Privacy Policy

Last Updated: August 11, 2024

Introduction

This Privacy Policy outlines how Golden Age Dev Lab Pte Ltd, operating under the name ZAR (hereinafter referred to as "we", "our", "us", or "ZAR"), collects, uses, transfers, and protects personal information related to your use of our Services and Platform. Our policy is designed to align with the Singapore Personal Data Protection Act (PDPA) and other applicable data protection regulations. We are committed to ensuring the transparent, lawful, and secure management of our Users' data.


This document explains the types of personal data we gather through our Platform and Services, our methods and reasons for collection, our purposes for its use, and the third parties with whom we may share it. Additionally, it outlines how you, as a data subject, can exercise your rights regarding your data.


Any modifications to this Policy (along with other policies, including our Terms of Service) will be communicated through our official channels on Telegram and LinkedIn, as well as directly on this page.


We strongly encourage you to read this Policy to understand the processes involving your data and your associated rights. For any questions related to this Privacy Policy, data collection and usage, data disclosure and sharing, or any other concerns or requests related to your data, please don't hesitate to contact us via the communication channels mentioned below.

Definitions

To ensure clarity, we provide the following definitions used throughout this Privacy Policy:

  • Personal Data: Any information relating to an identified or identifiable individual. This includes details such as names, addresses, email addresses, identification numbers, and even IP addresses or cookie identifiers, as well as any information found online that may reveal your physical, genetic, mental, economic, cultural or social identity.


  • Data Subject: The individual to whom the personal data relates. In simpler terms, it's you or any other person whose personal information is being collected and processed.


  • Data Controller: The entity that determines the purposes and means of processing personal data. In this context, ZAR acts as the data controller.


  • Data Processor: An entity that processes personal data on behalf of the data controller. These include vendors and partners we collaborate with that process your data for purposes determined by us.

Data Protection Officer

We have appointed a data protection officer ("DPO") to oversee inquiries regarding this privacy policy. If you have any questions or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise your legal rights as a data subject, please contact our Data Protection Officer at dpo@zarpay.app.

Information We Collect

To provide our Services and offer our Products, we need to collect certain information about you.

Information You Provide

This category encompasses the content and details you provide when using our Services and Platform. We do not request information about your racial or ethnic background, personal life, sexual orientation, political views, philosophical or religious beliefs, biometric or genetic data, or trade union membership.
When you create your Account or request access to bank transfers/payment card services, we may request your contact information, including your full name, residential address, email address, and phone number. Additionally, to verify your identity in compliance with regulatory requirements, we may collect the following personal information:

Category

Examples (non-exhaustive)

Identity data

Full name, Date of birth, Gender, Nationality, Passport number, National registration identity card number


Contact data

Email address, Phone number, Physical address, Mailing address

Financial data

Bank account numbers, Credit card information, Income details, Tax identification number

Location data

GPS coordinates, IP addresses

Employment data

Employment details, Job titles and descriptions

Transaction data

Purchase history, Transaction amounts, Payment methods used

Usage data

Platform usage patterns, Session durations, Pages visited

Marketing data

Marketing preferences, Responses to marketing campaigns

User Account data

Usernames and account identifiers, User-generated content

Communications

If you contact us directly, we may request additional information such as your name, email address, residential address, phone number,
and other relevant personal details. Whenever we ask for this information during communication, we will clearly explain the reasons behind it.

Payment Information

Our Services enable users to select their preferred payment method for executing Transactions via third-party financial institutions and payment service providers. We do not retain your financial account information; it is securely handled by the payment provider. Please note that these vendors may, in turn, collect and process your personal information for their own purposes and obligations. 

Information from Third Parties

In our continuous effort to provide seamless and comprehensive Services, we may obtain personal data from third-party partners and vendors. In case of such integration, the information collected by our partners is shared with us. We require our partners to have lawful purposes to collect, process, and use your data before sharing it with us. These third-party partners and vendors play a vital role in enhancing the functionality and utility of our platform. Here's how personal data from these sources may be used:

  • Payment Service Providers: We collaborate with third-party payment service providers to facilitate transactions with fiat currencies. In such cases, we may receive information you shared with these providers as part of your transactions. This information may include transaction history, account details, and other relevant financial data.

  • API Integrations: We may integrate with third-party APIs to provide you with certain features and services. These integrations allow us to access and retrieve specific financial data with your explicit consent. The data obtained through such integrations may include bank account information, transaction history, account balances, and other financial details.

  • Public Databases: We may obtain personal data from publicly available databases to enhance our Services and fulfill our legal and regulatory obligations. The information retrieved from these databases may include names, addresses, contact information, employment details, and other publicly accessible data.

