PRIVACY POLICY – PLEASE READ BEFORE CONTINUING TO USE OUR SITE
This website is brought to you Dibons Limited. We take the privacy of our website users very seriously. We ask that you read this Privacy Policy (the Policy) carefully as it contains important information about how we will use your personal data. Our platform is hosted by Circle Inc, and we may refer to them as our ‘host platform’ in this document.
For the purposes of the United Kingdom’s Data Protection Act, 2018, Dibons Limited is the data controller (namely the company who is responsible for, and controls the processing of, your personal data).
Our contact details are as follows:
Address: Tuition House, 27-37 St Georges Road, Wimbledon, SW19 4EU
Telephone number: 0208 879 9840
Date Controller Contact: Jeannie Di Bon
Email: jeannie@thezebra.club
Personal data we may collect about you
We will obtain personal data about you (such as your email address, name, address, age and date of birth, health status, credit card details whenever you complete an online form on this website.
For example, we will obtain your personal data when you download a free gift, subscribe to an online product, send us feedback, contact us for any reason, order products, enter a competition and purchase goods or services. We may also obtain sensitive personal data about you if you volunteer it during the completion of an online form. If you volunteer such information, you will be consenting to our processing it for the purpose of marketing future products to you, improving and personalising your user experience of this website.
We may monitor your use of this website through the use of cookies and similar tracking devices. For example, we may monitor how many times you visit, which pages you go to, how long you spend on them, traffic data, location data, your originating search engine or domain name, and/or the domain name of your internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. Please see further the section on Use of cookies below.
Occasionally we may receive information about you from other sources (such as credit rating agencies) which we will add to the information which we already hold about you in order to help us better market products or content that may be of interest to you.
Compliance
Our platform is hosted by Circle Inc and is compliant with the following standards:
SOC 2 Type II
CCPACOMPLIANT
CCPA
GDPR
PCI DSS - SAQ A
How we use your personal data
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. We implement appropriate technical and organisational measures to safeguard personal data, limit data collection to what is necessary for the provision of our services, and work only with trusted service providers. We will use your personal data for the purposes described in the data protection notice that was given to you at the time your data were obtained. These purposes include:
— to help us identify you and any subscriber accounts you hold with us[MS1]
— administration
— research, statistical analysis and behavioural analysis
— customer profiling and analysing your purchasing preferences
— marketing—see Marketing and opting out below
— fraud prevention and detection
— billing and order fulfilment
— credit scoring and credit checking—see Credit checking below
— customising this website and its content to your particular preferences
— to notify you of any changes to this website or to our services which may affect you
— security vetting
— improving our services
Should you leave the platform, data retention procedures are established to guide the secure retention and disposal of company and customer data. Customer data containing confidential information from the application environment, in accordance with best practice, is removed when customers leave the service. A data classification policy is in place to help ensure confidential data is properly secured and restricted to autho- rised personnel.
Data Handling
The platform has the following procedures in place to protect your data:
· Data encryption utilized
· Control of self-assessments annually
· Penetration testing performed annually
· Date transmissions are encrypted
· Vulnerability and system monitoring procedures are established
Additional data security measures are detailed below.
Secure data storage technologiesThe platform uses AES-256 encryption at rest and hosts all data on AWS (US-East-1, Virginia). Full security measures are detailed in DPA Schedule 2 on our host platform website. PII encrypted in transitAll data in transit is encrypted using TLS 1.2+.Compliance with recognised international data management standards?Our platform host achieved SOC 2 Type II compliance (December 2025). It is GDPR and CCPA compliant.Data retention lengthWe retain Covered Data for the duration of the Agreement. On termination, customers have a 30-day Retention Period to request or download their data. After that, we deletes all copies of Covered Data (DPA Section 12).Data destruction intentionsAfter the 30-day Retention Period following termination, we delete all copies of Covered Data, except for Contract Administration/Marketing Data and Usage/Feedback Data processed for the host platform’s own Controller purposes (DPA Section 12).Process for managing data confidentiality breachesWe will notify the Customer without undue delay after becoming aware of any Security Incident, take reasonable steps to contain, investigate, and mitigate, and provides timely information about the nature, mitigation measures, and investigation status (DPA Section 11).Data minimisation principlesWe process personal data only as necessary to provide the Services, as described in Schedule 1 of the DPA. Categories of data processed are limited to: name, email, profile/account information, user content, comments, questions, feedback, and support requests. The DPA explicitly prohibits Prohibited Personal Data (health, financial, biometric, children under 13, national IDs).Policy updated if purpose of data collection changesWe may update the DPA to comply with changing privacy laws or material product changes. For sub-processor changes specifically, our host provides 30 days' notice with the customer's right to object (DPA Section 7). Circle's Privacy Policy is updated as needed and the current version is always available at https://circle.so/privacy.Right to request deletion
DPA Section 8 covers Data Subject Rights. We promptly notify the Customer of any Data Subject Request. The Customer has sole discretion in responding. We provide reasonable assistance.Right to restrict use of personal dataThis is covered under DPA Section 8 (Data Subject Rights).Right to object to processingThis is covered under DPA Section 8 (Data Subject Rights).Right to data portabilityCovered under DPA Section 8 (Data Subject Rights). Additionally, customers can export their data via self-service functionality.Right to withdraw consentThis is covered under DPA Section 8 (Data Subject Rights).Right not to be subject to automated decision-making/profilingThis is covered under DPA Section 8 (Data Subject Rights). Our host platform offers AI features which are opt-in only, no customer data is retained or used to train AI models, and human oversight is recommended.Additional security measures for usersOur platform supports multi-factor authentication (MFA) and role-based access controls. We enforce automatic session timeout for idle sessions and account lockout after multiple failed authentication attempts.
