Both firms are Data Controllers for the personal information we each process, unless otherwise stated. If you need to contact us, you can do so by emailing us at:

• dpa@zumo.tech for website data processing.
• dpa@zumo.money for Zumo App related data processing. Using the form here will ensure you provide us with the minimum information we require.

We will communicate with you in English.

The information we obtain about you includes:

• Contact details, such as your name, email address and phone number.
• Information that you provide within your initial message and subsequent correspondence.
• Limited data analytics relating to the use of the website.
• If you were a ZumoApp customer, we will also hold personal information, that we are required to hold to fulfil ongoing regulatory obligations, such as:
  • Additional personal details like your address and date of birth.
  • Information about your identity, such as a copy of your ID document and a liveness video of yourself.
  • Details about transactions relating to your Zumo account.
  • Data collected from other sources to enable Zumo Financial Services to perform checks at KYC (Know Your Customer) and AML (Anti Money Laundering) service providers, as part of complying with our legal duties.

Zumo Technologies Limited

We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business. Most of the personal information we process is provided to us directly by you, for one of the following reasons:

• You have made an enquiry to us
• You have made an information request to us
• You are representing your organisation

We may from time to time collect and store personal information obtained indirectly. For instance,

• If someone from your company has contacted us about an enquiry and directed us to you
• If you have consented to a third party for them to share your details with us for potentially direct marketing

We may also obtain information about you which is publicly available on third party sites such as social media sites, website of the organisation for whom you work and websites of professional bodies of whom you are a member – in this capacity, you are a corporate subscriber*. The information we obtain from such sources may include details about the organisation for whom you work, your name and contact details and your professional specialisms.

• * Corporate subscribers: We do not intend to process information relating to sole traders and partnerships or send emails to addresses that disclose your full name, in the spirit of compliance with Data Protection and associated regulations.

Thereafter, if the interactions relate to contracts or potential contracts for work to be done by us, the we would consider the processing as necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract, and also (where appropriate) to comply with a legal obligation to which the controller is subject.

Zumo Financial Services Limited

We’re required to have a lawful basis for using your personal data. This means one of the following must apply: contractual duty, legal duty, legitimate interest, public interest, vital individual interest or consent, even after the closure of your Zumo App account. This section explains which one we rely on when we are using your data in a certain way.

Contractual duty

This is when we need to use your data for a contractual duty we have with you, or to enter into a contract with you. We use information about you to:

• Send you messages about your account and other services you use if you get in touch.
• Investigate and resolve complaints and other issues.
• Consider your application for a Zumo account to assess whether it met our terms and conditions at the time.
• Give you the services we agreed to in line with our terms and conditions, while they were available.
• Exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us. (No longer directly applicable, but we must continue to maintain records).

Legal duty

This is when we need to use your data to comply with a legal duty. We use information about you to:

• Confirm the identity information you have provided when get in touch.
• Keep records of information we hold about you and your account in accordance with legal requirements relating to record keeping
• Comply with financial laws and regulations (these mean we sometimes need to share customer details with regulators, law enforcement or other third parties).

Legitimate interest

We use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn’t involve overriding your privacy rights. The situations where we do this are set out below.

i) Security and business management. We:

• Protect the rights, property or safety of us, our customers or others.
• Carry out security and maintenance checks to make sure our app, website and other services run smoothly for you.
• Manage our business risk, financial affairs (including to enforce or apply any agreement with you or our suppliers) and to protect the rights, property and safety of us, our staff, our customers and others.

ii) Companies that give services to us. We:

• Share your information with companies so they can help us provide our services (see ‘Who we share your data with and why’ below).

The nature of cryptoassets and blockchain

The Zumo App may have facilitated access to an optional non-custodial cryptoasset wallet, we called it the Infinite wallet. While we may have helped you to set up an Infinite wallet via the Zumo App functionality, we have no access, and we will not be monitoring any future transactions to and/or from these wallets.

For your ongoing awareness, transfers to and from non-custodial cryptoasset wallets take place directly on the blockchain for that cryptoasset. The blockchain is a publicly viewable ledger. This means your transactions can be identified and viewed from this ledger. This is a design feature of the blockchain.

Website cookies

To help us develop and improve our website we collect information about how you use the site, using cookies (see Cookie Policy).

We will not share your information with any third parties for the purposes of direct marketing, unless you have consented to a third party for them to share your details with us for this purpose Cookies are used on this Platform to monitor visitors and the type of material accessed, for more details please see our Cookie Policy.

Zumo Technologies Limited will share information, to take steps at your request regarding complimentary 5MLD services that may be available to you, with Zumo Financial Services Limited.

We may use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. They cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

We will not sell your information to any third parties.

The period of time will differ depending on various factors, but in general:

• General enquiry records are held for 12 months.
• Pre-contractual interactions will be held for at least 2 years.
• Contractual interactions may be held for at least 6 years – this is a regulatory requirement which means this period of time can change to stay in line with any change in regulations.

You have a right to:

• Access the personal data we hold about you, or to get a copy of it.
• Make us correct inaccurate data.
• Ask us to delete your data. This can sometimes be a limited right where our other duties prevent us from doing so, but we will keep you informed if this is the case.
• Say no to us using your data for direct marketing and in certain other ‘legitimate interest’ circumstances.
• Withdraw any consent you’ve given us.
• Ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else.
• Complain (see below)

To do any of these things, please contact us (see section 1 for contact details).

You can unsubscribe at any time by contacting us (see section 1 for contact details) or clicking the unsubscribe link in our promotional emails.

We may transfer and store the data we collect from you to organisations outside the UK. When we do this we make sure the organisations we partner with uphold adequate data protection standards.

If you have a complaint about how we use your personal information, please contact us (see section 1 for contact details).

We will communicate with you in English and you should let us know if any of your contact details change. If you’re still not happy you can raise your complaint to the Information Commissioner’s Office (ICO).

For more details please visit the ICO’s website at https://ico.org.uk/

We’ll post any changes we make to this Privacy Policy on this page and if they’re significant changes we’ll let you know by email.