Privacy policy
- Definition.
- Zinnera Exchange (hereinafter - «Company») must collect and process users personal data in order to serve its clients. At the same time, the Company strives to ensure the maximum level of protection of these data, because it considers confidentiality the most important in winning and maintaining the high level of trust of its clients and partners. To demonstrate this, the Company has introduced certain personal data protection measures that every employee is required to comply with. It is responsible for monitoring compliance with the rules governing the processing and storage of personal data, as well as for constantly improving the level of security in accordance with modern requirements. This Policy regulates the processing of personal data by the Zinnera Exchange.
- Personal data is information that is intended to identify a particular individual.
- Personal information may be non-confidential and confidential. Confidential personal data may consist of information on ethnic or racial origin, trade union membership, sexual orientation, health status, philosophical or religious beliefs, biometric or genetic data, and other personal data. Non-confidential data include FIO, education, employee ID, telephone number and home address. Some non-confidential data may also be considered confidential under certain conditions. This information is about family relationships, income levels, etc. Confidential and non-confidential information about a physical person must be carefully protected. The category of personal data influences what legal grounds allow it to be processed.
- The information about the Company is not confidential, but the information of its employees and contact persons is confidential.
- The company collects personal information about individuals solely for business purposes, such as the conclusion of contracts, relationship management, monitoring of legal obligations or contracts. These actions will be carried out under protective measures. The objectives of personal data collection are:
- Identification of the customer who is registered on the Company’s website;
- Provide the client with access to all personalized resources of the Company;
- Client feedback, including requests and notifications related to the use of the Company’s website and services, and requests from the Customer;
- Determine the current location of the customer to ensure an appropriate level of safety;
- Confirmation of the completeness and reliability of personal information provided by the client;
- To notify the customer of the status of his account;
- Receipt and processing of client payments;
- Provide the customer with effective technical support on the Company’s website and timely solution of problems encountered in the course of working with the site;
- Provide the client with news from the company, as well as information on prices, shares and special offers with the client’s consent;
- Conduct of advertising activities with the client’s consent;
- Provide the customer with access to the information resources of the partner companies in order to obtain additional services, updates or products.
- Personal data of clients will always be:
- To be processed on legal grounds;
- For legitimate purposes and thereafter not to be used in a manner contrary to these objectives;
- To the extent necessary to achieve the objectives;
- Data should always be accurate and up-to-date, otherwise every effort should be made to update them so that they are corrected or deleted as a result;
- Keep in a form that will enable the natural person to whom they belong, if necessary, to be identified;
- Be processed in such a way as to ensure full security of personal data against illegal processing, damage, destruction or loss.
- The Company assumes responsibility for security measures in handling personal information.
- The Policy also uses the following terms:
- «Personal data operator», also called «Management of the Company’s website» (hereinafter - Administration) in the person of authorized representatives of the Company, deals with processing of personal information of clients and defines the purposes and methods of this processing.
- «Processing of personal information» is any operation or action, as well as their totality, which is carried out with or without the use of automated systems, among which: collection, saving, systematization, updating, use, transfer and destruction of personal information.
- «Privacy of personal information» is a condition that must be observed by persons who work with personal information of clients, not allowing its dissemination without legal grounds or consent of the subject of the data.
- «Client of the Company» is a person who has access to resources or services of the Company.
- «IP address» is a unique address of the Internet user or Internet host, which functions according to IP-protocol.
- «Cookies» is a certain piece of information that the web server saves on the Internet user computer and requests if necessary.
- Legal framework.
- In addition to security measures for the processing of personal data, it must also be lawful. The legal framework depends on the type of personal data to be processed. The most common personal information for processing is name, telephone number, e-mail address and credit card data. The company uses them for the following purposes:
- Fulfilment of the terms of the contract;
- Fulfilment of legal obligations;
- Respect for the legal interests of the Company and/or a third party.
- Performance of the contract. It is lawful to collect and process personal information that relates to the fulfilment of contract terms where one of the parties is the subject of the data.
- Compliance with legal obligations.
- The company is bound by the law of the country with which it enters into a contract. These legal obligations may be sufficient to process the personal data of clients.
- These legal obligations include obligations to collect, store and provide customer-related information. These legal requirements will then form the legal basis for the processing of personal information.
- Legitimate Interests. Personal data will be processed only if it is necessary for the realization of the Company’s objectives. In doing so, it will ensure that the processing of personal information does not harm an individual.
- Acquiescence
- Where the processing of personal data is based on an individual’s consent to do so, the Company must demonstrate such consent.
- Consent must be free and unequivocal. The subject must give such consent by specific declaration.
- The request for consent to the processing of personal data should be submitted in a form that is distinct from other questions in accessible and simple language.
- Consent to the processing of confidential personal data must also be clear.
- Consent may be withdrawn by the subject at any time, after which the processing of his personal data will be terminated.
- Duties of the Company and the subject of personal data. This legal framework will only be relevant when the Company wishes to process the health status of its employees in accordance with the labour law or collective agreement.
- Legal actions. This legal basis will only be relevant if the Company has to process personal data in order to sue the data subject.