How long will we store your personal data
We retain personal data for no longer than is necessary. We take into account the type of services provided to you, the nature and length of our relationship with you, possible re-enrolment with our services, the impact on the services we provide you if we delete some information from or about you, and mandatory retention periods provided by law and the statute of limitation.
Marketing and opting out
Unless you have asked us not to do so, we may contact you by email, video message, text, telephone or post about products, services, promotions, special offers, charitable causes and new content which may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time. You can opt out any time by using the unsubscribe link in our emails or emailing us at hello@thezebra.club. However, we may continue to process personal information where this is necessary to provide your membership, manage your account, maintain platform security or comply with legal and regulatory obligations. See further Your rights below.
We may also share your personal data with organisations who are our business partners and we or they may contact you (unless you have asked us or them not to do so) by email, video message, text, telephone or post about products, services, promotions, special offers, charitable causes and new content which may be of interest to you. If you prefer not to receive any further direct marketing communications from us or our business partners, you can opt out at any time. See further Your rights below.
Disclosure of your personal data
We may disclose your personal data to :
— other companies within our group
— our agents and service providers (e.g. providers of web hosting or maintenance services)
— credit reference agents—see Credit checking below
— law enforcement agencies in connection with any investigation to help prevent unlawful activity
— our business partners in accordance with the Marketing and opting out section above
Keeping your data secure
The platform host stores all data in AWS US-East-1 (Northeast US).
We will use technical and organisational measures to safeguard your personal data, for example:
— access to your account is controlled by password and username which are unique to you
— we store your personal data on secure servers
— payment details are encrypted using SSL technology
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot absolutely guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.
Monitoring
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of [specify, e.g. quality assurance, training, fraud prevention and compliance].
Credit checking[MS4]
To enable us and/or other companies in our group and/or our affiliates or partners to make credit decisions about you and members of your household and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit grantors may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes. If you provide false or inaccurate information and we suspect fraud, we will record this.
Information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
— give consent on his/her behalf to the processing of his or her personal data
— receive on his/her behalf any data protection notices
— give consent to the transfer of his/her personal data abroad
— give consent to the processing of his or her personal health history and current medical conditions, in particular those that may impact the ability to exercise.
Should you become aware of a child under the age of 18 accessing the app without parental consent and providing their personal data, please report this to jeannie@thezebra.club.
Use of cookies and other means of tracking your online usage of our website
A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. We use cookies and other online tracking devices such as action tags and analytics on this website to:
— keep track of the items stored in your shopping basket [and take you through the checkout process
— recognise you whenever you visit this website (this speeds up your access to the site, so you do not have to log on each time)
— obtain information about your preferences, online movements and use of the internet other than on our website
— carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitor/customer requirements and interests
— target our marketing and advertising campaigns and those of our partners more effectively by providing interest-based advertisements that are personalised to your interests
— make your online experience more efficient, personalised and enjoyable.
The information we obtain from our use of cookies may but will not usually contain your personal data.
Although we may obtain information about your computer or other electronic device such as your IP address, your browser and/or other internet log information, this will not usually identify you personally. In certain circumstances we may collect personal information about you – but only where you voluntarily provide it (e.g. by completing an online form) or where you purchase content, goods or services from us.
