Zeply Privacy Policy

Concerning Principles of Processing Client’s Data (Valid as of 27.09.2021)

zeply Simpe Platform Policy


1.1 These Principles of Processing Client Data (hereinafter “Privacy Policy”) describe how we process Your data. Specific details on the processing of Your data might be also described in Client agreements with You or in other documents related to the Services.

1.2 This Data Policy shall apply if You enter into Client agreement with us, use the Services provided by us, submit a Request to us, gave Your consent to process Your Data or visit our Website.

1.3 We shall have the right to amend the Data Policy unilaterally at any time, based on applicable legislation. We shall inform You of the amendment of the Data Policy via our Website.



Client (You) refers to any natural or representative of the legal or natural person, who uses, has used or expressed a wish to use our Services, who creates an account, submit a Request to us or visit our Website

Data refers to any information about Client and another person who has contacted us, the data about the Client’s representative, including data collected from public databases and public channels

Data Controller

(we or us)refers to Zeply OÜ, registration code 14729704, address Uus 12-2 floor, 10111 Tallinn, Estonia

Data Processor refers to anyone who processes Client data on behalf of the data Controller

Digital asset a digital representation of value (also referred to as “cryptocurrency” or “digital currency), such as bitcoin, which is based on the cryptographic protocol of a computer network

Account  means a Client accessible account offered via our Services

Recipient refers to a natural or legal person, public authority, agency or another body, to which the personal data is disclosed

Processing (Client Data) means any operation executed with Your Data, including the collection, recording, organisation, storing, alteration, publication, grant of access to, making enquiries and statements, use, transmission, deletion, etc. of Your Data

Services refer to any services, provided by us to You via any channel such as websites, applications or tools

Client agreement legal relationships between You and us entered into in order to perform any Services to You

Request means any request from You to us in order to get conclusion, enter into agreement, amendment, termination or cancellation of Service

Website our websites www.zeply.com, app.zeply.com

AML/CTF means money laundering (AML) and Counter-Terrorist Financing (CTF) regulations

GDPR Regulation EU nr 2016/679 of the European Parlament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)



2.1 We process Your Data under the terms and conditions of this Privacy Policy and in accordance with the procedure laid down in the legislation, including the GDPR, Estonian Personal Data Protection Act, Money Laundering and Terrorist Financing Prevention Act, this Privacy Policy and agreements entered into with You.

2.2. We ensure, within the framework of data protection legislation, the confidentiality of client data and implements appropriate technical and organisational measures to safeguard Your Data from unauthorized access, unlawful disclosure, accidental loss, modification, destruction, or any other unlawful processing.

2.3. We will take all steps reasonably necessary to ensure that Your Data is treated securely and in accordance with this Privacy Policy and no transfer of Your personal information will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.


The categories of Your Data to be Processed shall be as follows:

Personal data

name, personal identification code or date of birth, signature.

Contact data

address, phone number, e-mail address.

Financial data

bank account, transactions, liabilities, online payments and money transfers, payment method, price, quantity, time, authorization information, order activity history

Data about the Services provided to You

Transactions details (quantity, product, price) data about agreements entered into, amended or terminated, data about the performance of agreements, data about violations of the agreement, notices, service fees, enquiries and complaints, submitted Requests.

Identification Data

data on the identity document details, such as the name of the document, issuing country, number, expiration date, information on barcodes (depending on the document), photographs taken from you, videos and sound recording, electronic signature data, or other data received through third-party identification services.

Data connected with money laundering (AML) and Counter-Terrorist Financing (CTF) regulations

Your photographic identification, country of residence, data of identity document and copy of identity document, the source of funds, assets, the origin of assets, place of work, position, work, data about belonging to a politically exposed person to a local politically exposed person (position, institution).

Communication data 

requests, data related to communication via any channel, including communication by phone, e-mail, messages and other manners of communication

Service Usage Information

access date and time, device type and device identification, operating system and hardware setting, browser type, and information derived from SIM card, network operator, IP address, GPS.

Other Data

data obtained while performing obligations arising from the law, including data arising from the enquiries made by investigative bodies, notaries, tax authorities, bailiffs courts and other state institutions.


4.1 We process Your Data in order to perform Services to You or establish a Client relationship with You, also to respond on Your request and communicate with you, as well as to perform “know your client” and the “due diligence” obligations arising from the law.

4.2. In order to open an account, we process Your Personal Data, Contact Data, Location Data, and Communication data. The legal basis of processing such data is Your consent. You can withdraw Your consent at any time and we will stop processing Your Data. To be able to use our services You shall go through the registration process as well as KYC/AML verification, in order to create a Zeply Account. For this purposes, we process Your Identification Data or data obtained, received, or generated in the course of fulfilling a legal obligation for Your identification to comply with legal obligations. If you fail to provide this data, we cannot open an Account and you will not be able to continue using our services.

4.3. We process Your Personal data, Contact Data, and Communication data in order to enter into a Client agreement and communicate with You, and this data is statutory to enter into a Client agreement. The legal basis of processing such data is the performance of a Client contract and if You fail to provide such data, we cannot perform Services to You.

4.4. We process Financial data, data about the Services provided to You, Communication data and Data obtained, received, or generated in the course of fulfilling a legal obligation to perform and execute a Client agreement, including but not limited to reviewing, investigating, and preventing any potentially prohibited or illegal activities that may violate the Client agreement. The legal basis of processing such data is the performance of a Client contract and if You fail to provide such data, we cannot perform Services to You.

