Last Updated: August 11, 2024
This Privacy Policy outlines how Golden Age Dev Lab Pte Ltd, operating under the name ZAR (hereinafter referred to as "we", "our", "us", or "ZAR"), collects, uses, transfers, and protects personal information related to your use of our Services and Platform. Our policy is designed to align with the Singapore Personal Data Protection Act (PDPA) and other applicable data protection regulations. We are committed to ensuring the transparent, lawful, and secure management of our Users' data.
This document explains the types of personal data we gather through our Platform and Services, our methods and reasons for collection, our purposes for its use, and the third parties with whom we may share it. Additionally, it outlines how you, as a data subject, can exercise your rights regarding your data.
Any modifications to this Policy (along with other policies, including our Terms of Service) will be communicated through our official channels on Telegram and LinkedIn, as well as directly on this page.
We strongly encourage you to read this Policy to understand the processes involving your data and your associated rights. For any questions related to this Privacy Policy, data collection and usage, data disclosure and sharing, or any other concerns or requests related to your data, please don't hesitate to contact us via the communication channels mentioned below.
To ensure clarity, we provide the following definitions used throughout this Privacy Policy:
Personal Data: Any information relating to an identified or identifiable individual. This includes details such as names, addresses, email addresses, identification numbers, and even IP addresses or cookie identifiers, as well as any information found online that may reveal your physical, genetic, mental, economic, cultural or social identity.
Data Subject: The individual to whom the personal data relates. In simpler terms, it's you or any other person whose personal information is being collected and processed.
Data Controller: The entity that determines the purposes and means of processing personal data. In this context, ZAR acts as the data controller.
Data Processor: An entity that processes personal data on behalf of the data controller. These include vendors and partners we collaborate with that process your data for purposes determined by us.
We have appointed a data protection officer ("DPO") to oversee inquiries regarding this privacy policy. If you have any questions or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise your legal rights as a data subject, please contact our Data Protection Officer at dpo@zarpay.app.
To provide our Services and offer our Products, we need to collect certain information about you.
This category encompasses the content and details you provide when using our Services and Platform. We do not request information about your racial or ethnic background, personal life, sexual orientation, political views, philosophical or religious beliefs, biometric or genetic data, or trade union membership. When you create your Account or request access to bank transfers/payment card services, we may request your contact information, including your full name, residential address, email address, and phone number. Additionally, to verify your identity in compliance with regulatory requirements, we may collect the following personal information:
Identity data
Full name, Date of birth, Gender, Nationality, Passport number, National registration identity card number
Contact data
Email address, Phone number, Physical address, Mailing address
Financial data
Bank account numbers, Credit card information, Income details, Tax identification number
Location data
GPS coordinates, IP addresses
Employment data
Employment details, Job titles and descriptions
Transaction data
Purchase history, Transaction amounts, Payment methods used
Usage data
Platform usage patterns, Session durations, Pages visited
Marketing data
Marketing preferences, Responses to marketing campaigns
User Account data
Usernames and account identifiers, User-generated content
If you contact us directly, we may request additional information such as your name, email address, residential address, phone number, and other relevant personal details. Whenever we ask for this information during communication, we will clearly explain the reasons behind it.
Our Services enable users to select their preferred payment method for executing Transactions via third-party financial institutions and payment service providers. We do not retain your financial account information; it is securely handled by the payment provider. Please note that these vendors may, in turn, collect and process your personal information for their own purposes and obligations.
In our continuous effort to provide seamless and comprehensive Services, we may obtain personal data from third-party partners and vendors. In case of such integration, the information collected by our partners is shared with us. We require our partners to have lawful purposes to collect, process, and use your data before sharing it with us. These third-party partners and vendors play a vital role in enhancing the functionality and utility of our platform. Here's how personal data from these sources may be used:
Payment Service Providers: We collaborate with third-party payment service providers to facilitate transactions with fiat currencies. In such cases, we may receive information you shared with these providers as part of your transactions. This information may include transaction history, account details, and other relevant financial data.
API Integrations: We may integrate with third-party APIs to provide you with certain features and services. These integrations allow us to access and retrieve specific financial data with your explicit consent. The data obtained through such integrations may include bank account information, transaction history, account balances, and other financial details.
