Controller: ii Corporation (abv. “ZOOP”)
E-mail: privacy@zoop.com
Data Protection Officer: dpo@zoop.com
Processing:
Data will be processed by ZOOP, as controller, for the purposes of customer management which include creating an account, being registered as a user in ZOOP website and app, as well as sending communications, according to General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
Lawfulness of processing:
- Processing is necessary for the performance of a contract to which the data subject is party, namely customer management and sending communications.
- Processing is necessary for compliance with a legal obligation to which the controller is subject, according to point (c) of article 6 (1) ‘GDPR’, specifically Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 and The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.
- Processing is necessary for the purposes of the legitimate interests pursued by ZOOP that support sending promotional communications, backed by the business relationship established with the customer, in which it’s expected for them to receive information related to the products and services delivered by ZOOP, according to point (f) of article 6 (1) GDPR and ‘UK GDPR’
Recipients and International Data Transfers:
In compliance with legal and judicial obligations, ZOOP may be required to share your personal data with competent police and judicial authorities.
Additionally, beyond the entities mentioned above, ZOOP engages third-party service providers (subcontractors) who process users’ personal data on its behalf. These subcontractors include Stripe (payment processing) and Onfido (identity verification services). In instances where subcontractors are utilized, ZOOP ensures contractual safeguards aligned with applicable data protection legislation, including GDPR and UK GDPR.
Specifically, Stripe and Onfido may involve international data transfers. In these cases, personal data transfers are governed by appropriate legal safeguards, notably:
- Standard contractual clauses approved by the European Commission (available here); and
- Additional measures recommended by the European Data Protection Board (available here), ensuring robust protection of data subjects’ rights.
Data Retention:
a) ZOOP will retain data for a period of 5 years after the end of the business relationship or after the date of an occasional transaction, according to article 40 of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015;
b) ZOOP will retain data (e-mail address and phone number) for marketing purposes for a period of 2 years after user’s last access to their account. If the user intends to delete their account or in case of an exclusion of their account, marketing communications will be canceled.
Automated decisions and Profiling:
In the onboarding process, when the user signs up, automated screenings, including ID verification, will be undertaken as part of customer’s due diligence and enhanced due diligence procedures, according to Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 and The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which can implicate the acceptance or the rejection of the user’s application. Due to legal obligations, to comply with Anti-Money Laundering and Counter-Terrorism Financing rules, ZOOP will use automated systems to perform user’s screening and transaction monitoring. However, we emphasize that all final decisions on procedures will have human intervention.
Data Subject Rights:
The Data Subject/Consumer can request the access to their personal data, as well as its rectification or erasure, the right to restriction of processing and the right to data portability (except if any of the restrictions predicted on GDPR be applicable);
The Data Subject/Consumer can withdraw their consent, at any moment, without interfering on the data processing, on marketing communications;
The Data Subject/Consumer possesses the right to lodge a complaint with a supervisory authority.
The Consumer have a right not to receive discriminatory treatment for exercising their CCPA rights.
To find out more about our Privacy and Cookies Policy, please check on our website.