• EN
  • RU
    • Join now Log in
    Telegram
  • EN
  • RU
    • Join now Log in

    Privacy Policy

    I. General Provisions

    1. The Zambulay Fintech Platform (hereinafter – the “Company”, “we”, “us” or “our”) is committed to ensuring the confidentiality of individuals (“you”, “your” or the “user”) whose personal data we process. This Privacy Policy (hereinafter – the “Policy”) describes how we collect, use, store and protect personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter – “GDPR”) and other applicable data protection laws on our platform, including our website zambulay.com and related services (hereinafter – the “Platform”).
    1. This Policy is intended to inform you – business clients, representatives, Platform visitors, or other individuals interacting with us – about:
      • what personal data we collect;
      • how and why we process it;
      • your data protection rights under applicable law;
      • how we ensure the security of your data.
    2. We recommend that you read this Policy carefully to understand our views and practices regarding your personal data and how we handle it.
    3. We reserve the right to update or change this Policy at any time to reflect changes in our practices, legal obligations, or the range of services offered. Any updates will be published on this page, and we will notify you of significant changes where necessary. We recommend that you review this Policy periodically to stay informed about how we protect your data.
    4. By continuing to use our Platform or services, you confirm that you have read and understood this Policy, including any updates or changes that may be made from time to time.
    5. Company Information: Kupaline OU, registration number Legal address: Kivila tn 21-101, Tallinn, 13918

    II. Controller of Personal Data

    The controller of personal data, responsible under applicable data protection legislation, is:

    Zambulay

    Email: info@zambulay.com

    III. Legal Bases for Processing Personal Data

    1. We process personal data only when we have a lawful basis to do so. The legal bases we rely on may include:
    • Contract performance – when processing is necessary to fulfill our contractual obligations to you, such as providing the services you request or responding to your inquiries;
    • Compliance with legal obligations – when we must process data to comply with applicable legal or regulatory requirements;
    • Legitimate interests – when processing is necessary for the purposes of our legitimate business interests, provided that such interests do not override your fundamental rights and freedoms. This may include improving our services, securing our IT systems, or informing you about our offers;
    • Consent – when you have given us explicit permission to process your data for a specific purpose. Where consent is the basis, you have the right to withdraw it at any time, and the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal;
    • Public interest – when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
    1. In some cases, we are required by law or to enter into/perform a contract with you to collect certain personal data. If you do not provide such information when requested, we may not be able to conclude the contract or provide the agreed services to you. This may lead to the suspension or cancellation of service provision. Where applicable, we will notify you of such a situation arising.

    IV. Purposes of Processing Personal Data

    1. We collect and process your personal data only for specific, explicit, and lawful purposes. These purposes include:
      • Providing and managing our services – including responding to your inquiries, communicating with users, and directly providing our financial services, including issuing virtual and physical payment cards (including cards issued in various countries), facilitating fast transfers, securely holding funds in accounts, maintaining team accounts, providing credit lines, processing online payments, and offering financial assistant services;
      • Maintaining and improving our Platform and operations – analyzing Platform usage and diagnosing technical issues to enhance the functionality and security of our system;
      • Managing customer relationships – including managing accounts (including team accounts), providing user support, and conducting business communications;
      • Complying with legal and regulatory obligations – for example, fulfilling tax reporting requirements, anti-fraud and anti-money laundering (AML) requirements, as well as complying with data protection laws and other applicable regulations;
      • Sending informational or marketing messages – if you have given us your consent or if permitted by applicable law, we may contact you regarding relevant news, offers, or updates to our services;
      • Protecting our rights and interests – including detecting and preventing fraud, unauthorized access, and other security risks, as well as to protect our legal rights (e.g., to prevent non-payment and recover debts, where applicable).
    1. We do not engage in automated decision-making or profiling concerning your personal data without notifying you and obtaining your explicit consent, where such consent is required by law.

