This Version of ZERO21 Privacy Policy is valid from 11th day of
September 2024.
ZERO21 LTD is a Limited Company registered in Cyprus with a
registered address 19 Spyrou Kyprianou, Silver House, 4th floor,
3070 Limassol, Cyprus (Hereinafter: ZERO21 or Company).
Company is committed to protect and respect your privacy in
compliance with EU General Data Protection Regulation (GDPR)
2016/679 as well as in compliance with Cyprus Law (125(I)/2018).
”You” means you as a customer, a potential customer, our customer’s
employee or other relevant person such as our customer’s authorized
representative, director or beneficial owner as well as our
customer’s customer when using our services. This Privacy Policy
explains how the Company collects and uses your personal data. It
also describes your rights towards Company and how to exercise
them.
Company process individuals’ personal data for several reasons.
Company processes your personal data in the capacity of the data
controller.
Persons under the age of 18 cannot provide any personal data. We do
not accept users under the age of 18 and no part of our website is
structured to attract anyone under 18. If you are a person under the
age of 18 and if, despite the previous warning, you intend to
undertake any activities on this website, before any activities you
must obtain the consent of your legal guardians (parents, adoptive
parents, guardians, careers).
The terms used in this Privacy Policy are understood as defined in
the EU General Data Protection Regulation (GDPR) 2016/679.
This Privacy Policy explains the following:
In order to provide our services we need to process your personal
data as described below. In the course of our business, we collect
personal data in a variety of ways. We collect personal data
directly from data subjects, via data subject’s usage of this site,
of our service and through our customers. You may directly or
indirectly give us information about yourself in a variety of ways,
such as when you contact us, use our portal or any other service of
ours where you submit personal data.
Below we give you a list of all personal data that, depending on the
specific case, we may collect:
Special categories of data:
Company collects and processes biometric data (a photocopy of a
passport or other personal document with a photo) as a special
category of personal data only in the case we are under legal
obligation to collect such data and when the data subject has given
explicit consent to the processing of those personal data.
Personal data we may collect from third parties:
We may collect your personal data from third party services either
publicly available or engaged by us to verify you against sanction
lists (EU, UN and UK sanction lists or OFAC lists) and registers
held by tax authorities, company registration agencies and other
commercial or non-commercial information providers on beneficial
owners and politically exposed persons. We also collect information
from remitters, shops, banks, payment service providers and others.
Our legal basis for collecting, processing, and sharing such
information about you with third party services as explained in this
paragraph is fulfilling our legal obligations, such as preventing,
detecting and investigating money laundering, terrorist financing
and fraud prevention.
We use your personal data for a variety of reasons and based on
different legal basis.
Collecting personal data based on consent:
We may use your personal data to send you marketing communication
which you requested. These may include information about our
products and services, events, activities and promotions of our
associated partners’ products or services. This communication is
subscription based and requires your consent. The collection of
personal data is based on consent, the data subject will give
his/her consent by using “Consent Forms” that will store
documentation related to the consent given by the individual.
Individual consent will always be stored and documented in our
system. If you have given consent to the processing of your personal
data, you can always withdraw the consent by sending the e-mail to
the e- mail address given below in the contact details (see “How to
contact us” below). Withdrawal of consent does not affect the
admissibility of processing before the withdrawal. In case of
withdrawal of consent, we will not process your data, unless we have
legal obligation for processing. We will respond to each request as
soon as possible, and in any case no later than within 30 days of
receiving the request.
Collecting personal data based on contractual necessity:
We use your personal data for fulfilling our contractual obligations
towards you. It is impossible for us to perform our service to you
without collecting and processing your personal data (contractual
necessity as legal basis). Examples of contractual necessity as
legal basis for your personal data collection and processing are
opening an account with us, processing and/or initiating payment
transactions using our services, receiving settlements from us,
invoicing, etc.
Collecting personal data based on legal obligations:
In some cases we are under legal obligation to process your personal
data as part of our KYC requirements, preventing, detecting and
investigating money laundering, terrorist financing and fraud
prevention, sanction screening, reporting to tax authority, police
authorities, supervisory authorities, payment service requirements.
We may also send you information about the products and services
that you have purchased from us, and replies to a “Contact me” or
other web forms you have completed on our website. We will follow up
on incoming requests (customer support, emails, chats or phone
calls). We will notify you of every disruption to our services
(system messages).
We also have a legitimate interest to use profiling when monitoring
transactions in order to detect fraudulent transactions. Profiling
is any form of automated processing of personal data in the form of
analysis and assessment of specific aspects. Based on that analysis,
some cases of atypical behavior can be established, which are then
examined, one by one, in order to determine whether fraudulent
transactions exists or not.
Please keep in mind that We will not be able to provide our services
to you in case you fail to provide the necessary personal data as
described in this Privacy Policy.
We do not share, sell, rent or trade your personal data with any
third parties without your consent, except from what is described
below:
We may share with the merchant at which you made your purchase the
personal data necessary for the merchant’s performance, support and
administration of your order, including disputes. The personal data
shared with the merchant will be subject to the merchant's privacy
policies and practices.
We may pass your personal data on to our suppliers, acquirers,
payment service providers, banks, clearing and settlement mechanisms
and other business partners if necessary for providing our service
to you. Before sharing your personal data, we will always ensure
that we respect relevant financial industry secret obligation. For
example, if you have asked us to transfer funds, we need to disclose
certain information to fulfill such transfer.
