Privacy Notice of ZENCOIN
In ZEN we want to be transparent about how we process and protect your personal data. Below you can see why ZENCOIN (“we”, “us”, “our”) process your personal data, which types of personal data we process, and who processes your personal data.
1. Who is legally responsible for the safeguarding of your personal data?
ZENCOIN Global Cryptocurrency Investment Foundation
We are required to handle (“process”) your personal data securely and otherwise in accordance with the GDPR and if any national legislation requires a higher level of protection for personal data than the GDPR, such stricter requirements are to be complied with.
2. What personal data might we process about you and where do we get it from?
We will only collect data about you that is relevant in the context of the relationship which we have with you.
We primarily collect information directly from you. But we will also collect personal data from other sources, which may include other ZENCOIN entities, other companies and financial institutions, publicly available sources (e.g. the press, registers of companies, the internet, including social media platforms) and from providers of business-risk screening services, anti-fraud databases, sanctions lists and databases of news articles.
The types of personal data that we process may include:
- Name and contact information;
- Records related to our client relationship and relevant services, including data deriving from your usage of our IT platforms and, mobile apps;
- KYC (Know Your Customer) records, such as passport details, social security number, date and place of birth, source of wealth, rationale for use of corporate structures, your employment including whether you are entrusted with a prominent public function, as well as information from adverse media relevant for the relationship.
- Financial information, such as bank account details, specimen signature, income, assets, outgoings, investment objectives, marital status and details of knowledge about financial products and services, risk appetite, capacity for loss, tax status and domicile.
- Biometric data for the purpose of verifying your identity during onboarding.
- Recordings of calls and electronic communication.
- Records of your engagement with our platform, apps, emails, text messages and social media.
- Information on geographical location for the purpose of complying with sanctions and other legal requirements.
3. For which purposes will we use your data and on what legal basis?
We process your personal data with the following purposes:
- For the performance of a contract
It may be necessary for us to process your personal data in order to perform a contract with you relating to our financial services, or to act upon at your instructions prior to entering into a contract.
For further details, please refer to your contractual documentation with us.
- For compliance with a legal obligation or acting in the public interest
As a licensed bank, we are subject to a number of statutory and regulatory obligations that may require us to collect, store or disclose personal data, such as for anti-money laundering purposes, sanctions or to respond to investigations or disclosure orders from the police, regulators of our group entities, and tax or other public authorities.
- For the purposes of legitimate interests
Where necessary, we process your personal data to serve our legitimate interests or those of a third party. Cases where we rely on our legitimate interests to process your personal data includes:
- Business analysis and development of products and services, including optimisation of platforms experience and customer service;
- Activities relating to information security and building security, including use of recording;
- Contact information for potential clients before finalising account opening and visitors;
- Recording of telephone lines and monitoring of electronic communications for business and compliance purposes, besides the legal requirements;
- Prevention and detection of fraud, financial crime and market abuse, including on any activity or transaction by end-clients of white-label clients on ZEN’s platform;
- Evaluating, bringing or defending legal claims;
- On the basis of your consent
If we wish to process your personal data in a way not covered by the legal justifications above, we will need your consent. Where you give consent, you are entitled to withdraw it at any time. Note that withdrawing your consent does not render our prior handling of your personal data unlawful, and that it might have an impact on our ability to continue to provide our services in the same way in future.
We rely on your consent for the following purposes:
- Verifying your identity by the use of biometric data.
- If you are part of the Preferred Broker Program, ZEN will share with the Employer certain data pertaining to the Client’s trading activities on ZEN’s trading platform.
- For providing marketing content.
- For collection of behavioural and statistical data (cookies) from using our websites.
4. Who might we share your personal data with?
Where necessary to fulfil your instructions to us and for the other purposes outlined above, we may share information about you with a range of recipients including the following: background screening providers, financial institutions, funds, payment recipients, payment and settlement infrastructure providers, exchanges, regulators, public authorities (including tax authorities), our other group entities and service providers, professional advisers, auditors, insurers and potential purchasers of elements of our business.
We will only disclose information about you as permitted under the contractual terms we have in place with you, the GDPR and client confidentiality obligations. ZEN do not under any circumstances sell the collected data to third party.
5. Will we transfer your data to countries outside EU/EEA?
We are active globally, which is part of our DNA and to offer you the best possible service, information relating to you may, in line with the purposes described above, be transferred to so-called “third countries”, meaning countries outside the EU or the EEA that does not by default ensure the same safeguarding of your personal data.
If we share personal data within ZENCOIN Group, the personal data is protected by our Binding Corporate Rules, which ensures your data is protected in the same way in all our legal entities.
If we use service providers in a country outside the EU/EEA, the personal data is protected by standard contractual clauses for data transfers between EU and non-EU countries or by an adequate data protection level being in place in the non-EU country, assessed by the EU Commission. We will only transfer your personal data to a third country in a way that is permitted under the GDPR.
6. How long will we keep your data for?
We will only retain your personal data as long as necessary for the purposes for which we obtained it.
Data collected as part of KYC, as well as trades and transactions will be kept until 5 years after the end of the client relationship due to legal requirements.
In some cases, there will be a need to preserve records beyond the above periods in order to be able to deal with actual audits, tax matters or legal claims.
In cases where data is collected as part of an account opening, which were never completed, the data will be retained for 2 years.
7. Will we use your data for profiling purposes?
Profiling in the context of this privacy notice is the use of an automated process to analyse personal data in order to assess or predict aspect of your behaviour. We may use profiling in the following circumstances:
- To help identify potential cases of financial crime;
- To provide you with information on our products and services that seem likely to be of interest.
8. What data protection rights do you have?
Subject to certain exceptions and limitations, by GDPR you have right to:
- Request access to your personal data. This enables you to receive a copy of the personal data we hold about you.
- Request correction of the personal data that we hold about you. This enables you to have incomplete or inaccurate data that we hold about you corrected.
- Request erasure of your personal data. The enables you to ask to delete your personal data where there is no good reason for us continuing to process it. This is sometimes referred to as the “right to be forgotten”.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your data, such as during the period of time it might take us to respond to a claim by you that the data is inaccurate or that our legitimate interest in processing it is outweighed by yours.
- Request us to transfer personal data that you gave us to you in a commonly used electronic format. This is known as the right to portability.
- Object to processing of your data. This enables you to object to processing of your personal data which is carried out.
- Request not to be subject to automated decision making. This enables you to ask us not to make a decision about you based purely on automated processing of your data, which affect your legal position (or has some other significant effect on you). We do not as a rule make decisions of this nature based solely on automated processing and without any human assessment whatsoever. We would notify you specifically if we did.
9. Are you under an obligation to provide us with your personal data?
You are not required by law to provide us with personal data. However, if you refuse to do so we may not be able continue the collaboration with you. For example, we are required by the anti-money laundering legislation to verify your identity. This inevitably requires us to collect certain personal data from you as a client.
10. Changes to this privacy notice
We may update this privacy notice from time to time in order to clarify it or address changes in GDPR or our business operations. We will notify you if we make any substantial updates.