Latest Version: March 2025
1. About Ziglu
Ziglu (Ziglu or we, us, our) comprises multiple legal entities including, but not limited to, Ziglu Limited (Ziglu UK) and Ziglu EEA UAB (Ziglu EEA). The Ziglu company that provides you with a product or service will be responsible for processing your personal data for that product or service and is known as the ‘controller’ of your personal data.
If you are a customer resident in:
- the United Kingdom (UK) or Gibraltar, Ziglu UK is the primary controller of your personal data
- the European Economic Area (EEA), Ziglu EEA is the primary controller of your personal data
As the holding company of the Ziglu group, Ziglu UK is also a controller of the personal data processed by its subsidiary companies, including Ziglu EEA. Ziglu UK is registered with the UK data protection authority (the Information Commissioner’s Office (ICO)) under number ZA535689.
2. Scope and Applicability of this Privacy Notice
This Privacy Notice applies to all users of any domain under ziglu.io including the Ziglu website (www.ziglu.io), and the Ziglu app, including but not limited to customers, prospective customers and third-party service providers interacting with Ziglu. It outlines the manner in which Ziglu collects, processes, stores and protects your personal data in accordance with applicable data protection laws including, but not limited to, the UK Data Protection Act 1998 and the UK General Data Protection Regulation (UK GDPR), and the European Union General Data Protection Regulation (EU) 2016/679 (GDPR). This Privacy Notice also details your rights in relation to your personal data and how you may exercise them.
When we refer to 'personal data', we mean information which:
- we know about you (for example, we know when you make transactions via the Ziglu app)
- can be used to personally identify you (for example, a combination of your name and postal address).
3. What Personal Data Do We Collect?
We collect and process various categories of personal data, which may include, but is not limited to:
- Identity Data: Full name, title, date of birth and gender.
- Contact Data: Residential address (and previous addresses), email address and phone number.
- Financial Data: Bank account details, payment card details, crypto trading data, transaction history, employment status, industry you work in and annual income.
- ID Verification Data: Copies of your passport, ID Card, residence permit, driving licence or other government-issued identification documents, your image in a photograph or video form and facial scan data extracted from your photo or video (known as ‘biometric data’).
- Social Media Data: Social media usernames and profiles.
- Communications Data: Marketing preferences and communication settings.
- Support Data: Customer service and technical support inquiries.
- Technical Data: Device information, IP address and data collected via analytics providers such as Google Analytics.
- Transaction and Usage Data: Details of interactions with Ziglu products and services and transactions performed.
- Third-Party Data: Information obtained from service providers for identity verification, fraud prevention and payment processing.
- KYC and AML related information: Purpose and intended nature of the business relationship, PEP (Politically Exposed Person) status, information on expected activity/ spend, nature of activities and source of income.
In the case of peer-to-peer transactions, we process:
- Sender/Receiver Data: Contact information of individuals involved in transactions.
- Peer-to-Peer Contact Matching: Secure hashing technology ensures contacts are matched without exposing or storing personal contact lists.
4. How We Collect Personal Data
We use different methods to collect personal data from and about you including, but not limited to, through:
- Direct interactions: We collect data you provide when you fill in forms, correspond with us and use our app, including when you create an account with us or use any of our products or services, give us access to your other financial accounts (for example, through Open Banking), request marketing to be sent to you, enter a competition, promotion or survey or share information with us on social media and give us feedback or contact us.
- Automated technologies or interactions: As you use our app, we may automatically collect Technical Data about your equipment, actions and patterns by using cookies and other similar technologies. Further details are provided in our Cookie Policy.
- Third parties and publicly available sources: We collect personal data about you from various third parties and public sources including credit reference agencies, financial or credit institutions, official registers and databases, media stories (including social media), fraud prevention agencies and websites for enhanced due diligence checks, security searches and AML/ KYC purposes.
5. Lawful Bases for Processing Personal Data
Under UK GDPR and GDPR, we need to have a lawful basis for processing your personal data. At least one of the following must apply:
- Consent: We obtain your explicit consent before processing personal data for marketing and other purposes. You may withdraw your consent at any time via the Ziglu app or by contacting [email protected].
- Contractual Necessity: Processing of personal data is necessary to provide our services to you, execute transactions and manage user accounts.
- Legal Obligation: Processing of personal data is necessary for compliance with legal and regulatory requirements, including anti-money laundering and tax obligations.
- Vital Interests: We may share information about you externally (generally with law enforcement in an emergency) where processing of personal data is necessary to protect your or another person’s life.
- Public Interest: Processing of personal data is necessary to perform a task in the public interest or for official functions, for example, to prevent or detect unlawful acts or to support you if you are, or become, a vulnerable customer.
- Legitimate Interests: Processing of personal data is necessary for our legitimate interests or those of a third party, such as fraud prevention, customer support, service improvement and business operations, provided such interests do not override individual rights and freedoms.
