Concerning Principles of Processing Client’s Data (Valid as of 27.09.2021)
1. GENERAL PROVISIONS
1.2 This Data Policy shall apply if You enter into Client agreement with us, use the Services provided by us, submit a Request to us, gave Your consent to process Your Data or visit our Website.
1.3 We shall have the right to amend the Data Policy unilaterally at any time, based on applicable legislation. We shall inform You of the amendment of the Data Policy via our Website.
Client (You) refers to any natural or representative of the legal or natural person, who uses, has used or expressed a wish to use our Services, who creates an account, submit a Request to us or visit our Website
Data refers to any information about Client and another person who has contacted us, the data about the Client’s representative, including data collected from public databases and public channels
(we or us)refers to Zeply OÜ, registration code 14729704, address Uus 12-2 floor, 10111 Tallinn, Estonia
Data Processor refers to anyone who processes Client data on behalf of the data Controller
Digital asset a digital representation of value (also referred to as “cryptocurrency” or “digital currency), such as bitcoin, which is based on the cryptographic protocol of a computer network
Account means a Client accessible account offered via our Services
Recipient refers to a natural or legal person, public authority, agency or another body, to which the personal data is disclosed
Processing (Client Data) means any operation executed with Your Data, including the collection, recording, organisation, storing, alteration, publication, grant of access to, making enquiries and statements, use, transmission, deletion, etc. of Your Data
Services refer to any services, provided by us to You via any channel such as websites, applications or tools
Client agreement legal relationships between You and us entered into in order to perform any Services to You
Request means any request from You to us in order to get conclusion, enter into agreement, amendment, termination or cancellation of Service
Website our websites www.zeply.com, app.zeply.com
AML/CTF means money laundering (AML) and Counter-Terrorist Financing (CTF) regulations
GDPR Regulation EU nr 2016/679 of the European Parlament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)
2. GENERAL PRINCIPLES OF PROCESSING DATA
2.2. We ensure, within the framework of data protection legislation, the confidentiality of client data and implements appropriate technical and organisational measures to safeguard Your Data from unauthorized access, unlawful disclosure, accidental loss, modification, destruction, or any other unlawful processing.
WHAT DATA DO WE COLLECT?
The categories of Your Data to be Processed shall be as follows:
name, personal identification code or date of birth, signature.
address, phone number, e-mail address.
bank account, transactions, liabilities, online payments and money transfers, payment method, price, quantity, time, authorization information, order activity history
|Data about the Services provided to You|
Transactions details (quantity, product, price) data about agreements entered into, amended or terminated, data about the performance of agreements, data about violations of the agreement, notices, service fees, enquiries and complaints, submitted Requests.
data on the identity document details, such as the name of the document, issuing country, number, expiration date, information on barcodes (depending on the document), photographs taken from you, videos and sound recording, electronic signature data, or other data received through third-party identification services.
|Data connected with money laundering (AML) and Counter-Terrorist Financing (CTF) regulations|
Your photographic identification, country of residence, data of identity document and copy of identity document, the source of funds, assets, the origin of assets, place of work, position, work, data about belonging to a politically exposed person to a local politically exposed person (position, institution).
requests, data related to communication via any channel, including communication by phone, e-mail, messages and other manners of communication
Service Usage Information
access date and time, device type and device identification, operating system and hardware setting, browser type, and information derived from SIM card, network operator, IP address, GPS.
data obtained while performing obligations arising from the law, including data arising from the enquiries made by investigative bodies, notaries, tax authorities, bailiffs courts and other state institutions.
4. HOW DO WE PROCESS YOU DATA?
4.1 We process Your Data in order to perform Services to You or establish a Client relationship with You, also to respond on Your request and communicate with you, as well as to perform “know your client” and the “due diligence” obligations arising from the law.
4.2. In order to open an account, we process Your Personal Data, Contact Data, Location Data, and Communication data. The legal basis of processing such data is Your consent. You can withdraw Your consent at any time and we will stop processing Your Data. To be able to use our services You shall go through the registration process as well as KYC/AML verification, in order to create a Zeply Account. For this purposes, we process Your Identification Data or data obtained, received, or generated in the course of fulfilling a legal obligation for Your identification to comply with legal obligations. If you fail to provide this data, we cannot open an Account and you will not be able to continue using our services.
4.3. We process Your Personal data, Contact Data, and Communication data in order to enter into a Client agreement and communicate with You, and this data is statutory to enter into a Client agreement. The legal basis of processing such data is the performance of a Client contract and if You fail to provide such data, we cannot perform Services to You.
4.4. We process Financial data, data about the Services provided to You, Communication data and Data obtained, received, or generated in the course of fulfilling a legal obligation to perform and execute a Client agreement, including but not limited to reviewing, investigating, and preventing any potentially prohibited or illegal activities that may violate the Client agreement. The legal basis of processing such data is the performance of a Client contract and if You fail to provide such data, we cannot perform Services to You.