Public Databases: We may obtain personal data from publicly available databases to enhance our Services and fulfill our legal and regulatory obligations. The information retrieved from these databases may include names, addresses, contact information, employment details, and other publicly accessible data.
Identity Verification Partners: To ensure the security and integrity of our Services, we collaborate with identity verification partners who provide us with access to specific personal data required for identity verification purposes. This data may comprise full names, address information, identification document images and data, personal identification codes, date of birth, citizenship, and other relevant identity-related data.
Financial Institutions: We may obtain personal data from financial institutions in compliance with the law and industry standards. This data can encompass financial transaction history, account balances, account details, and other financial information.
Blockchain Data: We may collect publicly available blockchain data to monitor and detect activities that may be illegal or against our terms of service. This data may include blockchain transaction details, wallet addresses, and other relevant blockchain information.
Marketing Partners, Advertisers and Analytics: In collaboration with marketing partners, we may collect personal data to better understand your interaction with our platform and services. This data aids us in refining our marketing strategies and offering you personalized recommendations.
Our collection, use, and sharing of your data are founded on various lawful bases, depending on the context. The following scenarios represent the circumstances in which we engage in data processing:
Consent: We process your data when you grant your explicit consent. This typically occurs when you have reviewed our data processing purposes and willingly agreed to them.
Performance of a contract: We process your information when it is essential for performing a contract with you. This encompasses situations where your data is required for processing and finalizing your orders or adhering to the terms of any other contractual agreement we have entered into with you.
Legal Obligation: We use your data when a legal obligation necessitates data disclosure. This occurs when compliance with legal requirements imposed by law or legal orders is mandatory.
Legitimate Interests: We may process your data when we have a legitimate interest that aligns with the operation and provision of our Services. This includes activities aimed at improving our Platform, maintaining proper security measures, and preventing illegal activities related to your data.
Here's a list of purposes for which we use your data and the lawful bases we invoke for its use:
Providing and Maintaining Services and Platform
Managing the operation and maintenance of our Services to ensure their functionality and availability
Performance of a contract
Payment Processing and Order Execution
Processing payments and executing Orders in compliance with market fairness, transparency, and competitiveness rules
Performance of a contract
Fraud Prevention
Detecting and preventing fund losses, including those resulting from fraud and misuse of our Services and Platform
Legitimate interest
Compliance with Laws and Regulations
Ensuring compliance with relevant laws and regulations, including anti-money laundering, terrorism financing, and fraud prevention
Compliance with a legal obligation, Performance of a contract, Legitimate interest
User Communication and Support
Communicating with you directly or through our partners for customer support, notifications, and marketing purposes
Performance of a contract
Service Improvement
Continuously improving the quality, performance, and features of our Services
Legitimate interest
Research and Development
Conducting research and development activities related to our Services
Legitimate interest
Identity data
Research and Development
Performing measurement and analytics to understand user interaction with our Services
Legitimate interest, Consent (if required)
Safety and Security
Promoting the safety, security, and integrity of your funds, our Services, and data
Legitimate interest, Performance of a contract
User Account Management
Managing user accounts, including account setup, recovery, and termination
Performance of a contract
Personalization
Tailoring user experiences based on preferences and behaviors
Legitimate interest, Consent (if required)
Third-Party Service Providers
Engaging third-party service providers for specific tasks such as payment processing
Legitimate interest, Consent (if required)
User Feedback
Collecting user feedback to improve our services
Performance of a contract, Legitimate interest, Consent (if required)
Record Keeping
Maintaining records for auditing, accounting, and compliance purposes
Compliance with a legal obligation
Partnerships and Collaborations
Sharing data with partners for joint initiatives or integrated services
Legitimate interest
User Education
Providing educational resources to enhance user knowledge
Legitimate interest
User Education
Using social media channels for advertising and customer support
Consent, Performance of a contract
We may share the information we collect with various third parties to support and enhance our business operations. Please be aware that certain service providers operate outside of Singapore. For detailed information on how your data is handled when shared with third parties outside Singapore, please refer to the Data Transfers Outside Singapore section below.