    V. Categories of Personal Data Collected

    1. The Company may collect, use, store, and transfer various types of personal data about you, which may include, but are not limited to:
      • Identification and contact data – such as your name, surname (including maiden name, if applicable), date of birth, residential address, username or similar identifier, gender, phone number, email address;
      • Identification documents and verification data – such as copies of identity documents (passport, national ID card, or driver’s license), identification numbers (e.g., Tax ID), information on citizenship or country of residence, and other information necessary for identity verification or compliance procedures (e.g., KYC/AML requirements);
      • Financial and transactional data – including bank account details, issued payment card numbers (virtual or physical) and related details (e.g., issuing country BIN, expiry date), account balances, transaction history, deposit and withdrawal amounts, and information about payment recipients;
      • Credit and financial information – if you apply for credit products (e.g., a credit line), we may collect data about your financial situation, such as income level, employer details, financial obligations, credit history, and other information necessary to assess your creditworthiness;
      • Team account data – if you use team (multi-user) accounts, we may collect information about the organization (e.g., company name, registration details) and personal data of your team members or other authorized persons you grant access to your account (their names, contact details, and access rights);
      • Survey and preference data – including your preferences, feedback, and responses to surveys or questionnaires you may complete as part of using our services;
      • Technical data – including your IP address, browser type and version, time zone settings and location, browser plugin types and versions, operating system and platform, and other technologies on the devices you use to access the Platform;
      • Usage and marketing data – including information about how you interact with our Platform, its content, and services; your preferences in receiving marketing messages from us and your communication preferences.

    VI. Your Rights

    1. Under applicable law, you have a number of important rights regarding your personal data. These rights are designed to give you control over how your data is collected, used, and processed. You have the right to:
    • Request access to your personal data – you have the right to request confirmation of processing, access to the personal data we hold about you, and to receive a copy of that data;
    • Request rectification – if you believe any personal data we hold about you is inaccurate or incomplete, you may request its correction or updating;
    • Request erasure (“right to be forgotten”) – you may request the deletion of your personal data if we do not have compelling legitimate grounds to continue its processing;
    • Object to processing – you may object to the processing of your personal data where we rely on our legitimate interest as the basis for processing and there are circumstances in your particular situation which give grounds for such an objection;
    • Request restriction of processing – you have the right to request the suspension of processing of your personal data under certain circumstances (e.g., during the verification of data accuracy or the lawfulness of our processing);
    • Request data portability – you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request the transfer of that data to another controller, where technically feasible;
    • Withdraw consent – if we rely on your consent as the legal basis for processing personal data, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
    • Lodge a complaint – if you believe your data protection rights have been violated, you may lodge a complaint with the competent data protection supervisory authority in your country of residence or another jurisdiction, according to applicable law.
    1. To exercise any of the rights listed above, please contact us using the contact information provided in this Policy.

    VII. Data Retention and Security

    1. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, regulatory, accounting, or reporting requirements. We may also retain data for a longer period if necessary to address a complaint or if we reasonably believe there may be legal claims arising from our relationship with you.
    2. In determining the appropriate retention period for personal data, we consider the nature, volume, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes of processing, the possibility of achieving those purposes by other means, and applicable legal data retention requirements.
    3. In some cases, you may request the deletion of your personal data. If data is deleted at your request, we may retain limited copies necessary to protect our or third parties’ legitimate interests, fulfill legal obligations, resolve disputes, troubleshoot technical issues, or enforce any agreements. We may also anonymize your personal data so that it can no longer be associated with you, in which case we may use such data indefinitely without further notice.
    1. To protect your data, the Company implements appropriate technical and organizational security measures to prevent unauthorized access, disclosure, loss, or misuse of personal data. Access to personal data is granted only to employees, contractors, agents, or other third parties who need it to perform their job duties or contractual obligations and who are bound by confidentiality obligations.
    2. We maintain internal procedures and action plans for suspected data security breaches and will notify both you and the relevant supervisory authority of any significant personal data breaches where required by law and within the prescribed timeframes.