4.5. We process Data connected with AML and CTF regulations in order to check and verify Your identity and to keep Your data updated and correct and also comply with rules and regulations related to AML and CTF requirements. We will explain to You the content and requirements of such personal data each time we collect information, and we reserve the right to change the content and requirements of the collected information as the global regulatory or local regulatory standards change. The processing of this data is necessary for compliance with a legal obligation arising from AML and CTF regulations to which we are the subject and if You fail to provide such data, we cannot perform Services to You.
4.6. When you access the Account, visit our Website and use Services, we may process Service Usage Information and Location Data to ensure that our interface is accessible for You and/or to customize, measure, and improve Services and the content of our Website, and to develop new services. The legal basis of processing such data is our legitimate interests.
4.7 We process Data about Your name and e-mail based on Your consent in order to send You information about our services and direct marketing messages. The consent will contain information on that specific processing activity. You can withdraw Your consent at any time and we will stop process Your Data.
4.8. We use partly automated profiling, but the final decision will always be done by humans. Profiling is used for performing Our due diligence and monitoring process for building risk-based AML compliance frameworks. As a consequence of the profiling, we may classify You as low risk, middle-risk, or high-risk client or we may refuse to enter into a contract with You or withdraw the contract.
5. HOW DO WE COLLECT THE DATA?
5.1. Most of data we collect and process is directly provided by You. We collect and process the information about you in the following situation:
– when You visit our Website, create an Account, log in or use our Service;
– when we provide Services to You or perform ongoing obligations;
– when You communicate or provide your feedback to us via email or any other channel;
– other situations when we may collect Your data as mentioned in this Privacy Notice.
5.2. We also may collect information about You from public or third-party sources, such as public databases, ID verification partners, payment providers, companies providing services for money laundering and terrorist financing checks, credit risk reduction, and other fraud and crime prevention purposes and companies providing similar services, blockchain data; marketing partners and advertising partners.
6. DO WE USE “COOKIES”?
6.2. You can choose to have Your computer warn You each time a cookie is being sent, or You can choose to turn off all cookies.
7. THIRD-PARTY DISCLOSURES
7.1. We do not trade, sell, or otherwise transfer your to other parties Your Data unless You give us consent to transfer such Data.
8.2. We disclose Data to Recipients such as:
– Identification and verification partners, as well as fraud management partners, in order to perform Your identification and comply with AML/ CTF obligation;
– our Website hosting partners and other parties who assist us in operating our Website;
– payment services providers;
– with companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such Personal Data is shared
– partners, who provide us with accountant services in order to prepare the invoices;
– financial and legal consultants, auditors or any other data processors of the Data Controller;
– data related to violation of a Client agreement to debt collectors in order to collect the debt.
7.3. We may also release Your information to public authorities and state institutions, such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities, Police and Financial Intelligence Unit when we believe release is appropriate to comply with the law or protect ours or others rights, property, or safety.
7.4. We will not disclose more Data than necessary for the purpose of disclosure and with respect to regulatory legislation and data protection legislation.
8. RETENTION OF YOUR DATA
8.2. We retain Your data processed for the performance of a Client agreement seven years as of the end of our Client agreement. We retain your data related AML/ CTF five years as of the date of termination of the business relationship.
8.3. We will retain and use Your information to the extent necessary to comply with our legal obligations, for example, if we are required to retain Your data to comply with applicable laws, resolve disputes, and enforce our agreements and policies.
9. DATA PROTECTION RIGHTS
9.1. You have the following rights regarding data protection:
9.1.1. to apply for the correction of incorrect or incomplete Your Data;
9.1.2. to obtain information on whether we process Your Data and examine Your Data and
receive a copy thereof;
9.1.3. to provide objections to the Processing of Data if the use of the Data is based on legitimate interest;
9.1.4. to apply for the deletion of Data, for example, if You have withdrawn Your consent. The aforementioned right shall not apply if the Client Data that are asked to be deleted are also Processed on other legal grounds;
9.1.5. to restrict processing the Data, for example at the time when We assess whether You have the right to the deletion of Your data;
9.1.6. to withdraw Your consent for Processing the Data if the Processing takes place on the basis of consent. In such an event the withdrawal of the consent shall not affect the legality of the processing that took place before the consent was withdrawn;
9.1.7. to file complaints about the use of the Data with the Estonian Data Protection Inspectorate (www.aki.ee ) if You find that Processing Your Data infringes Your rights and interests.
10. PRIVACY WHEN USING DIGITAL ASSETS
10.1 Your funding of bitcoin or other Digital Assets, may be recorded on a public blockchain. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks which are not controlled by us, we are not able to erase, modify, or alter personal data from such networks.
11.1. You can contact us with any requests to exercise data subject rights and complaints regarding the processing of client data by e-mail [email protected] or by post: Uus 12 – 2 floor, 10111 Tallinn, Estonia.