4.5. We process Data connected with AML and CTF regulations in order to check and verify Your identity and to keep Your data updated and correct and also comply with rules and regulations related to AML and CTF requirements. We will explain to You the content and requirements of such personal data each time we collect information, and we reserve the right to change the content and requirements of the collected information as the global regulatory or local regulatory standards change. The processing of this data is necessary for compliance with a legal obligation arising from AML and CTF regulations to which we are the subject and if You fail to provide such data, we cannot perform Services to You.

4.6. When you access the Account, visit our Website and use Services, we may process Service Usage Information and Location Data to ensure that our interface is accessible for You and/or to customize, measure, and improve Services and the content of our Website, and to develop new services. The legal basis of processing such data is our legitimate interests.

4.7  We process Data about Your name and e-mail based on Your consent in order to send You information about our services and direct marketing messages. The consent will contain information on that specific processing activity. You can withdraw Your consent at any time and we will stop process Your Data.

4.8. We use partly automated profiling, but the final decision will always be done by humans. Profiling is used for performing Our due diligence and monitoring process for building risk-based AML compliance frameworks. As a consequence of the profiling, we may classify You as low risk, middle-risk, or high-risk client or we may refuse to enter into a contract with You or withdraw the contract.


5.1. Most of data we collect and process is directly provided by You. We collect and process the information about you in the following situation:

– when You visit our Website, create an Account, log in or use our Service;

– when we provide Services to You or perform ongoing obligations;

– when You communicate or provide your feedback to us via email or any other channel;

– when You use cookies of the browser or software in visiting or using our Website;

  other situations when we may collect Your data as mentioned in this Privacy Notice.

5.2. We also may collect information about You from public or third-party sources, such as public databases, ID verification partners, payment providers, companies providing services for money laundering and terrorist financing checks, credit risk reduction, and other fraud and crime prevention purposes and companies providing similar services, blockchain data; marketing partners and advertising partners.


6.1. Yes. We use cookies whenever You visit Our Website. The cookies used are listed in our respective cookie policies available on websites  https://zeply.com/ and app.zeply.com

6.2. You can choose to have Your computer warn You each time a cookie is being sent, or You can choose to turn off all cookies.


7.1. We do not trade, sell, or otherwise transfer your to other parties Your Data unless You give us consent to transfer such Data.

8.2. We disclose Data to Recipients such as:

– Identification and  verification partners, as well as fraud management partners, in order to perform Your identification and comply with AML/ CTF obligation;

 – our Website hosting partners and other parties who assist us in operating our Website;

– payment services providers;

– with companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such Personal Data is shared

– partners, who provide us with accountant services in order to prepare the invoices;

– financial and legal consultants, auditors or any other data processors of the Data Controller;

– data related to violation of a Client agreement to debt collectors in order to collect the debt.

7.3. We may also release Your information to public authorities and state institutions, such as law enforcement agencies, bailiffs, notaries, tax authorities, supervisory authorities, Police and Financial Intelligence Unit when we believe release is appropriate to comply with the law or protect ours or others rights, property, or safety.

7.4. We will not disclose more Data than necessary for the purpose of disclosure and with respect to regulatory legislation and data protection legislation.


8.1. We will retain Your Data only for as long as is necessary for the purposes set out in this Privacy Policy or as required by regulatory legislation or data protection legislation.

8.2. We retain Your data processed for the performance of a Client agreement seven years as of the end of our Client agreement. We retain your data related AML/ CTF five years as of the date of termination of the business relationship.

8.3. We will retain and use Your information to the extent necessary to comply with our legal obligations, for example, if we are required to retain Your data to comply with applicable laws, resolve disputes, and enforce our agreements and policies.


9.1.      You have the following rights regarding data protection:

9.1.1. to apply for the correction of incorrect or incomplete Your Data;

9.1.2. to obtain information on whether we process Your Data and examine Your Data and

receive a copy thereof;

9.1.3. to provide objections to the Processing of Data if the use of the Data is based on legitimate interest;

9.1.4. to apply for the deletion of Data, for example, if You have withdrawn Your consent. The aforementioned right shall not apply if the Client Data that are asked to be deleted are also Processed on other legal grounds;

9.1.5. to restrict processing the Data, for example at the time when We assess whether You have the right to the deletion of Your data;

9.1.6. to withdraw Your consent for Processing the Data if the Processing takes place on the basis of consent. In such an event the withdrawal of the consent shall not affect the legality of the processing that took place before the consent was withdrawn;

9.1.7. to file complaints about the use of the Data with the Estonian Data Protection Inspectorate (www.aki.ee ) if You find that Processing Your Data infringes Your rights and interests.


10.1 Your funding of bitcoin or other Digital Assets, may be recorded on a public blockchain. Many blockchains are open to forensic analysis which can lead to deanonymization and the unintentional revelation of private financial information, especially when blockchain data is combined with other data. Because blockchains are decentralized or third-party networks which are not controlled by us, we are not able to erase, modify, or alter personal data from such networks.


11.1. You can contact us with any requests to exercise data subject rights and complaints regarding the processing of client data by e-mail [email protected] or by post: Uus 12 – 2 floor, 10111 Tallinn, Estonia.

Ready to unlock digital value?