Zeply Privacy Policy

1. GENERAL PROVISIONS

1.1 These Principles of Processing Client Data (hereinafter “Privacy Policy”) describe how we process Your data. Specific details on the processing of our data might be also described in Client agreements with You or in other documents related to the Services.

1.2 This Data Policy shall apply if You enter into a Client agreement with us, use the Services provided by us, submit a Request to us, gave Your consent to process Your Data, or visit our Website.

1.3 We shall have the right to amend the Data Policy unilaterally at any time, based on applicable We shall inform You of the amendment of the Data Policy via our Website.

1.4 Where the laws of California or Florida apply, it is necessary to refer to the “Special notice to residents of the states of California or Florida (USA)” (Section 13 of this Privacy Policy).

DEFINITIONS

Client (You) refers to any natural or representative of the legal or natural person, who uses, has used, or expressed a wish to use our Services, who creates an account, submits a Request to us, or visits our Website

Data refers to any information about the Client and another person who has contacted us, the data about the Client’s representative, including data collected from public databases and public channels

Data Controller (we or us) refers to Zeply OÜ is registered at Lastekodu tn 25-37, 10113 Tallinn, Estonia. With registration number 14729704, and is licensed by the Estonian Financial Intelligence Unit under license number FVT000128.

Data Processor refers to anyone who processes Client data on behalf of the Data Controller

Digital asset is a digital representation of value (also referred to as “cryptocurrency” or “digital currency), such as bitcoin, which is based on the cryptographic protocol of a computer network

Account  means a Client accessible account offered via our Services

Recipient refers to a natural or legal person, public authority, agency, or another body, to which the personal data is disclosed

Processing (Client Data) means any operation executed with Your Data, including the collection, recording, organization, storing, alteration, publication, grant of access to, making inquiries and statements, use, transmission, deletion, etc. of Your Data

Services refer to any services, provided by us to You via any channel such as websites, applications, or tools

Client agreement legal relationships between You and us entered into in order to perform any Services to You

Request means any request from You to us in order to get a conclusion, enter into an agreement, amendment, termination or cancel of Service

Website our websites www.zeply.com, app.zeply.com

AML/CTF means money laundering (AML) and Counter-Terrorist Financing (CTF) regulations

GDPR Regulation EU nr 2016/679 of the European Parlament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)

2. GENERAL PRINCIPLES OF PROCESSING DATA

2.1 We process Your Data under the terms and conditions of this Privacy Policy and in accordance with the procedure laid down in the legislation, including the GDPR, Estonian Personal Data Protection Act, Money Laundering and Terrorist Financing Prevention Act, this Privacy Policy and agreements entered into with You.

2.2.  We ensure, within the framework of data protection legislation, the confidentiality of client data and implement appropriate technical and organizational measures to safeguard Your Data from unauthorized access, unlawful disclosure, accidental loss, modification, destruction, or any other unlawful processing.

2.3.       We will take all steps reasonably necessary to ensure that Your Data is treated securely and in accordance with this Privacy Policy and no transfer of Your personal information will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

WHAT DATA DO WE COLLECT?

The categories of Your Data to be Processed shall be as follows:

4. HOW DO WE PROCESS YOUR DATA?

We process Your Data in order to perform Services to You or establish a Client relationship with You, also to respond to Your request and communicate with You, as well as to perform “know your client” and the “due diligence” obligations arising from the law.

4.2. To be able to use our services You shall go through the account registration process as well as KYC/AML verification, in order to create a Zeply Account. For this purpose, we process Your Personal data, Contact data, Identification Data, and Location data or data obtained, received or generated in the course of fulfilling a legal obligation for Your identification to comply with legal obligations. If you fail to provide this data, we cannot open an Account and you will not be able to continue using our services.

4.3. We process Your Personal Data, Contact Data, and Communication data in order to enter into a Client agreement and communicate with You, and this data is statutory to enter into a Client agreement. The legal basis for processing such data is the performance of a Client contract and if You fail to provide such data, we cannot perform Services to You

4.4. We process Financial data, data about the Services provided to You, Communication data and Data obtained, received, or generated in the course of fulfilling a legal obligation to perform and execute a Client agreement, including but not limited to reviewing, investigating, and preventing any potentially prohibited or illegal activities that may violate the Client agreement. The legal basis for processing such data is the performance of a Client contract and if You fail to provide such data, we cannot perform Services to You.

