top of page

The Zigzag Privacy Statement



We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Statement describes policies and practices of Zigzag Associates (Zigzag) regarding its collection and use of your personal data and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and so we will, from time to time, update this Privacy Statement as we undertake new personal data practices or adopt new privacy policies.

About Zigzag


Head Office

The Head Office of Zigzag is in Oxfordshire, UK. We are registered as Zigzag Associates Ltd in England and Wales (Companies House registration number 07103890) and we are registered with the Information Commissioner's Office under registration number Z2653364.

To facilitate any data privacy-related queries, we have appointed an internal Data Protection Officer for you to contact if you have any questions or concerns about our personal data policies or practices. Our Data Protection Officer’s contact information is as follows:

Zigzag Associates Ltd

Innovation Centre, 99 Park Drive,

Milton Park, Abingdon, Oxfordshire, OX14 4RY, UK

Tel: +44 (0)1235 854033                



If you are concerned about an alleged breach of privacy law or any other regulation by us, please contact our Data Protection Officer who will ensure that your complaint is investigated.


If you are not satisfied with our handling of your queries or complaints on data protection, you can call the Information Commissioner's Office on +44 (0)303 123 1113.


The data we collect and process


  • Customer data

  • Audit-related data

  • Supplier data

  • Visitors to our website and social media

  • Marketing data

How is your personal data collected? 


You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • engage us to provide services

  • provide services to us

  • subscribe to our publications

  • request marketing material to be sent to you

  • complete one of our enquiry forms

  • provide us with feedback


  • your data is processed as part of an audit

Customer data:


We collect personal information about our customers in order to provide them with quality assurance and audit services, primarily in the pharmaceutical, biotechnology and medical device industries.

We will hold the following information about customers:

  • Name and contact information

  • Personal information contained in business communications

  • Transaction data including details about services purchased from us

  • Usage data including information about how customers use our product and services

  • Marketing and Communications data including preferences in receiving marketing material from us and communication preferences


Audit-related data:


We process data provided to us by our customers and auditees who are the Data Controllers. We process this data strictly for the purposes of conducting quality reviews and audit. We abide by the privacy and security requirements as per the contractual arrangements with the Data Controllers. We are fully committed to fulfil our obligations as a Data Processor for data privacy, data security, and breach notifications.

Supplier data

We will hold the following information about our suppliers in order to enter into contractual arrangements and for the receipt of services:

  • Name and contact information

  • Personal information contained in business communications

  • Transaction data including details about services we receive from you

Visitors to our website and social media platforms

When you visit our website or social media platforms, we use third-party services to collect standard internet log information and details of visitor behaviour patterns.  We do this to find out information such as the number of visitors to various parts of the website.  The information is only processed in a way which does not identify anyone.


When you complete a contact form on our website, contact us via social media or use the email for enquiries, we will use the information provided by you only for the purpose of providing you with an appropriate response.

Marketing data


We hold names and contact details of individuals who have expressed interest in hearing from us about our services or have engaged with us for supply of our services in the past. All direct marketing activities to such individuals shall comply with relevant privacy and regulatory requirements.

When and how we share information with others...


Your information may be shared with:

  1. IT service providers who provide cloud-based solutions, data storage, processing, back-up and retrieval services

  2. Subcontractors or associates who are asked by Zigzag to deliver all or some of the services

  3. Customers when relevant to service provided


We do not sell personal information to anyone and only share it with third parties who are contracting or facilitating the delivery of our services and communications.

Data subject rights


This Privacy Statement is intended to provide you with information about what personal data Zigzag collects about you and how it is used. If you have any questions, please contact us at 


If you wish to confirm that Zigzag is processing your personal data, or to have access to the personal data we may have about you, please contact us at


You have a right to request correction of inaccurate information, deletion of information, and to instruct us to stop processing your information. We are obliged to honour such requests as per the regulatory requirements. If you'd like more information or would like to make such a request, please contact us at

Security of your information


To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis.


We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Data storage and retention


Your personal data is stored by Zigzag on the servers of the cloud-services providers we engage, as well as in physical forms in our office and at backup facilities. We retain data for the duration of the business relationship with us and as per the regulatory, legal, or reporting requirements. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at

high res Cyber Essentials Badge (High Re
privacy policy IASME selfcert badge.jpg
bottom of page