Concerning Principles of Processing Client’s Data (Valid as of 01.12.2022)
1. GENERAL PROVISIONS
1.2 This Data Policy shall apply if You enter into a Client agreement with us, use the Services provided by us, submit a Request to us, gave Your consent to process Your Data, or visit our Website.
1.3 We shall have the right to amend the Data Policy unilaterally at any time, based on applicable We shall inform You of the amendment of the Data Policy via our Website.
Client (You) refers to any natural or representative of the legal or natural person, who uses, has used, or expressed a wish to use our Services, who creates an account, submits a Request to us, or visits our Website
Data refers to any information about the Client and another person who has contacted us, the data about the Client’s representative, including data collected from public databases and public channels
Data Controller (we or us) refers to Zeply OÜ is registered at Lastekodu tn 25-37, 10113 Tallinn, Estonia. With registration number 14729704, and is licensed by the Estonian Financial Intelligence Unit under license number FVT000128.
Data Processor refers to anyone who processes Client data on behalf of the Data Controller
Digital asset is a digital representation of value (also referred to as “cryptocurrency” or “digital currency), such as bitcoin, which is based on the cryptographic protocol of a computer network
Account means a Client accessible account offered via our Services
Recipient refers to a natural or legal person, public authority, agency, or another body, to which the personal data is disclosed
Processing (Client Data) means any operation executed with Your Data, including the collection, recording, organization, storing, alteration, publication, grant of access to, making inquiries and statements, use, transmission, deletion, etc. of Your Data
Services refer to any services, provided by us to You via any channel such as websites, applications, or tools
Client agreement legal relationships between You and us entered into in order to perform any Services to You
Request means any request from You to us in order to get a conclusion, enter into an agreement, amendment, termination or cancel of Service
Website our websites www.zeply.com, app.zeply.com
AML/CTF means money laundering (AML) and Counter-Terrorist Financing (CTF) regulations
GDPR Regulation EU nr 2016/679 of the European Parlament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)
2. GENERAL PRINCIPLES OF PROCESSING DATA
2.2. We ensure, within the framework of data protection legislation, the confidentiality of client data and implement appropriate technical and organizational measures to safeguard Your Data from unauthorized access, unlawful disclosure, accidental loss, modification, destruction, or any other unlawful processing.
WHAT DATA DO WE COLLECT?
The categories of Your Data to be Processed shall be as follows:
name, personal identification code or date of birth, signature.
address, phone number, e-mail address.
bank account, transactions, liabilities, online payments and money transfers, payment method, price, quantity, time, authorization information, order activity history
|Data about the Services provided to You|
Transactions details (quantity, product, price) data about agreements entered into, amended or terminated, data about the performance of agreements, data about violations of the agreement, notices, service fees, enquiries and complaints, submitted Requests.
data on the identity document details, such as the name of the document, issuing country, number, expiration date, information on barcodes (depending on the document), photographs taken from you, videos and sound recording, electronic signature data, or other data received through third-party identification services.
|Data connected with money laundering (AML) and Counter-Terrorist Financing (CTF) regulations|
Your photographic identification, country of residence, data of identity document and copy of identity document, the source of funds, assets, the origin of assets, place of work, position, work, data about belonging to a politically exposed person to a local politically exposed person (position, institution).
requests, data related to communication via any channel, including communication by phone, e-mail, messages and other manners of communication
Service Usage Information
access date and time, device type and device identification, operating system and hardware setting, browser type, and information derived from SIM card, network operator, IP address, GPS.
data obtained while performing obligations arising from the law, including data arising from the enquiries made by investigative bodies, notaries, tax authorities, bailiffs courts and other state institutions.
4. HOW DO WE PROCESS YOUR DATA?
We process Your Data in order to perform Services to You or establish a Client relationship with You, also to respond to Your request and communicate with You, as well as to perform “know your client” and the “due diligence” obligations arising from the law.
4.2. To be able to use our services You shall go through the account registration process as well as KYC/AML verification, in order to create a Zeply Account. For this purpose, we process Your Personal data, Contact data, Identification Data, and Location data or data obtained, received or generated in the course of fulfilling a legal obligation for Your identification to comply with legal obligations. If you fail to provide this data, we cannot open an Account and you will not be able to continue using our services.