- Processing and transmission of personal data
- The company as a personal data controller. Most often, the personal data are processed by the Company as a data controller, because it determines the means and the end goals of this processing.
- The use of personal data processors. An external processor is an organization that processes personal data on behalf of the Company. By giving personal information for processing, the Company guarantees that the same security measures will be applied to them. This process is monitored by an agreement on the processing of personal data.
- Agreement. The Company must evaluate the security guarantees provided by the handler before it can submit personal information to processing. Only when it is established that he meets all the requirements will a written agreement be concluded with him.
- Disclosure of personal data by other operators. Before transferring personal data, the Company must ensure that the operator complies with security measures. Especially since she is responsible for the legal disclosure of personal data. If the operator is located in a country that cannot provide the necessary level of protection of personal data, their translation can only take place if the Company takes all security measures. For this purpose it enters into a transfer agreement with the operator.
- Rights of a data subject.
- When receiving data from individuals, the company is obliged to inform them of:
- The purpose of processing personal information and its legal basis;
- Categories of personal data;
- Legitimate interests of the Company if the basis for processing is a balance of interests;
- The recipient of personal data or the category of recipients;
- Transfer of personal data to a third country if necessary;
- The time period within which the Company will retain the personal data or criteria of that period;
- Right of access to personal data to remove, correct or restrict the right of processing;
- Right to withdraw consent to the processing of personal information at any time;
- There is a right to file a complaint against the Company with the appropriate authority;
- The need to provide personal information and the consequences of not providing it;
- Automated processing, logic information and the expected effects of processing;
- Right of access. A natural person whose personal data are processed by the Company is entitled to receive a confirmation as to whether his personal data are being processed and which.
- The right to change. Each individual has the right to change, correct and update his or her personal data.
- The right to oblivion. The subject of personal data has the right to have it removed, unless contrary to the law.
- The right to restrict the processing of personal data. The subject of personal data may restrict the processing of his personal information if this is permissible.
- The right to transmit personal information. The subject has the right to obtain personal information in an accessible and understandable format.
- Right to object. At any convenient time, the subject of the processed data may object to processing if it is based on a balance of interests, including profiling.
- All requests from the personal information subject shall be reviewed and responded to by the Company within 30 days of receipt of the request.
- Removal of personal data. The company removes personal data of customers when there is no longer a legal basis for their storage and processing.
- Security of personal information.
- The Company undertakes to take all organizational and technical measures to ensure the security of personal data of clients.
- After assessing the security level provided, the client’s account must be accepted taking into account all processing risks.
- In processing the personal information of clients, the Company is guided by legal measures to protect personal information. These include:
- Monitoring and processing of personal security threats through information systems;
- Application of all measures available in information systems to ensure the necessary level of safety;
- Implement all relevant procedures to assess the adequacy of personal data protection;
- Assessment of compliance with modern standards and of the effectiveness of measures taken to ensure an adequate level of security of personal information prior to the use of an identity information system;
- Detecting and taking appropriate action against unauthorized access by third parties to their clients' personal data;
- Recovery of information about customers that has been destroyed or altered as a result of unlawful acts;
- Establish rules for access to the personal data of clients, which will be processed by the Personal Information System and ensure that the actions that will be carried out with this information are recorded in the Personal Information System;
- Ensure that measures are in place to ensure an adequate level of security of personal information as well as a personal information system;
- Recording of all available personal information media;
- Monitor the actions of all those who have access to personal information and, if they violate personal security standards, conduct the necessary proceedings. The operator shall not be liable for the actions of third parties who have obtained access to the customer’s personal information by unlawful means, or for the consequences of such actions.
- The User shall at any time have the right to address a question to the Company concerning the security policy of personal data as well as their processing.
- Cooperation between the company and third parties
- The company does not transmit the personal information of its customers to third parties unless the law or the subject so requires.
- The company considers personal information to be valuable and therefore protects it in every possible way.
- The company’s website may contain links to third-party resources that are published for informational purposes only. These sites are not subject to this Policy. In order to interact with them, please refer to the Privacy Policy for Personal Information, which is set out on these sites, and only then decide to transmit their personal information to the Administration of these resources.
- Information about the activity of the client, subject of personal data, on the Company’s website (traffic), as well as information passing through the Internet or e-mail of the client, will be protected in accordance with the current legislation. In this way the Company will not violate the client’s privacy on its website.
- Interaction of Company Site and other resources.
- The company’s website, which is used by the client, may contain third-party Web resource codes, and as a result your personal information may be obtained by third parties. In this way they will be able to process the personal information of the Company’s clients transmitted by their browsers. These Internet resources may be:
- Special plugins for different social media;
- Special display systems.
- The company uses these services to analyze its resource visits, user activity, viewing depth and other important information.
- If the Company’s client does not want these services to be able to access his personal information, he may also withdraw from his profile or account and also clear the cookie.
- Conditions of access of third parties to personal information of the Company’s customers.
- The manner of access of third parties to the personal data of the clients of the Company is determined by their consent and the requirements of the legislation. The customer may obtain information about himself from any company involved in processing personal information, provided that he provides the necessary information about himself or the necessary documents.
