Privacy policy
www.zenitfunding.com is committed to protecting the personal data of its Users. That is why we take every possible measure to protect the privacy of all visitors and Users of our Site www.zenitfunding.com (the "Site").
Users will find below all the provisions regarding the processing of personal data applicable during any visit to or use of the Site by the Users.
Table of Contents
Article 1 – General Provisions
Article 2 – Processing of Personal Data Not Requiring User Consent
Article 3 – Processing of Personal Data Requiring User Consent
Article 4 – User Rights
Article 5 – Location, Storage, and Retention Period of Personal Data
Article 6 – Responsibility of the Company and Its Subcontractors
Article 7 – Miscellaneous
Article 1 – General Provisions
The Company processes the personal data of Users of the Site for the purposes and within the limits of the Privacy Policy during any visit or use of the Site. The Company ensures compliance with applicable laws and regulations, particularly with Regulation (EU) 2016/679 of April 27, 2016, regarding the protection of individuals concerning the processing of personal data (the "GDPR"). By accessing the Site, Users are presumed to have read and accepted the Privacy Policy. They guarantee that the data and information provided to the Company are accurate.
Article 2 – Processing of Personal Data Not Requiring User Consent
2.1. Obligations of the Company
The Company is obliged, under the legal and regulatory obligations to which it is subject, and for the purposes of authenticating and enabling Users to use the Site, to process the following personal data for the purposes described below. This processing of personal data carried out by the Company does not require the consent of Users under Article 6.1(b) and (c) of the GDPR. The personal data provided by the User is recorded in a register, as described in Article 7.1, which is controlled and remains at all times under the responsibility of the Company.
Type of Data
The personal data processed are as follows:
- Name, first name(s), date of birth, language, gender, home/postal address, National Register Number (or identity card number or passport), email address, landline or mobile phone number;
- Banking data used when subscribing to the Subscription;
- Copies of personal documents for User authentication, such as a photo of the identity card, a bank statement, proof of deposits, or any other document that proves the User’s residence;
- Browsing and activity histories of the User on the Site, including connections (browser data, IP address), notably via cookies;
- Any other information exchanged between the Company and the User, particularly via email or live chat, during the User's registration or use of the Services offered on the Site.
Data Processing
Processing consists of collecting, recording, storing, consulting, organizing, using, reconciling, or any other operations made necessary or useful under the legal and regulatory provisions described in Article 2.1(c). Processing may also consist of transferring personal data:
- To judicial and administrative authorities;
- To the Company’s suppliers, whose services are inseparable from the use of the Site, and whose list is available upon request from the Contact mentioned in Article 7.5.
Purposes of Data Processing
The Company also processes the personal data referred to in Article 2.1(a) for the purposes of authenticating Users and allowing them to access and use the Site. This processing is thus carried out to ensure:
- The management of User registrations and Accounts;
- The provision of Services;
- Information for the User regarding the services offered by the Company;
- Customer service management, including support and risk and fraud services;
- Promotion, advertising, and marketing related to the offering of new Services, including sending SMS, phone calls, and paper or electronic newsletters;
- Conducting satisfaction surveys, statistical studies, trend analyses, and market studies for the purpose of improving Services or informing Users.
Article 3 – Processing of Personal Data with User Consent
By using the Site, the User freely, specifically, clearly, and unequivocally expresses their consent for the Company to process personal data in accordance with the GDPR, within the limits and for the purposes defined below and without prejudice to the data processing referred to in Article 2. The personal data provided by the User is recorded in a register, as described in Article 7.1, which is controlled and remains under the responsibility of the Company. The User also benefits from rights, including the right to withdraw their consent at any time, according to the modalities defined in Article 3.4.
3.1. Type of Data
The data processed by the Company are as follows:
- Name, first name(s), date of birth, language, gender, home/postal address, National Register Number (or identity card number or passport), email address, landline or mobile phone number;
- Banking data used when subscribing and paying for the Subscription;
- Copies of personal documents for User authentication, such as a photo of the identity card, a bank statement, proof of deposits, or any other document that proves the User’s residence;
- Browsing and activity histories of the User on the Site, including connections (browser data, IP address), notably via cookies;
Any other information that may be exchanged between the Company and the User, particularly via email or live chat, in the context of the User's registration or use of the Services offered on the Site.
3.2. Data Processing
Processing consists of the collection, recording, storage, consultation, organization, use, and reconciliation of the personal data described in Article 3.1. It also involves the transfer of this personal data to third parties, the list of which is available upon request from the Contact referred to in Article 7.5.