4.5.       We process Your Personal Data, Data connected with AML and CTF regulations, Identification data, and Transaction data in order to check and verify Your identity to keep Your data updated and correct and also to comply with rules and regulations related to AML and CTF requirements. The processing of this data is necessary for the purpose of preventing money laundering and terrorist financing, which is considered a matter of public interest. If You fail to provide such data, we cannot perform Services for You.

4.6.       When you access the Account, visit our Website and use Services, we may process Service Usage Information and Location Data to ensure that our interface is accessible for You and/or to customize, measure, and improve Services and the content of our Website, and to develop new services. The legal basis for processing such data is our legitimate interests, for example, we detect and prevent fraud and abuse in order to protect the security of our users, ourselves, or others.

4.7        We process Data about Your name and e-mail based on Your consent in order to send You information about our services and direct marketing messages. The consent will contain information on that specific processing activity. You can withdraw Your consent at any time and we will stop processing Your Data.

4.8.       We use partly automated profiling, but the final decision will always be done by humans. Profiling is used for performing Our due diligence and monitoring process for building risk-based AML compliance frameworks. As a consequence of the profiling, we may classify You as low risk, middle-risk, or high-risk client or we may refuse to enter into a contract with You or withdraw the contract.

5. HOW DO WE COLLECT THE DATA?

5.1. Most of the data we collect and the process is directly provided by You. We collect and process the information about you in the following situation:

– when You visit our Website, create an Account, log in or use our Service;

– when we provide Services to You or perform ongoing obligations;

– when You communicate or provide your feedback to us via email or any other channel;

– when You use cookies of the browser or software in visiting or using our Website;

–  other situations when we may collect Your data as mentioned in this Privacy Notice.

5.2. We also may collect information about You from public or third-party sources, such as public databases, ID verification partners, payment providers, companies providing services for money laundering and terrorist financing checks, credit risk reduction, and other fraud and crime prevention purposes and companies providing similar services, blockchain data; marketing partners and advertising partners.

6. DO WE USE “COOKIES”?

6.1. Yes. We use cookies whenever You visit Our Website. The cookies used are listed in our respective cookie policies available on websites  https://zeply.com/ and app.zeply.com.

6.2. You can choose to have Your computer warn You each time a cookie is being sent, or You can choose to turn off all cookies.

7. THIRD-PARTY DISCLOSURES

7.1. We do not trade, sell, or otherwise transfer your to other parties Your Data unless You give us consent to transfer such Data.

7.2. We disclose Data to Recipients such as:

– Identification and  verification partners, as well as fraud management partners, in order to perform Your identification and comply with AML/ CTF obligation;

– our Website hosting partners and other parties who assist us in operating our Website;

– payment services providers;

– with companies providing services for money laundering and terrorist financing checks, credit risk reduction, and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies, and regulatory bodies with whom such Personal Data is shared

– partners, who provide us with accountant services in order to prepare the invoices;

– financial and legal consultants, auditors, or any other data processors of the Data Controller;

– data related to violation of a Client agreement to debt collectors in order to collect the debt.

7.3. We may also release Your information to public authorities and state institutions, such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities, Police, and Financial Intelligence Unit when we believe release is appropriate to comply with the law or protect ours or others rights, property, or safety.

7.4. We will not disclose more data than necessary for the purpose of disclosure and with respect to regulatory legislation and data protection legislation.

8. INTERNATIONAL TRANSFER OF PERSONAL DATA

8.1. We may transfer Your personal data outside of the European Union (“EU”) and the European Economic Area (“EEA”). Your personal data such as name, the identifier of the transaction, the identifier of the virtual currency wallet, the title and number of the identity document, personal identification code or date and place of birth, and residential address must be transferred to the recipient of the transaction for complying with the reasons of public interest concerning money laundering requirements. The recipient of the transaction can operate out of the EU or the EEA and it’s level of protection of personal data may not be as strong as in the EU countries. If you would like to learn more about terms of processing personal data and security measures applied to protect it please contact the recipient of the transaction to whom You transfer the Digital asset.

9. RETENTION OF YOUR DATA

9.1. We will retain Your Data only for as long as is necessary for the purposes set out in this Privacy Policy or as required by regulatory legislation or data protection legislation.

9.2. We retain Your data processed for the performance of a Client agreement for seven years as of the end of our Client agreement. We retain your data related to AML / CTF for five years as of the date of termination of the business relationship.

9.3. We will retain and use Your information to the extent necessary to comply with our legal obligations, for example, if we are required to retain Your data to comply with applicable laws, resolve disputes, and enforce our agreements and policies.