- The information about the client can be obtained from the Company absolutely free of charge. However, it is not permissible to delay the receipt of this information. Restrictions may only be imposed on access to third-party information if it cannot be provided within thirty days of the receipt of the application.
- The cumulative period for the resolution of the matters which are the subject of the request may not exceed 45 days.
- The stay must be communicated in writing to the third persons, to whom the application is addressed, explaining the possibility of appealing the decision.
- An appeal against a decision to refuse access to personal data or a stay may only be lodged in a court of law.
- Settlement of disputes
- To ensure the security of the premises where the information system is located, as well as its protection against unauthorized entry by third parties who do not have the right to be present in the premises.
- The Head of Company issues a document defining the list of employees who have access to the personal information of the clients, as well as training them to perform the operations necessary for processing the personal information of the clients in the information systems.
- Assign a person to handle the personal information of clients.
- Develop documents that will regulate the processing of personal data and how to protect them, and identify and prevent violations of the law.
- Establishment of monitoring activities.
- Monthly monitoring of customer identity processing.
- Monthly monitoring of personal data protection.
- Weekly control of antivirus protection.
- Conduct all internal checks that can detect changes and irregularities in the treatment of clients' personal data.
- Keeping documents up to date.
- Use of all means of protection of personal information that are in accordance with the law where they are necessary to prevent threats.
- In the event of a dispute between the Company and the customer, a written claim or proposal for a peaceful settlement of the dispute must be submitted.
- Within thirty days of receipt, the Receiver of the Claim must notify the Claimant of the outcome of the review of the Claim.
- If no agreement has been reached on the peaceful settlement of the dispute, it will be referred to the court under the current law.
- Input and withdrawal of funds.
- Inputs and withdrawals are possible through different payment systems:
- Bank transfers. Approved withdrawals are processed within 24 hours. In some cases, however, the client will have to undergo additional checks, such as a call from the Company, to approve such requests.
- ACH-transfer. In order to obtain withdrawal of funds in this way, an account must be opened in the name of the client in the USA bank. In doing so, the bank must accept such transfers. Withdrawal in this way is possible only in United States dollars.
- Electronic transfer. The client will have to allow the financial institution to write off funds from its IBKR account. Such a request will be made automatically.
- Canadian EFT translation. In order to make such a transfer in Canadian or United States dollars, the Client must have an account in the Bank of Canada that allows for such transactions.
- The European SEPA payment system. To carry out such transfers, the Client must open an account with one of the European banks. Withdrawal is possible only in Euro.
- The local currency of the client. Small amounts can be drawn in the local currency of the client. However, this withdrawal takes longer.
- Bank transfer to a third party account. The client may order a cashless transfer from his account to a third party. The timing of a request for such transfers may vary depending on the account to which it is made.
- Repeated transactions. The client can also configure duplicate transactions at a certain time interval. Such transfers are made as soon as possible. If the transaction date falls on the weekend, the program will process the transaction on the day before that date.
- Visa and Mastercard cards. You can also enter and exit funds via popular bank cards. At the same time, the Client can configure automatic money withdrawal on these cards.
- Money, MuchBetter, ecoPayz, PayPal, Instant eChecks, INSTADEBIT. Input and output of funds is also possible through popular payment systems. Automatic transfer of money to these systems is also possible.
- Sending a request for withdrawal of funds. This procedure is carried out in the Client’s private office. To do this, press the button «Withdrawal of funds», specify the amount and payment system. Once the withdrawal application is approved, it will proceed in this manner. No liability is incurred by the Company for problems with payment systems or bank accounts. After the transaction is executed, an email will be sent to the Client’s e-mail. The client will have to check the correctness of the information and confirm the transaction.
- Timing of processing of withdrawal requests.
- The transfer of funds to cards that do not exceed the amount of the last deposit is processed automatically. The funds will then be credited within 3 to 10 working days.
- Requests over the last deposit are processed within one hour. The money is then credited within 3 to 10 working days.
- Withdrawal requests through payment systems not exceeding the last deposit are processed immediately and credited within a few minutes.
- Withdrawal requests for payment systems exceeding the amount of the previous deposit are processed within one hour and credited within a few minutes.
- Withdrawal requests through bank transfers are processed within one working day. Admission to the account takes place within 3 to 5 working days.
- In some cases, the Company may require additional information from the Client to approve the withdrawal.
- In some cases, payment may be delayed for the purpose of checking or terminating the stock to avoid fraud.
- Exchange of currencies. For exchange of currencies, the Company uses the average market rate relevant at the time of exchange. This rate is displayed in the exchange window. The Company charges a small fee for the exchange.
- Changing Policy environment.
- The present version of the Policy is available at.
- The Company reserves the right to unilaterally modify or supplement this Policy.
- The new version of the Policy shall take effect as soon as it is published on the Website, unless otherwise provided for in the new Policy.
- All questions and suggestions regarding this Policy should be reported on the website in the special section «Feedback».
- All claims must be sent to.