We disclose personal data to authorities to the extent we are under
statutory obligation to do so. Such authorities may include tax
authorities, police authorities, AML authorities, law enforcement
authorities and supervisory authorities in relevant countries.
We may use sub-contractors (data processor) to process personal data
on our behalf, we are responsible for making sure they commit
themselves to adhere to this Privacy Policy and applicable data
protection legislation (GDPR) by signing the Data Processing
Agreement. You can obtain further information about specific
companies indicated in this section that could be provided with your
personal data by reaching us using the contact details provided in
this Privacy Policy.
We may transfer personal data to organizations outside the EU/EEA
area. If the sub-contractor (data processor) processes personal data
outside the EU/EEA area, these transfers are subject to special
rules under European and UK data protection law and such processing
is done in accordance with the EU Standard Contractual Clauses for
transfer to third countries.
If you would like further information, please contact us (see “How
to contact us” below).
Company has taken a number of steps in order to provide an extremely secure service. We use appropriate technical, organizational and administrative security measures to protect any information we hold from loss, misuse, unauthorized access, disclosure, alteration and destruction. The information is encrypted using secure socket layer technology (SSL) and is stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards. Where we have provided you (or where you have chosen) a password or access code which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share any passwords with anyone, you authorize the Company to act upon instructions and information from any person that enters your user ID or password. Please note that once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy.
You have the following rights in regard to your personal data:
You have the right to request information about whether we process your personal data, access to that data and all other data related to the processing of your data, in accordance with the regulations. In most of the cases this information is already presented to you in your online services from us. Your right to access may, however, be restricted by legislation and protection of other person’s privacy rights.
You have the right to request from us to correct your personal data if inaccurate, incomplete, or out of date.
You have the right to request that your personal data is deleted when it is no longer necessary for us to retain such data. Please note that due to the financial sector legislation we are in many cases under statutory obligation to retain personal data on you not only during the customer relationship but also for many more years after. For more details, please see Section “How long we keep your personal data”.
If you contest the correctness of the data which we have registered about you or lawfulness of processing, or if you have objected to the processing of the data in accordance with your right to object, you may request us to restrict the processing of this data to storing purposes only. The processing will only be restricted to storing until the correctness of the data can be established, or it can be checked whether our legitimate interests overwrite your interests. If you are not entitled to deletion of the data which we have registered about you, you may instead request that we restrict the processing of this data to storing purposes only. If the processing of the data which we have registered about you is solely necessary to assert a legal claim, you may also demand that other processing of this data be restricted to storing purposes only. We may process your data for other purposes if this is necessary to assert a legal claim or if you have granted your consent to this. We will inform you on any correction or deletion of personal data or limitation of their processing unless this is impossible or requires an excessive expenditure of time and resources.
You have the right to object when the processing of your data is based on legitimate interest or when your data is processed for public interest. You can always object to the processing of your personal data for direct marketing band profiling in concern to such marketing.
You have the right to receive the personal data that you provided to us in a machine-readable format. This right applies to personal data processed only by automated means and on the consent or fulfilling a contract basis. Where secure and technically feasible the data can also be transmitted to another data controller by us.
If you are not satisfied with the way in which we process your personal data you may in the first instance contact us at privacy@zero21.eu. If you remain dissatisfied, then you have the right to apply directly to your national supervisory authority for a decision. To find your national supervisory body please go to this adress.
Please be informed that you have the right not to apply to you a decision made solely on the basis of automated processing, including profiling, if that decision produces legal consequences for you or that decision significantly affects your position.
In the case you want to withdraw your consent, please make use of the link to manage your subscription included in our communication. Regarding the e-marketing please note that you may still receive system messages and notifications about your account activities.
Please be informed that we will notify you without undue delay of
any breach of personal data if that breach may cause a high risk to
your rights and freedoms.
Your request to exercise your rights as listed above will be
assessed given the circumstances in an individual case. Please bare
in mind that we may also retain and use your personal data as
necessary to comply with legal requirements, resolve disputes and or
enforce our agreements.
Any query about your privacy rights should be sent to
privacy@zero21.eu
What the cookies are?
As it is common practice on almost all professional websites, this
website uses cookies. Cookies are small files that are stored on
your computer in order to provide certain functionality and improve
your experience on the site. This page describes what information
they collect and how we use it. For general information about
cookies, see the Wikipedia article on
Wikipedia.
We collect, process and analyze data regarding the use of our
webpages. This includes standard information from your web browser,
such as browser type and browser language, your Internet Protocol
(“IP”) address, the actions you take on our websites, such as the
webpages viewed, and links clicked. We use cookies and similar
technologies to deliver our services to you, provide a secure online
environment, to manage marketing and provide a better online
experience and to make our website content more relevant to you. If
used alone, cookies do not personally identify you. You can set or
amend your web browser controls to accept or reject cookies. If you
choose to reject cookies, you may still use our sites and some
services, however your access to some functions and or website areas
might be restricted.
Your data will be kept as long as it is necessary for the purposes for which the data was collected and processed or as long as it is required by law.
We may change the Privacy Policy from time to time, we will not
diminish your rights under this Privacy Policy. We kindly ask you to
review our Privacy Policy from time to time, however if the changes
we make are significant, we will provide you with prominent notice.
Please contact us and/or our Data Protection Officer by post or
email if you have any questions about this Privacy Policy or the
information we hold about you.
Our contact details are shown below:
19 Spyrou Kyprianou, Silver House, 4th floor, 3070 Limassol, Cyprus
privacy@zero21.eu
If you would like this notice in another format (for example: audio, large print, braille) please contact us (see “How to contact us” above).