  • Identity Verification Partners: To ensure the security and integrity of our Services, we collaborate with identity verification partners who provide us with access to specific personal data required for identity verification purposes. This data may comprise full names, address information, identification document images and data, personal identification codes, date of birth, citizenship, and other relevant identity-related data.

  • Financial Institutions: We may obtain personal data from financial institutions in compliance with the law and industry standards. This data can encompass financial transaction history, account balances, account details, and other financial information.

  • Blockchain Data: We may collect publicly available blockchain data to monitor and detect activities that may be illegal or against our terms of service. This data may include blockchain transaction details, wallet addresses, and other relevant blockchain information.

  • Marketing Partners, Advertisers and Analytics: In collaboration with marketing partners, we may collect personal data to better understand your interaction with our platform and services. This data aids us in refining our marketing strategies and offering you personalized recommendations.

How We Use Your Data

Our collection, use, and sharing of your data are founded on various lawful bases, depending on the context. The following scenarios represent the circumstances in which we engage in data processing:

  • Consent: We process your data when you grant your explicit consent. This typically occurs when you have reviewed our data processing purposes and willingly agreed to them.

  • Performance of a contract: We process your information when it is essential for performing a contract with you. This encompasses situations where your data is required for processing and finalizing your orders or adhering to the terms of any other contractual agreement we have entered into with you.

  • Legal Obligation: We use your data when a legal obligation necessitates data disclosure. This occurs when compliance with legal requirements imposed by law or legal orders is mandatory.

  • Legitimate Interests: We may process your data when we have a legitimate interest that aligns with the operation and provision of our Services. This includes activities aimed at improving our Platform, maintaining proper security measures, and preventing illegal activities related to your data.

Here's a list of purposes for which we use your data and the lawful bases we invoke for its use:

Purpose

Description

Lawful Basis

Providing and Maintaining Services and Platform

Managing the operation and maintenance of our Services to ensure their functionality and availability

Performance of a contract

Payment Processing and Order Execution

Processing payments and executing Orders in compliance with market fairness, transparency, and competitiveness rules

Performance of a contract

Fraud Prevention

Detecting and preventing fund losses, including those resulting from fraud and misuse of our Services and Platform

Legitimate interest

Compliance with Laws and Regulations

Ensuring compliance with relevant laws and regulations, including anti-money laundering, terrorism financing, and fraud prevention

Compliance with a legal obligation, Performance of a contract, Legitimate interest

User Communication and Support

Communicating with you directly or through our partners for customer support, notifications, and marketing purposes

Performance of a contract

Service Improvement

Continuously improving the quality, performance, and features of our Services

Legitimate interest

Research and Development

Conducting research and development activities related to our Services

Legitimate interest

Identity data

Research and Development

Performing measurement and analytics to understand user interaction with our Services

Legitimate interest, Consent (if required)

Safety and Security

Promoting the safety, security, and integrity of your funds, our Services, and data

Legitimate interest, Performance of a contract

User Account Management

Managing user accounts, including account setup, recovery, and termination

Performance of a contract

Personalization

Tailoring user experiences based on preferences and behaviors

Legitimate interest, Consent (if required)

Third-Party Service Providers

Engaging third-party service providers for specific tasks such as payment processing

Legitimate interest, Consent (if required)

User Feedback

Collecting user feedback to improve our services

Performance of a contract, Legitimate interest, Consent (if required)

Record Keeping

Maintaining records for auditing, accounting, and compliance purposes

Compliance with a legal obligation

Partnerships and Collaborations

Sharing data with partners for joint initiatives or integrated services

Legitimate interest

User Education

Providing educational resources to enhance user knowledge

Legitimate interest

User Education

Using social media channels for advertising and customer support

Consent, Performance of a contract

How We Share Your Data

We may share the information we collect with various third parties to support and enhance our business operations. Please be aware that certain service providers operate outside of Singapore. For detailed information on how your data is handled when shared with third parties outside Singapore, please refer to the Data Transfers Outside Singapore section below.

Vendors and Service Providers

We collaborate with vendors and service providers who assist us in maintaining and optimizing our business. These service providers encompass a range of functions, including web and mobile analytics services, advertisers, IT partners, hosting and software providers, and sales and marketing products.

Payment Service Providers

We may share your information with payment service providers to process your transaction and complete your order. Payment providers collect information expressly to process your transaction. For further details, please read the privacy policy of the respective payment service provider you use.

Identity Verification Services

We utilize third-party identity verification services to ensure compliance with legal requirements and to uphold the safety, transparency, and lawfulness of your activities. Using our verification partners' services, we cross-reference the personal information you provide with the information in our databases and public records.

