Privacy notice

General

This privacy statement sets out the privacy policy for sites’ infrastructure owned by the Private limited company Zibb (ZIBB OÜ / 16067992), hereinafter referred to as “Zibb” and / or “we” located at: Zibb.com, zibbmail.com, zibbcoin.com , zibbprotocol.com, zibbwallet.com, zibbrisk.com, zibbholder.com, zibbank.com, zibbtrade.com, zibbpay.com, zibbexchange.com, zibbinvest.com, zibbpartner.com, zibbchat.com, zibbcloud.com, zibbads .com, zibbstats.com, (the “Websites”), and any services or features that are available to you from these websites.

We endeavor to protect your personal information and respect your privacy. This privacy notice (together with the Terms of Use) sets out the basis on which any personal data that we collect from you will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will handle it.

This privacy notice complies with the Personal Data Protection Act (Estonia) and the General Data Protection Regulation (EU).

Collection and use of personal information

The company is ZIBB OÜ.

Data controller is an individual or legal entity who, independently or jointly with others, determines the purposes and means of processing personal data if the purposes and methods of such processing are determined by law. In this case, the Company is the Data Controller.

Data Processor is an individual or legal entity, authority, agency or other body that processes personal data on behalf of the controller.

Data subject is an individual in respect of whom the Company stores information; in the context, these are employees, partners, clients and other persons to whom the Company provides services.

Law is The Personal Data Protection Act (Estonia), which was adopted on 12.12.2018 and the General Data Protection Regulation (EU) 2016/679 of 27.04.2016.

1. What information do we collect?

We collect personal information about you when you use our products or services or interact with us in any way. We collect information about you from various sources, such as:

  • Apps, personal financial statements and other written or electronic messages that reflect information such as your name, address, identification number, occupation, assets and income.
  • Account transactions’ history, including your account balance, billing records and credit card’s usage.

This includes collecting information when you:

  • Contact us - for example, when you register, fill out an application or order form, leave us a review or file a complaint.
  • Use our products or services - for example, when you perform transactions, use your debit or credit card or make exchange transactions.
  • Visit our websites or use our mobile apps.

The information we collect from you may include:

  • Information about your identification data, including your name, date of birth and etc.
  • Information about correspondence’s details may include your actual address and place of residence, telephone number, e-mail address.
  • The transaction data’s information may include financial information, transaction information, card data.

When you visit our websites or use our mobile applications, we collect usage data - information about your location, IP address, browser type and version, operating system and any third-party sites you access.

Know your client, anti-money laundering information and other information to verify.

Other personal information, such as details of your interactions with us.

2. What are your rights?

You have the rights to transparent information, communication and ways how to exercise your rights as a data subject in accordance with the General Data Protection Regulation (GDPR) and the Personal Data Protection Act (Estonia). Your basic rights under the law:

  • the right to receive information;
  • the right of access;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to withdraw consent.

You have the right to be informed about the collection and use of personal data. Information should be concise, transparent, understandable, easily accessible and written in clear and understandable language.

You have the right to request details of the personal information we hold about you in accordance with the law.

You have a “right to be forgotten” to delete your personal data without undue delay. This applies in the following cases:

  • personal data are no longer needed in connection with the purposes for which they have been collected or otherwise processed;
  • you object to processing in accordance with certain regulations of the applicable data protection law.

You have the right to object to processing based on legitimate interests or task performance in public interests / exercise of formal authority (including profiling), direct marketing (including profiling).

To the extent that the legal basis for our processing of your personal data is consent that the processing is necessary to fulfill an agreement to which you are a party, or to take action at your request prior to entering into a contract, such processing is carried out using automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right is not applied if it could negatively affect the rights and freedoms of other persons.

If you believe that the processing of your personal information violates data protection laws, you have the legal right to file a complaint with the supervisory authority responsible for data protection. You can do this in the EU Member State where you resides, work or where the alleged violation is.

You may use any of your rights in relation to your personal data by giving us a written notice.

3. How do we collect your information?

Direct collection

We collect most of the above information directly from you when you submit it on our websites or through our mobile applications. This includes information such as contact information, registration information, and service requests. If you do not want to share your information, you can opt out of participating in certain services or activities.

Indirect collection - cookies and other technologies

The Zibb ecosystem uses cookies and local device storage to offer and render personalized services. We may use these technologies to:

  • provide you with personalized content based on your use of websites;
  • make the websites’ usage easier for you by remembering and using contact information, purchase information and registration information.
    We use the following types of technologies:

A cookie is a small amount of data that is sent to your browser from web servers and stored on your computer's hard drive. Cookies allow us to identify your browser as a unique user. Cookies may involve the transfer of information from us to you and from you to us. Some cookies are "constant" and are used by us every time you visit our site. Other cookies are called "session cookies" and are used only during a specific browsing session and expire after a predetermined amount of time. We may use a session cookie, for example, to remember that you have already gone through a certain menu. We may also use "analytics cookies" that enable web analytics services to recognize your browser or device and, for example, determine if you have visited our websites before, what you have previously viewed or clicked on, and how you found us. This information is provided anonymously for statistical analysis only.