6. How We Use Personal Data
Ziglu will only use your personal data where the law allows us to. The table below sets out examples of the lawful bases we rely on for various activities. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Purpose / Activity | Lawful Basis for Using your Personal Data |
Account Opening
| Consent Contractual Necessity Legal Obligation Public Interest Legitimate Interests |
Fraud Prevention | Consent Legal Obligation Public Interest Legitimate Interests |
Provision of Products and Services
| Consent Contractual Necessity Legitimate Interests |
Relationship Management
| Consent Contractual Necessity Legal Obligation Legitimate Interests |
Business Operations
| Consent Contractual Necessity Legal Obligation Legitimate Interests |
Content Management
| Consent Legitimate Interests |
Marketing
| Consent Legitimate Interests |
Product and Service Improvements and Recommendations | Legitimate Interests |
Legal and Regulatory Compliance
| Legitimate Interests Legal Obligations |
Customer Support
| Consent Public Interest |
7. Data Sharing and Third Parties
Ziglu shares your personal data strictly in accordance with legal requirements and with third parties who provide services that support its operations, including:
Name | Data Processing Purpose |
Other Ziglu Group Companies, acting as joint controllers or processors | Operational purposes |
Other Ziglu Customers | Peer-to-peer payments |
People or Companies that you transfer money to | Payments |
People or Companies that transfer money to you | Payments |
Government, Regulatory, Tax and Law Enforcement Authorities | Legal and regulatory compliance |
Fraud Prevention Agencies | Fraud prevention and financial crime detection |
Identity Verification and KYC/ AML Screening Suppliers | Identity verification and anti-money laundering compliance |
Banks, other Financial Institutions and payments networks, including Mastercard | Banking and payment processing |
Card Manufacturing Suppliers | Payment card creation and delivery |
Cryptocurrency Exchanges and Yield Providers | Cryptocurrency services |
Professional Advisers | Legal, accounting, insurance and consultancy services |
IT Services Suppliers | Cloud infrastructure, productivity and collaboration, analytics infrastructure |
Marketing and Advertising Suppliers | Marketing and advertising analytics, email and marketing communications |
Customer Service and Communication Service Suppliers | Customer support and communications |
All third-party providers are required to adhere to strict data security and confidentiality obligations in compliance with applicable data protection laws.
8. International Data Transfers
As Ziglu provides an international service, we may need to transfer your data outside the UK or EEA to enable us to provide our products and services or comply with global legal and regulatory requirements. Where data is transferred outside the UK and EEA, we ensure appropriate safeguards, including:
- Transfers to countries with adequacy decisions by the European Commission and ICO.
- Use of Standard Contractual Clauses (SCCs) approved by regulatory authorities.
- Implementation of technical and organizational security measures to safeguard personal data.
9. Data Security
Ziglu recognises the importance of protecting your personal data and we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have implemented strict information security and data protection policies and procedures and limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Ziglu operates procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
In accordance with the Ziglu Terms and Conditions, you are responsible for keeping your Ziglu account secure by keeping your password and PIN private. Do not share this information with anyone, as it may allow them access to your Ziglu account and personal data.
10. Data Retention
Ziglu retains personal data only as long as necessary to fulfill its legal, regulatory and business requirements as follows:
- Legal and Regulatory Retention: Personally identifiable information related to you and your transactions while you are a customer and, if you are a customer of:
- - Ziglu UK, for seven years
- - Ziglu EEA, for five years
following the end of the business relationship or the date of an occasional transaction, whichever is the later, either in paper or electronic form. Such retention periods may be extended for up to an additional two years upon a justified request from a competent authority.
- Inactive Account Data: Non-essential personal data is deleted or anonymised after two years of inactivity.
- Marketing Preferences: Consent is reaffirmed every three years.
- Peer-to-Peer Transactions: Recipient data is stored for 30 days to process payments.
Cookies and Analytics: Retained as per our Cookie Policy.
Anonymised data may be used indefinitely for research and statistical purposes.
11. Your Data Protection Rights
Under UK GDPR and GDPR, you have the following rights:
- Right to be Informed: To be informed about the collection and use of your personal data by Ziglu. This right is addressed by this Privacy Notice.
- Right of Access: To access and request copies of personal data held by Ziglu.
- Right to Rectification: To ask us to correct inaccuracies in personal data held by us.
- Right to Erasure: To request deletion of personal data under certain conditions.
- Right to Restriction: To limit the processing of data pending resolution of an objection.
- Right to Object: To object to our processing of your personal data where legitimate interests apply.
- Right to Data Portability: To request the transfer of your personal data to another service provider.
To exercise these rights, contact [email protected]. We will respond within the legal timeframe of one month.
12. Complaints and Contact Information
If you have concerns about our handling of your personal data, you may contact our Data Protection Officer (DPO) at [email protected].
For regulatory complaints regarding:
- Ziglu UK, you may contact the UK Information Commissioner’s Office (ICO) at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
- Ziglu EEA, you may contact the Lithuanian State Data Protection Inspectorate (LRV) at:
State Data Protection Inspectorate
L. Sapiegos str. 17
10312 Vilnius
Lithuania
Company
Contact
© Ziglu is the trading name of Ziglu Limited, a company registered in England and Wales. Registered address 1 Poultry, London, England, EC2R 8EJ. Company No. 09204810. Ziglu Limited is authorised by the Financial Conduct Authority under the Electronic Money Regulations 2011 (Firm Reference No. 900977). Ziglu Limited is registered with the Financial Conduct Authority under the Money Laundering Regulations for the promotions of crypto assets.