We collaborate with vendors and service providers who assist us in maintaining and optimizing our business. These service providers encompass a range of functions, including web and mobile analytics services, advertisers, IT partners, hosting and software providers, and sales and marketing products.
We may share your information with payment service providers to process your transaction and complete your order. Payment providers collect information expressly to process your transaction. For further details, please read the privacy policy of the respective payment service provider you use.
We utilize third-party identity verification services to ensure compliance with legal requirements and to uphold the safety, transparency, and lawfulness of your activities. Using our verification partners' services, we cross-reference the personal information you provide with the information in our databases and public records.
We may share certain information with advertisers who play a role in enhancing our Services. These advertisers assist us in delivering relevant content and promotions tailored to your interests.
To jointly deliver integrated services, promotions, or joint initiatives, we may share specific information with our trusted business partners in various fields.
We may share your information with law enforcement agencies and competent authorities in exceptional circumstances and as required by applicable laws and regulations. This is done to support investigations, maintain legal compliance, and ensure the safety and security of our Platform and users.
In the event of insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets or succession, your personal information may be disclosed to the new owner, acquirer or successor of the company or other relevant third parties.
At ZAR, we consider the security of your personal information paramount. We employ various technical, organizational, and administrative measures to safeguard your data against unauthorized access, disclosure, alteration, and destruction. These security measures may include:
While we take extensive measures to protect your data, it's also essential for users to play a role in their data security. We encourage you to:
If you ever have concerns about the security of your data, suspect any unauthorized activity, or would like to know the specific measures undertaken to secure your data, please don't hesitate to contact us via Telegram or LinkedIn.
We are committed to retaining your personal information only for the period necessary to fulfill the specific purposes for which it was collected. The retention periods may vary depending on the type of personal information and the purposes for which it was initially gathered. Here's an outline of our data retention practices:
Legal obligations
Stored for as long as legal requirements mandate
Marketing contact information
Retained only with your consent
Correspondence with us
May be retained for up to five years
Technical information
Retained for up to one year
Transaction history
May be retained for up to five years
Smart contract data
May be retained indefinitely on the blockchain
User preferences
Stored as long as necessary to maintain a personalized user experience
Error and debug logs
May be retained for up to three years
Consent records
Retained for as long as the consent is valid, plus five years after its withdrawal
Blockchain metadata
May be retained as part of the blockchain's permanent ledger
Security and Access Logs
May be retained for up to five years
As a User of our Services and Platform, you have certain rights regarding the personal data that we collect and use. These rights are designed to give you control and transparency over your data. The following are your rights as a data subject:
To exercise any of the rights outlined above or if you have any questions or concerns regarding the processing of your data, please contact our Data Protection Officer (DPO) at dpo@zar.com. Our DPO will assist you in addressing your data-related inquiries and ensuring that your rights as a data subject are respected and upheld.
You will not be charged a fee for accessing your data or exercising any of the above-mentioned rights. If your request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee. This fee, if applicable, will be based on the administrative costs associated with processing your request.
Under the PDPA, we are committed to responding promptly to legitimate requests regarding your data. We aim to respond to such requests within 30 days from the date of receipt. However, when the request is particularly complex or we have received a high volume of requests, we may extend this period as necessary.
As some of our business partners, vendors and service providers are outside Singapore, we may need to transfer your data to other countries.
We take stringent measures to ensure that such transfers are conducted in compliance with applicable data protection laws and that your data remains adequately protected. When transferring data to countries that may not have the same level of data protection as Singapore, we utilize appropriate safeguards such as standard contractual clauses or binding corporate rules.
We are committed to ensuring that all international transfers of your data are conducted with the utmost care and in compliance with relevant data protection regulations. If you have any questions or concerns about international data transfers or the mechanisms we employ to protect your data, please do not hesitate to contact our Data Protection Officer (DPO) at dpo@zar.com.
We may periodically update this Privacy Policy to reflect changes in our data processing practices and legal requirements or to improve transparency and clarity. When we make significant changes to this policy, we will notify you via our Platform and through our social media channels.