3.3. Purposes of Data Processing
The personal data are collected and processed by the Company for the following purposes:
- Promotion, advertising, and marketing, including affiliation and management of loyalty programs related to the offering of Services, including sending SMS, phone calls, paper or electronic newsletters, not falling under Article 2.2(c);
- Participation in contests and promotional offers, including communication related to Users;
- Development of new Services;
- Conducting satisfaction surveys, statistical studies, trend analyses, and market studies for management, marketing, and reporting purposes, including profiling, not falling under the purpose described in Article 2.2(c).
Article 4 – User Rights
Without prejudice to Articles 2 and 5 of this Privacy Policy, Users have the right to exercise the rights of rectification, opposition, and limitation, according to the following terms and limits:
4.1. Right of Access
The Company provides Users with all the following information:
- The identity and contact details of the data controller;
- The contact details of the data protection officer;
- The personal data processed;
- The purposes of the processing for which the personal data are intended, as well as the legal basis for the processing;
- The recipients or categories of recipients of the personal data, if applicable;
- If applicable, whether the data controller intends to transfer personal data to a country outside the European Union and: either the existence (or absence) of an adequacy decision made by the European Commission or, in the absence of such a decision, the guarantees provided by the third country and the means implemented to obtain a copy of the personal data;
- The possibility to object to automated processing of their data, such as profiling, unless legitimate grounds make this processing necessary by the Company, as well as the possibility to object to any processing of their personal data for marketing purposes.
Users are entitled to obtain a copy of the personal data being processed. The Company reserves the right to charge for any costs incurred by this request; these costs will be calculated based on the administrative expenses incurred by the request and will not exceed 20 euros.
Users have the right to obtain, in a structured format, this access or said copy, in such a manner that the personal data are provided to them in a format compliant with the technical standards in effect at the time of the access request; this format will thus allow machine readability.
4.2. Right of Rectification
The Company guarantees and obliges Users to update and rectify the personal data concerning them whenever such data are inaccurate or incomplete. This right of rectification can be exercised upon request to the Contact mentioned in Article 7.5.
4.3. Right to Object
The Company allows Users to object to the processing of all or part of their personal data for the following reasons:
- Their data is inaccurate;
- The processing is no longer necessary for the purposes for which the data were collected;
- The User withdraws their consent;
- The data have been processed unlawfully.
The Company also allows Users to object:
- To automated processing of their data, such as profiling, unless legitimate grounds make this processing necessary by the Company;
- To any processing of their personal data for marketing purposes, including profiling, if it is related to such marketing.
4.4. Right to Erasure
The Company further commits to respond to any request for the erasure of personal data as soon as possible (right to erasure), when:
- The processing is no longer necessary for the purposes for which the data were collected;
- The User withdraws their consent;
- The data have been subject to unlawful processing or must be erased under a legal obligation.
- The User opposes the automated processing of their data, such as profiling, and there are no legitimate grounds for the Company to justify this processing.
- The User opposes the processing of their personal data for marketing purposes, including profiling, if it is related to this marketing.
4.5. Right to Limitation
Users also have the right to request that the Company limit the processing of their personal data when:
- The User believes that their personal data is inaccurate, and this limitation is necessary while the Company verifies its accuracy;
- The processing is unlawful but the User does not wish to erase the data and instead requests a limitation of processing;
- The User opposes automated processing, including profiling, or the processing of their personal data for marketing purposes, and it is necessary to verify the legitimacy of the grounds on which the Company intends to maintain this processing;
- The Company no longer needs the processed personal data, but the User wishes for it to be retained for the establishment, exercise, or defense of legal rights.
4.6. Transfer of Personal Data to Another Data Controller
Users are permitted to transfer their personal data to another data controller without the Company obstructing this. Provided that such transfer is technically feasible, Users are allowed to request the Company to facilitate this transfer directly by its data controller.
4.7. Procedures
The rights recognized by the Company to the User must be exercised according to the procedures defined in Article 7.5.
4.8. Notification
The Company will notify the User of any deletion or rectification of data in accordance with Articles 4.2 and 4.4, unless such notification proves impossible or imposes disproportionate efforts.
Article 5 – Location, Storage, and Retention Period of Personal Data
The Company retains Users' personal data in a form that allows for identification and availability, using appropriate and secure means. Users' personal data is stored in Belgium by the Company for the purposes defined in Articles 2 and 3, which presents the necessary and useful security guarantees according to current technical standards.