    VIII. Disclosure and Transfer of Personal Data to Third Parties

    1. The Company may disclose your personal data to third parties only when there is a necessary need and in accordance with applicable data protection laws. Such third parties may include:
      • Service providers and contractors supporting our operations (e.g., in information technology, hosting, software maintenance, and system administration), as well as our financial partners – banks, payment systems, processing companies, and card issuers who participate in card issuance and processing your payments to provide you with our services;
      • Specialized data verification services, such as identity verification services or credit assessment companies, if required when providing you with specific services (e.g., when considering an application for a credit line or other financial product);
      • Legal, supervisory authorities, or government agencies if disclosure is necessary to comply with applicable law, execute a court order, or participate in legal proceedings (e.g., responding to requests from regulators, law enforcement, or tax authorities);
      • Professional advisors – including lawyers, auditors, accountants, or insurance agents, if disclosure is necessary to establish, exercise, or defend our legal rights and interests (e.g., in the context of an audit or dispute resolution);
      • Business partners or affiliates – if disclosure is required in the context of providing services to you or fulfilling contractual obligations (e.g., if any part of our services is provided jointly with a partner, or in the event of a reorganization or any kind of merger/acquisition of our company, your data may be disclosed to a potential successor subject to confidentiality requirements).
    2. All third parties to whom we disclose personal data are obliged to maintain confidentiality and ensure the security of your data. Such parties are bound by contractual obligations to process personal data only according to our instructions and in compliance with applicable data protection laws. We do not sell your personal data or provide access to it to an indefinite circle of persons.

     

    IX. International Transfer of Personal Data

    1. In some cases, your personal data may be transferred, stored, or otherwise processed in countries outside the European Economic Area (EEA). Such countries may have a different data protection regime which may not provide the same level of protection for personal data as provided under the GDPR. For example, such transfers may occur when we cooperate with banking or payment partners located outside the EEA for card issuance or transaction processing as part of providing our services to you.
    2. For any transfer of your personal data outside the EEA, we take necessary measures to ensure a similar degree of protection for such data by implementing one or more of the following safeguards:
      • Transfer is made to countries deemed by the European Commission to provide an adequate level of protection for personal data;
      • Application of Standard Contractual Clauses (model contractual clauses) approved by the European Commission, which provide personal data with the same level of protection as in Europe;
      • Where necessary – verification that the recipient is certified under an approved data protection framework (e.g., compliance with EU data protection adequacy frameworks with other countries, where applicable).
    3. You can contact us for further information about the mechanisms we use when transferring your personal data outside the EEA.

    X. Cookies

    1. Our website uses cookies and similar technologies to enhance user experience, analyze traffic, and maintain service functionality. A cookie is a small text file that is placed on your device when you visit a website.
    2. We use the following types of cookies:
      • Essential (necessary) cookies – these are necessary for the basic functioning of our website and cannot be switched off in our systems. They are usually set only in response to actions you take, such as logging into your account, filling out forms, or setting privacy preferences. Without these cookies, some parts of the site will not work properly;
      • Analytical/performance cookies – these cookies help us understand how visitors interact with the Platform by collecting anonymous information (e.g., number of visitors, pages visited, traffic sources). This allows us to evaluate and improve Platform performance and offer a more user-friendly service;
      • Functional cookies – these cookies allow our site to remember choices you have made (e.g., language or region selection) and provide enhanced, more personalized features. They may be used to provide functionality you have requested, such as playing a video or using social media features.
    3. By continuing to use our website, you agree to the use of cookies in accordance with this Policy, unless you have disabled them through your browser settings. Please note that disabling some cookies may affect the performance and functionality of the site.
    4. You can manage or delete cookies at any time through your browser settings. For more information on how to manage or delete cookies, please refer to the help section of your browser or visit allaboutcookies.org.