You may deactivate cookies in your browser or set your browser to warn you when cookies are being sent. If you disactivate cookies, you may lose some features or functionality. Remember also that cookies’ deactivation is browser dependent.

Log files

Like most standard website servers, we use log files. Log files track Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring / exit pages, platform type, date / time stamp and number of clicks. We use this information to analyze trends, administer the site, prevent fraud, track site navigation in the aggregate and collect broad demographic information for the aggregate use.

4. How do we use your information?

We take great care in our use of your information. We use it to deliver our products and provide our services. We also use your information for other purposes, such as to better understand you and your needs and to inform you about other products and services that may interest you. We collect, use and share your information for the following purposes:

4.1 Provision of financial services;
4.1.1 Client’s identification;
4.1.2 Account maintenance /rendering payment services:
4.1.2.1 Provision of payment;
4.1.2.2 Issuing and servicing payment / credit cards;
4.1.3 Providing services of a remote financial institution:
4.1.3.1 Provision of Platform services;
4.1.3.2 Provision of services by phone;
4.1.3.3 Provision of mobile applications’ services;
4.1.3.4 Use of cookies;
4.1.4 Enforcement of statutory obligations:
4.1.4.1 Research "Know your customer", including identification of the client, identification of the beneficial owner and revelation of the politically exposed person;
4.1.4.2 Government agencies / investigations, etc. Compliance with law enforcement agencies’ requests;
4.1.4.3 Compliance with AML legal requirements such as maintaining systems for tracking suspicious and unusual transactions and reporting.
4.2 Clients’ support:
4.2.1 Providing email support;
4.2.2 Filling out online request forms;
4.2.3 Providing online chat messenger;
4.2.4 Provision of e-mail services.

We will use personal data in accordance with the Personal Data Protection Act (Estonia), the General Data Protection Regulation (EU) and the confidentiality obligation contained in the Terms of Service, and will only use and store the data to the extent and frames necessary to provide services on the platforms and to inform the platforms’ users.

5. Disclosure of information

We will not disclose any of your personal information unless we have your permission or in special circumstances, such as when we conscientiously believe that this is required by law.

Data in aggregate

We may disclose “blind” aggregated data and users’ statistics to potential partners and other third parties. Blind data are data that do not identify an individual.

Other

We may also disclose your information in special cases, e.g. if we believe we have to disclose information in order to identify, contact or take legal action against someone who may violate our Service Agreement, or may harm or interfere with our rights or property, other users or customers of the website or anyone else who may be harmed by such activities. We may disclose or access account’s information if we conscientiously believe that it is required by law, as well as for administrative and other purposes that we believe are necessary to maintain and improve our products and services.

As our business grows, we may buy or sell businesses or assets. In such transactions, confidential information about clients is usually one of the transferred business assets. In the case of a transaction involving the sale of a part or all of the Zibb business, information about clients and site visitors may be one of the transferred assets and may be disclosed in connection with negotiations relating to the proposed transaction. In this case, the transmitted information may be subject to a different privacy policy.

Security

6. How do we ensure security of your information?

We use a variety of security measures to ensure the confidentiality of your information. We endeavor to store your information for as long as we need it.

We store your paper and electronic records in secure buildings and systems. Only authorized Zibb employees are allowed to access your personal information.

System’s security

When you enter our websites or mobile apps, download wallets, we encrypt the data sent from your computer to our systems so that no one else can access them. We have firewalls, intrusion detectors and virus scanners to stop viruses and unauthorized access to our systems.

We use Secure Sockets Layered (SSL) technology to ensure that your information is fully encrypted and sent securely over the Internet.

We use PCI DSS encryption technology for payment cards’ numbers, passwords and registration information. Each session, required for two-factor authentication, represents an additional level of security, requiring more than just a password and username to login.

7. How does Zibb system protect financial information?

It is very important for us to maintain the confidentiality of your personal financial information. Any user statistics that we may provide to potential financial partners are provided in aggregate only and do not include any personal information about any individual user or corporate user.

8. Violation

If the violation could lead to a high risk to human rights and freedoms, we must inform you directly and without undue delay.

Personal data breach means a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of personal data or access to it. This includes violations that are the result of both accidental and intentional causes. In case of a personal data leakage, we will notify you immediately and, if possible, no later than 72 hours after we learn about it. Personal data’s violation may include:

  • access by an unauthorized third party;
  • sending personal data to a wrong recipient;
  • computer devices containing personal data are lost or stolen;
  • changing personal data without permission;
  • loss of accessibility of personal data.

This may result in the use of such information by third parties for their own purposes, legal or illegal. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us or our services. Upon receipt of your transmission, we undertake commercially reasonable efforts to store it securely in our systems.