We need your consent in order to use cookies on this website in all circumstances following the coming into force of the Data Protection Act, 2018, and the General Data Protection Regulation of the European Union to which this Act gives effect. Failing consent, we may be unable to perform a service you have requested such as enabling you to put items in your shopping basket, subscribe to paid content, and/or use our check-out process.
Consent
If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this Privacy Policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject cookies or disable cookies completely.
Our host platform obtains consent for marketing separately – you can opt in to marketing communications. We do not sell personal data or share it for cross-context behavioural advertising. Marketing data processing is governed by Circle's Privacy Policy (https://circle.so/privacy).
Upon signing up to the platform, you will be presented with our Terms and Privacy Policy. You can unsubscribe from marketing at any time without affecting your membership. All our communications have an option to unsubscribe.
Third-party cookies
We work with third-party suppliers who may also set cookies on our website, for example Facebook, X, Instagram, YouTube, Adobe Flashplayer, Google Analytics, Infusionsoft by Keap, Mailchimp, Circle. These third-party suppliers are responsible for the cookies they set on our site. If you want further information, please go to the website for the relevant third party. You will find additional information in the table below.
Description of cookies
The table below is designed to provide more information about the cookies we use and why:
Name of Cookie
Owner
Purpose for the cookie
Google Analytics
Google Inc
This is a web analytics service provided by Google, Inc which uses cookies to show us how visitors found and explored our site, and how we can enhance their experience. It provides us with information about the behaviour of our visitors (e.g. how long they stayed on the site, the average number of pages viewed) and also tells us how many visitors we have had.
X
YouTube
Infusionsoft by Keap
Thinkific
Mark Zuckerberg
Elon Musk
Mark Zuckerberg
Clate Mask (CEO)
Greg Smith and Matt Smith (Co-Founders)
Facebook is a popular free social networking website that allows registered users to create profiles, upload photos and video, send messages and keep in touch with friends, family and colleagues.
X is a social networking and microblogging online service that allows users to send and receive text-based messages or posts.
Instagram (also known as IG or Insta) is a photo and video-sharing social networking service owned by Facebook, Inc. It was created by Kevin Systrom and Mike Krieger, and launched in October 2010 exclusively on iOS.
YouTube allows users to upload, view, rate, share, add to playlists, report, comment on videos and subscribe to users. It offers a wide variety of user generated and corporate media videos.
Infusionsoft is a CRM, sales and marketing software. Its sales and marketing automation platform provides users with a central place for follow-up, contact management, billing and payment
Thinkific is a technology company with a platform that allows people and businesses to create online courses and deliver or sell those courses to their audience from their website, and under their own brand
Circle
Sid Yadav
An online community and membership platform that provides the infrastructure that enables member authentication, content delivery, community discussions, event hosting and account management.
How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. You can also refuse permission when prompted. If you do this, please be aware that you may lose some or all of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org
Transfers of data out of the EEA[MS7]
We may need to transfer your personal data to the United States of America (which is located outside the European Economic Area*) for the purpose of analysing trends and providing you with a more personalised and enjoyable user experience. Any transfer of your data will be subject to a European Commission approved contract which will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
*A subject access request is a request received from a data subject asking for access to personal data which we process about him or her
Your rights
You have the right, subject to the payment of a small fee (currently £10) to request access to personal data which we may process about you. If you wish to exercise this right, you should:
— put your request in writing
— include proof of your identity and address (e.g. a copy of your driving licence or passport, and a recent utility or credit card bill)
— attach a cheque in the amount of £10 made payable to Dibons Limited[MS8] .
— specify the personal data you want access to, including any account or reference numbers where applicable.
You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right, you should:
— put your request in writing
— provide us with enough information to identify you (e.g. account number, username, registration details)
— specify the information that is incorrect and what it should be replaced with.
You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you should:
— put your request in writing (an email sent to jeannie@thezebra.club with a header that says ‘Unsubscribe’ is acceptable) or submit it at Contact page at www.thezebra.club
— provide us with enough information to identify you (e.g. account number, username, registration details)
— if your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g. email or telephone) please specify the channel you are objecting to
Our contact details
We welcome your feedback and questions. If you wish to contact us, please send an email to
jeannie@thezebra.club or call us on +44 208 879 9840. We will respond within four weeks of receipt of your request.
Our registered office is Tuition House, 27-37 St Georges Road, Wimbledon.
We may change this privacy policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access this website.
By continuing to use our site, you are in agreement with this Privacy Policy above.
Last updated June 2026