Get £5 off your first booking →

ZenPass Data Protection Addendum

Effective Date: March 4th, 2025

1. Introduction

This Data Protection Addendum ("DPA") outlines the data protection policies and procedures for ZenPass, distinguishing between Practitioners, their Clients, and ZenPass Clients. This addendum supplements the ZenPass Terms of Service and Privacy Policy and is designed to ensure compliance with applicable data protection laws.

2. Definitions

  • "ZenPass" refers to the ZenPass platform, both the Business Software & the Marketplace.

  • "Practitioner" refers to individuals or entities providing services through ZenPass, including but not limited to coaches, therapists, and wellness professionals.

  • "Practitioner Clients" refers to all clients imported or newly added by Practitioners. Practitioner Clients are only available to paid subscribers on the GROW or PRO plan.

  • "ZenPass Clients" refers to End Users who engage directly with ZenPass Marketplace or Practitioners that use our Business Software on all the plans. Additionally, for Practitioners on the Starter plan, all clients are automatically considered ZenPass Clients.

  • "Business Software" refers to the suite of tools and services provided by ZenPass that enable Practitioners to manage their practice, including scheduling, payments, client management, and communication features.

  • "Data Protection Laws" means:

  • in the European Union, the General Data Protection Regulation 2016/679 (the "GDPR"), and

  • in the UK, the UK General Data Protection Regulation 2016/679, as implemented by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 (the "UK GDPR"), the Data Protection Act 2018, and the Privacy and Electronic Communications Directive 2002/58/EC (as the same may be superseded by the Regulation on Privacy and Electronic Communications,("ePrivacy Regulation")).

  • "Personal Data" refers to any information that relates to an identified or identifiable individual, in accordance with applicable data protection laws.

3. Data Roles & Responsibilities

3.1 ZenPass as a Data Processor & Controller

ZenPass acts as both a Data Controller and Data Processor, depending on the relationship:

  • For ZenPass Clients, ZenPass is the Data Controller and determines the purposes and means of processing personal data.
  • For Practitioner Clients, ZenPass acts as a Data Processor on behalf of the Practitioner, who remains the Data Controller. Practitioner Clients are only applicable to users on the GROW or PRO plan.

3.2 Practitioners as Independent Data Controllers

Practitioners are responsible for ensuring their own compliance with applicable data protection laws regarding their Clients’ personal data. ZenPass does not control how Practitioners collect, store, or process data outside of the platform.

4. Data Collection & Processing

4.1 Practitioner Clients

  • Available only to paid subscribers on the GROW or PRO plan.
  • Practitioners collect personal data & consent directly from their Clients.
  • ZenPass only processes Practitioner Client data as required to provide the Business Software platform to Practitioners and facilitate transactions between them and their Clients.
  • Practitioners must obtain necessary consent from their Clients.

4.2 ZenPass Clients

  • For users on the Starter plan, all clients are automatically considered ZenPass Clients.
  • ZenPass collects and processes personal data directly from ZenPass Clients for purposes including account management, billing, marketing, and service delivery.
  • ZenPass is responsible for maintaining transparency and security of ZenPass Client data.

5. Data Security & Confidentiality

ZenPass implements appropriate technical and organizational measures to protect all personal data, including but not limited to:

  • Encryption of sensitive data
  • Access controls and authentication measures
  • Data minimization principles
  • Compliance with Data Protection laws

Practitioners are responsible for ensuring the confidentiality and security of their Clients' data within their own operations.

6. Data Subject Rights

ZenPass and Practitioners must uphold the rights of data subjects, including:

  • Right to Access – Clients can request access to their personal data.
  • Right to Rectification – Clients can request corrections to inaccurate data.
  • Right to Erasure – Clients can request data deletion, subject to legal and contractual obligations.
  • Right to Data Portability – Clients can request their data in a portable format.
  • Right to Object & Restrict Processing – Clients can restrict or object to data processing under specific circumstances.

For Practitioner Clients, data subject rights requests must be handled by the respective Practitioner unless the request relates to ZenPass' processing activities.

7. Data Retention & Deletion

  • Practitioner Clients: ZenPass retains minimal data necessary to facilitate Marketplace & Business Software services but does not control Practitioner Client data retention policies. Only available for GROW and PRO subscribers.
  • ZenPass Clients: ZenPass retains data as required for service provision, legal compliance, and security purposes.
  • Upon account closure or service termination, ZenPass will delete personal data, except where retention is required by law.

8. Third-Party Processors

ZenPass engages third-party service providers (e.g., payment processors, analytics services) who may process personal data on our behalf. These third parties are required to comply with data protection regulations and contractual obligations.

Practitioners who engage third-party processors for their own Clients’ data must ensure those processors comply with relevant legal requirements.

9. International Data Transfers

ZenPass may process data globally. Where applicable, we ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place for cross-border data transfers.

10. Breach Notification

ZenPass and Practitioners must promptly report any data breaches affecting personal data.

  • ZenPass Clients will be notified by ZenPass if their data is compromised.
  • Practitioner Clients will be notified by the respective Practitioner, unless the breach is related to ZenPass systems.

11. Compliance & Changes to this DPA

ZenPass reserves the right to update this DPA as needed to maintain compliance with evolving regulations. Practitioners are responsible for staying informed about data protection laws relevant to their services.

For questions or concerns regarding data protection, please contact ZenPass Data Protection Officer at contact@zen-pass.com.

By using ZenPass, Practitioners and Clients agree to comply with this Data Protection Addendum.

Copyright © 2025 Zenpass Ltd. All rights reserved.