10. DATA PROTECTION RIGHTS

10.1.      You have the following rights regarding data protection:

10.1.1. to apply for the correction of incorrect or incomplete Your Data;

10.1.2. to obtain information on whether we process Your Data and examine Your Data and

receive a copy thereof;

10.1.3. to provide objections to the Processing of Data if the use of the Data is based on legitimate interest;

10.1.4. to apply for the deletion of Data, for example, if You have withdrawn Your consent. The aforementioned right shall not apply if the Client Data that are asked to be deleted are also Processed on other legal grounds;

10.1.5. to restrict processing the Data, for example at the time when We assess whether You have the right to the deletion of Your data;

10.1.6. to withdraw Your consent for Processing the Data if the Processing takes place on the basis of consent. In such an event the withdrawal of the consent shall not affect the legality of the processing that took place before the consent was withdrawn;

9.1.7. to file complaints about the use of the Data with the Estonian Data Protection Inspectorate (www.aki.ee ) if You find that Processing Your Data infringes Your rights and interests.

11. PRIVACY WHEN USING DIGITAL ASSETS

11.1 Your funding of bitcoin or other Digital Assets may be recorded on a public blockchain. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks that are not controlled by us, we are not able to erase, modify, or alter personal data from such networks.

12. CONTACT DETAILS

12.1. You can contact us with any requests to exercise data subject rights and complaints regarding the processing of client data by e-mail [email protected] or by post: Uus 12 – 2 floor, 10111 Tallinn, Estonia.

13. PRIVACY NOTICE FOR CALIFORNIA AND FLORIDA RESIDENTS

13.1. If you are a California or Florida resident (hereinafter Consumer or You), this section applies to You and supplements the main Privacy Policy.

13.2. For more information about the types of personal information we collect, please see the “What Data We Collect” section in our Privacy Policy.

Purposes for collecting, sharing and processing Information

13.3. We collect Your personal information for the following business and commercial purposes:

• to authenticate You when You open a user account and use our devices or services. For opening a user account, we process Your name and e-mail.
• for the provision of the services, we process Your Personal data, Contact data, Financial data, Data about the Services provided to You, and Communication data.
• where we need to comply with a legal obligation and identify You when you register as a customer and perform our due diligence obligations provided by law. For those purposes, we process Your Identification Data, Data connected with money laundering (AML) and Counter-Terrorist Financing (CTF) regulations, and Data obtained, received, or generated in the course of fulfilling a legal obligation.
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For the purposes to detect security breaches, protecting against fraud and malicious activity, taking action against wrongdoers, etc. we process Your Location data and Service Usage Information.
• to send you marketing information about our services. For those purposes, we use only your phone number or e-mail and only if you gave us consent to reactive marketing information.

13.4.     We do not make Your data publicly available; we do not act as data brokers and we do not trade in or sell Your data. However, certain standard generally accepted business practices may be deemed as the “Sale” of data under the Consumer Privacy Act and Privacy Rights Act such as when we utilize third-party service providers that provide us with services, while they retain certain rights to use your data for their own business needs (e.g. Google Analytics, Facebook analytics, fraud detection services, etc.).

When You visit our website, You can opt in or opt-out of certain data transfers and sharing of personal activities which we operate. You can exercise your rights when you accept or do not accept the cookies on our website.

• For more details on how and to whom we share your data please refer to „Third Parties Disclosures“ in our Privacy Policy.

Your Consumer Rights

• You as a consumer have the right to request access to the specific pieces of personal information we have collected about them in the last 12 months. You may make this request up to two times in a 12-month period.
• You may also request additional details about our information practices, including the categories of personal information we have collected about You, the categories of sources of such collection, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share and sell Your personal information, the categories of personal information we have disclosed and “sold” about You in the preceding 12 months, and the categories of third parties to whom we sold personal information in the preceding 12 months.
• You also have the right to request the deletion of Your personal information (subject to certain exceptions), to opt-out of sales of personal information, and to receive equal service and price and not be discriminated against even if You exercise any of Your rights (unless permitted by applicable law, such as if the differences are reasonably related to Your information).
• You may make a rights request by submitting an email to [email protected]. Your request must include sufficient information that allows us to reasonably verify You are the person about whom we collected personal information, which may include Your email address, name, and account id (which is required only if You already have an account with us).

Data Protection Officer, Complaints and Contact details

• If You have a request to exercise Your rights, please contact our DPO Team in the following way: e-mail [email protected].