such as reviews, comments, or photos posted on our platform, remains indefinitely, as you grant us an irrevocable, perpetual license to use such content under our Terms of Service; however, upon request, we will anonymize or redact personal data within such content where feasible to comply with GDPR erasure rights, ensuring no personal data remains identifiable by removing elements like names or identifiers, subject to legal or technical constraints.

For business verification, we store only public documents proving authority to list (e.g., business licenses) in secure cold storage, while sensitive data like IDs is deleted within 72 hours of approval or denial; the verification process involves review by authorized personnel, and denied applicants can resubmit improved documentation or appeal via contact@zimplyglobal.com. Data is securely deleted or anonymized when no longer needed, with retention periods reviewed annually.

GDPR grants EU/EEA individuals specific rights over their personal data, which we facilitate free of charge unless requests are excessive. You have the right to access your data, receiving confirmation of processing and a copy in a structured format. You may request rectification of inaccurate data or erasure where no legal grounds prevent it; for user-generated content, such as reviews, which remains on our platform under an irrevocable license per our Terms of Service, we will anonymize or redact personal data upon request where feasible, balancing your rights with our legal agreements.

Processing can be restricted in cases of dispute or unlawful processing. Data portability allows you to receive your data—such as identity and contact details, interests, or lead data—in a machine-readable format like CSV, or have it transferred to another controller. You may object to processing based on legitimate interests or for direct marketing, which we cease immediately for marketing purposes. Consent can be withdrawn at any time (e.g., for cookies, lead sharing, or SMS via “STOP”) by emailing contact@zimplyglobal.com or using settings in our platform.

We may request proof of identity, such as an email from your registered account or government-issued ID, to ensure security before processing requests. If unsatisfied, you may contact an EU supervisory authority (e.g., Commission Nationale de l’Informatique et des Libertés – CNIL in France, Agencia Española de Protección de Datos – AEPD in Spain, Garante per la protezione dei dati personali in Italy, or Data Protection Commission in Ireland; the full list is available at https://edpb.europa.eu/about-edpb/board/members_en).

We implement technical and organizational measures to protect personal data, as required by GDPR Article 32. Our website uses an SSL certificate to encrypt data in transit, ensuring secure communication via HTTPS. User accounts require strong passwords, and we are implementing two-factor authentication (2FA) in our next platform update to enhance security.

For business verification, public documents proving authority to list (e.g., business licenses) are stored in secure cold storage, accessible only to authorized personnel. Sensitive data, such as identification documents, is not retained and is securely deleted within 72 hours of approval or denial, with verified badges used to track status without storing personal data.

Third-party processors, such as Stripe, PayPal, and AffiliateWP’s Payouts Service, maintain their own GDPR-compliant security measures, which we verify through contractual agreements. We conduct regular security reviews to identify and mitigate risks. While we strive for robust protection, no system is entirely risk-free.

Data transfer to cold storage follows an air-gapped process: information is first copied from online systems to an external hard drive as an intermediary device by authorized personnel only. This external hard drive is then connected to an isolated, offline system equipped with antivirus software, which scans the data during offload before transferring only legally permissible information—such as public documents proving authority to list—to the permanently attached 10 TB cold storage repository.

No unnecessary or sensitive data is retained beyond what is strictly required by law, and where feasible, we replace retained information with digitally verified badges to minimize storage of personal or identifiable details while maintaining tracking capabilities.

In the event of a personal data breach, we follow GDPR Articles 33 and 34. We promptly assess the breach’s scope and potential impact on your rights. If the breach poses a risk, we notify the relevant EU supervisory authority within 72 hours. If it presents a high risk to you, we inform you without undue delay via email or other direct communication, providing details such as the nature of the breach, categories of data involved, likely consequences, and mitigation steps taken (e.g., password resets or enhanced monitoring). We take immediate steps to contain the breach, such as isolating affected systems, and document all incidents for accountability. Report suspected breaches to contact@zimplyglobal.com.

For questions about this GDPR Policy or your data rights, contact:

Zimply Global Ventures LLC

4725 West Ginger Ave,

Coolidge, AZ 85128, United States

Email: contact@zimplyglobal.com

If you believe we have not addressed your concerns, you may contact your local EU Data Protection
Authority.