Advertisers

We may share certain information with advertisers who play a role in enhancing our Services. These advertisers assist us in delivering relevant content and promotions tailored to your interests.

Business Partners

To jointly deliver integrated services, promotions, or joint initiatives, we may share specific information with our trusted business partners in various fields.

Law Enforcement

We may share your information with law enforcement agencies and competent authorities in exceptional circumstances and as required by applicable laws and regulations. This is done to support investigations, maintain legal compliance, and ensure the safety and security of our Platform and users.

Transfers, Mergers and Acquisitions

In the event of insolvency, bankruptcy, acquisition, transfer of ownership, sale of assets or succession, your personal information may be disclosed to the new owner, acquirer or successor of the company or other relevant third parties.

How Your Data is Secured

At ZAR, we consider the security of your personal information paramount. We employ various technical, organizational, and administrative measures to safeguard your data against unauthorized access, disclosure, alteration, and destruction. These security measures may include:

  • Data Encryption
  • Access Controls
  • Employee Training
  • Data Backups
  • Incident Response
  • Blockchain Technology
  • User-Controlled Data
  • Smart Contracts
  • Cryptography
  • Data Minimization
  • User Education

While we take extensive measures to protect your data, it's also essential for users to play a role in their data security. We encourage you to:

  • Use strong, unique passwords for your accounts connected to the Platform
  • Enable multi-factor authentication when available
  • Keep your login credentials confidential
  • Regularly update your account information and review access permissions

If you ever have concerns about the security of your data, suspect any unauthorized activity, or would like to know the specific measures undertaken to secure your data, please don't hesitate to contact us via Telegram or LinkedIn.

Data Retention

We are committed to retaining your personal information only for the period necessary to fulfill the specific purposes for which it was collected. The retention periods may vary depending on the type of personal information and the purposes for which it was initially gathered. Here's an outline of our data retention practices:

Category

Examples (non-exhaustive)

Legal obligations

Stored for as long as legal requirements mandate

Marketing contact information

Retained only with your consent

Correspondence with us

May be retained for up to five years

Technical information

Retained for up to one year

Transaction history

May be retained for up to five years

Smart contract data

May be retained indefinitely on the blockchain

User preferences

Stored as long as necessary to maintain a personalized user experience

Error and debug logs

May be retained for up to three years

Consent records

Retained for as long as the consent is valid, plus five years after its withdrawal

Blockchain metadata

May be retained as part of the blockchain's permanent ledger

Security and Access Logs

May be retained for up to five years

Your Rights as Data Subject

As a User of our Services and Platform, you have certain rights regarding the personal data that we collect and use. These rights are designed to give you control and transparency over your data. The following are your rights as a data subject:

  1. Right to Access
  2. Right to Rectification
  3. Right to Erasure (Right to Be Forgotten)
  4. Right to Restriction of Processing
  5. Right to Data Portability
  6. Right to Object
  7. Rights Related to Automated Decision-Making and Profiling

Exercising Your Rights

To exercise any of the rights outlined above or if you have any questions or concerns regarding the processing of your data, please contact our Data Protection Officer (DPO) at dpo@zar.com. Our DPO will assist you in addressing your data-related inquiries and ensuring that your rights as a data subject are respected and upheld.

You will not be charged a fee for accessing your data or exercising any of the above-mentioned rights. If your request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee. This fee, if applicable, will be based on the administrative costs associated with processing your request.

Under the PDPA, we are committed to responding promptly to legitimate requests regarding your data. We aim to respond to such requests within 30 days from the date of receipt. However, when the request is particularly complex or we have received a high volume of requests, we may extend this period as necessary.

Data Transfers Outside Singapore

As some of our business partners, vendors and service providers are outside Singapore, we may need to transfer your data to other countries.

We take stringent measures to ensure that such transfers are conducted in compliance with applicable data protection laws and that your data remains adequately protected. When transferring data to countries that may not have the same level of data protection as Singapore, we utilize appropriate safeguards such as standard contractual clauses or binding corporate rules.

We are committed to ensuring that all international transfers of your data are conducted with the utmost care and in compliance with relevant data protection regulations. If you have any questions or concerns about international data transfers or the mechanisms we employ to protect your data, please do not hesitate to contact our Data Protection Officer (DPO) at dpo@zar.com.

Policy Changes

We may periodically update this Privacy Policy to reflect changes in our data processing practices and legal requirements or to improve transparency and clarity. When we make significant changes to this policy, we will notify you via our Platform and through our social media channels.