Personal data is retained for a period of 10 years for all purposes governed by Article 2(a). Personal data is retained for a duration not exceeding what is necessary to achieve the purpose of processing for all purposes governed by Articles 2.2 and 3. The data is then deleted from the Company's files upon request from the Users directed to the Contact mentioned in Article 7.5.
Article 6 – Responsibility of the Company and its Subcontractors
The Company commits to ensuring that the processing of Users' personal data is carried out lawfully, fairly, and transparently with respect to the affected User. All processing by the Company is in compliance with the requirements of the GDPR and this Privacy Policy.
The Company implements all reasonable and appropriate measures to ensure the confidentiality, integrity, and availability of the personal data it processes. Technical measures include, in particular, the anonymization and encryption of personal data, depending on the required purpose. Organizational measures include conducting internal audits.
Where appropriate, the Company, with the assistance of the data protection officer, conducts an impact assessment when processing is likely to pose a high risk to Users.
Users' personal data is not transferred to third parties other than the Company's suppliers and partners, except for the purposes described in Articles 2.1, 2.2, and 3, and therefore, if:
- The transfer is required by law, regulation, or injunction from an administrative or judicial authority;
- The transfer is necessary for the provision of Services, including maintenance services;
- The User has consented to such a transfer.
In the event that the Company acts as a subcontractor for the partner, it is agreed that the Company will only be liable for damage caused by processing personal data that is contrary to the GDPR or this Privacy Policy if the Company has not complied with the obligations under the GDPR that specifically apply to subcontractors or if it has acted outside of or contrary to the lawful instructions of the partner. Likewise, the Company's liability cannot be engaged if it proves that the act that caused the damage is not attributable to it.
The Company ensures that, when processing is carried out by a subcontractor on behalf of the Company, that subcontractor provides sufficient guarantees regarding the implementation of appropriate technical and organizational measures and, more generally, complies with The Company commits that, in the event of a security problem related to the processed data that may affect its confidentiality, it will notify the data protection authority mentioned in Article 7.4 as soon as possible. The Company will also inform the affected Users, provided that the breach of personal data presents a high risk to the rights and freedoms of the User; this information will be provided by email or mail to the contact details communicated by the User.
Article 7 – Miscellaneous
7.1. Register of Personal Data and Information Security Manual
As the data controller of personal data, the Company maintains a register of all its processing activities. This register contains all relevant information regarding the types of data processed, the individuals affected by the data processing, any potential recipients to whom this data may be communicated, the purposes for which the data is processed, the retention period of the data, and a general description of the technical and organizational security measures implemented. The personal data communicated by the User is recorded, as well as the processing activities and their purposes, in a register that is controlled and remains at all times under the responsibility of the Company. This register includes, in addition to the aforementioned information:
- A description of the purposes of the processing;
- A description of the categories of persons concerned and the categories of personal data;
- The categories of recipients to whom the personal data has been or will be communicated, including recipients in third countries or international organizations;
- The planned deadlines for the deletion of the various categories of data;
- A general description of the technical security measures.
7.2. Completeness – Modification of the Privacy Policy
The Privacy Policy contains all contractual provisions enforceable against Users, without prejudice to the general provisions contained in the General Terms and Conditions (CGU) of the Site, of which it is an integral part. The CGU of the Site therefore remain applicable for any matters not relating to the protection of personal data. The Company also reserves the right to modify the Privacy Policy. Any update will be enforceable against Users upon its publication on the Site. The Company will ensure that the date of publication of the current Privacy Policy on the Site is mentioned.
7.3. Evidential Value
The User acknowledges that the electronic documents exchanged and the electronic data collected in the context of their registration or use of the Site have the same evidential value as if these documents and data had been communicated or collected on paper. They therefore commit not to contest their force or evidential value due to their electronic format.
7.4. Data Protection Authority
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of individuals with regard to the processing of personal data and the Law of July 30, 2018, the User has the right to request additional information or file a complaint with the Data Protection Authority. The supervisory authority is the Data Protection Authority. Their contact details are:
- Address: Rue de la Presse, 35, 1000 Brussels
- Phone: +32 (0)2 274 48 00
- Email: contact@apd-gdba.be
7.5. Contact – Information Regarding the Identity of the Data Controller and the Data Protection Officer
The Site is operated by SRL Rhea Digital Partners, whose registered office is located at 231 Avenue Louise, 1050 Brussels, and registered with the Crossroads Bank for Enterprises under number 0764.873.605 (the "Company"). The Company can be contacted for any questions relating to the protection of personal data via:
- Mail: to the address of its registered office; or
- On the Site: www.zenitfunding.com
- Email: contact@zenitfunding.com