4.3. We process Your Personal Data, Contact Data, and Communication data in order to enter into a Client agreement and communicate with You, and this data is statutory to enter into a Client agreement. The legal basis for processing such data is the performance of a Client contract and if You fail to provide such data, we cannot perform Services to You
4.4. We process Financial data, data about the Services provided to You, Communication data and Data obtained, received, or generated in the course of fulfilling a legal obligation to perform and execute a Client agreement, including but not limited to reviewing, investigating, and preventing any potentially prohibited or illegal activities that may violate the Client agreement. The legal basis for processing such data is the performance of a Client contract and if You fail to provide such data, we cannot perform Services to You.
4.5. We process Your Personal Data, Data connected with AML and CTF regulations, Identification data, and Transaction data in order to check and verify Your identity to keep Your data updated and correct and also to comply with rules and regulations related to AML and CTF requirements. The processing of this data is necessary for the purpose of preventing money laundering and terrorist financing, which is considered a matter of public interest. If You fail to provide such data, we cannot perform Services for You.
4.6. When you access the Account, visit our Website and use Services, we may process Service Usage Information and Location Data to ensure that our interface is accessible for You and/or to customize, measure, and improve Services and the content of our Website, and to develop new services. The legal basis for processing such data is our legitimate interests, for example, we detect and prevent fraud and abuse in order to protect the security of our users, ourselves, or others.
4.7 We process Data about Your name and e-mail based on Your consent in order to send You information about our services and direct marketing messages. The consent will contain information on that specific processing activity. You can withdraw Your consent at any time and we will stop processing Your Data.
4.8. We use partly automated profiling, but the final decision will always be done by humans. Profiling is used for performing Our due diligence and monitoring process for building risk-based AML compliance frameworks. As a consequence of the profiling, we may classify You as low risk, middle-risk, or high-risk client or we may refuse to enter into a contract with You or withdraw the contract.
5. HOW DO WE COLLECT THE DATA?
5.1. Most of the data we collect and the process is directly provided by You. We collect and process the information about you in the following situation:
– when You visit our Website, create an Account, log in or use our Service;
– when we provide Services to You or perform ongoing obligations;
– when You communicate or provide your feedback to us via email or any other channel;
– other situations when we may collect Your data as mentioned in this Privacy Notice.
5.2. We also may collect information about You from public or third-party sources, such as public databases, ID verification partners, payment providers, companies providing services for money laundering and terrorist financing checks, credit risk reduction, and other fraud and crime prevention purposes and companies providing similar services, blockchain data; marketing partners and advertising partners.
6. DO WE USE “COOKIES”?
6.2. You can choose to have Your computer warn You each time a cookie is being sent, or You can choose to turn off all cookies.
7. THIRD-PARTY DISCLOSURES
7.1. We do not trade, sell, or otherwise transfer your to other parties Your Data unless You give us consent to transfer such Data.
7.2. We disclose Data to Recipients such as:
– Identification and verification partners, as well as fraud management partners, in order to perform Your identification and comply with AML/ CTF obligation;
– our Website hosting partners and other parties who assist us in operating our Website;
– payment services providers;
– with companies providing services for money laundering and terrorist financing checks, credit risk reduction, and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies, and regulatory bodies with whom such Personal Data is shared
– partners, who provide us with accountant services in order to prepare the invoices;
– financial and legal consultants, auditors, or any other data processors of the Data Controller;
– data related to violation of a Client agreement to debt collectors in order to collect the debt.
7.3. We may also release Your information to public authorities and state institutions, such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities, Police, and Financial Intelligence Unit when we believe release is appropriate to comply with the law or protect ours or others rights, property, or safety.
7.4. We will not disclose more data than necessary for the purpose of disclosure and with respect to regulatory legislation and data protection legislation.
8. INTERNATIONAL TRANSFER OF PERSONAL DATA
8.1. We may transfer Your personal data outside of the European Union (“EU”) and the European Economic Area (“EEA”). Your personal data such as name, the identifier of the transaction, the identifier of the virtual currency wallet, the title and number of the identity document, personal identification code or date and place of birth, and residential address must be transferred to the recipient of the transaction for complying with the reasons of public interest concerning money laundering requirements. The recipient of the transaction can operate out of the EU or the EEA and it’s level of protection of personal data may not be as strong as in the EU countries. If you would like to learn more about terms of processing personal data and security measures applied to protect it please contact the recipient of the transaction to whom You transfer the Digital asset.
9. RETENTION OF YOUR DATA
9.2. We retain Your data processed for the performance of a Client agreement for seven years as of the end of our Client agreement. We retain your data related to AML / CTF for five years as of the date of termination of the business relationship.
9.3. We will retain and use Your information to the extent necessary to comply with our legal obligations, for example, if we are required to retain Your data to comply with applicable laws, resolve disputes, and enforce our agreements and policies.
10. DATA PROTECTION RIGHTS
10.1. You have the following rights regarding data protection:
10.1.1. to apply for the correction of incorrect or incomplete Your Data;
10.1.2. to obtain information on whether we process Your Data and examine Your Data and
receive a copy thereof;
10.1.3. to provide objections to the Processing of Data if the use of the Data is based on legitimate interest;
10.1.4. to apply for the deletion of Data, for example, if You have withdrawn Your consent. The aforementioned right shall not apply if the Client Data that are asked to be deleted are also Processed on other legal grounds;
10.1.5. to restrict processing the Data, for example at the time when We assess whether You have the right to the deletion of Your data;
10.1.6. to withdraw Your consent for Processing the Data if the Processing takes place on the basis of consent. In such an event the withdrawal of the consent shall not affect the legality of the processing that took place before the consent was withdrawn;
9.1.7. to file complaints about the use of the Data with the Estonian Data Protection Inspectorate (www.aki.ee ) if You find that Processing Your Data infringes Your rights and interests.
11. PRIVACY WHEN USING DIGITAL ASSETS
11.1 Your funding of bitcoin or other Digital Assets may be recorded on a public blockchain. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks that are not controlled by us, we are not able to erase, modify, or alter personal data from such networks.
12. CONTACT DETAILS
12.1. You can contact us with any requests to exercise data subject rights and complaints regarding the processing of client data by e-mail [email protected] or by post: Uus 12 – 2 floor, 10111 Tallinn, Estonia.
13. PRIVACY NOTICE FOR CALIFORNIA AND FLORIDA RESIDENTS
Purposes for collecting, sharing and processing Information
13.3. We collect Your personal information for the following business and commercial purposes:
- to authenticate You when You open a user account and use our devices or services. For opening a user account, we process Your name and e-mail.
- for the provision of the services, we process Your Personal data, Contact data, Financial data, Data about the Services provided to You, and Communication data.
- where we need to comply with a legal obligation and identify You when you register as a customer and perform our due diligence obligations provided by law. For those purposes, we process Your Identification Data, Data connected with money laundering (AML) and Counter-Terrorist Financing (CTF) regulations, and Data obtained, received, or generated in the course of fulfilling a legal obligation.
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For the purposes to detect security breaches, protecting against fraud and malicious activity, taking action against wrongdoers, etc. we process Your Location data and Service Usage Information.
- to send you marketing information about our services. For those purposes, we use only your phone number or e-mail and only if you gave us consent to reactive marketing information.
13.4. We do not make Your data publicly available; we do not act as data brokers and we do not trade in or sell Your data. However, certain standard generally accepted business practices may be deemed as the “Sale” of data under the Consumer Privacy Act and Privacy Rights Act such as when we utilize third-party service providers that provide us with services, while they retain certain rights to use your data for their own business needs (e.g. Google Analytics, Facebook analytics, fraud detection services, etc.).
When You visit our website, You can opt in or opt-out of certain data transfers and sharing of personal activities which we operate. You can exercise your rights when you accept or do not accept the cookies on our website.
Your Consumer Rights
- You as a consumer have the right to request access to the specific pieces of personal information we have collected about them in the last 12 months. You may make this request up to two times in a 12-month period.
- You may also request additional details about our information practices, including the categories of personal information we have collected about You, the categories of sources of such collection, the business or commercial purpose for collecting or selling personal information, the categories of third parties with whom we share and sell Your personal information, the categories of personal information we have disclosed and “sold” about You in the preceding 12 months, and the categories of third parties to whom we sold personal information in the preceding 12 months.
- You also have the right to request the deletion of Your personal information (subject to certain exceptions), to opt-out of sales of personal information, and to receive equal service and price and not be discriminated against even if You exercise any of Your rights (unless permitted by applicable law, such as if the differences are reasonably related to Your information).
- You may make a rights request by submitting an email to [email protected]. Your request must include sufficient information that allows us to reasonably verify You are the person about whom we collected personal information, which may include Your email address, name, and account id (which is required only if You already have an account with us).
Data Protection Officer, Complaints and Contact details
- If You have a request to exercise Your rights, please contact our DPO Team in the following way: e-mail [email protected].