How to contact us
If you need to contact us, you can do so by emailing us at firstname.lastname@example.org. We will communicate with you in English.
The information we hold about you
We collect the following types of information when you sign up for a Zumo account, use our services and interact with us:
- Personal details like your name, address and date of birth.
- Contact details like your email address and phone number.
- Information about your identity, such as a copy of your ID document and a liveness video of yourself.
- Information on your device and location, such as your device ID, operating system and IP address.
- Information you give us through our customer support channels, such as when you contact us by email or through social media.
- Details about transactions relating to your Zumo account.
- Details about how you use our app.
- Information and answers you give to us, such as when completing a feedback survey or entering a promotion we are running.
We collect the following types of information from other sources
When you sign up for a Zumo account we perform checks at:
- Credit reference agencies to verify the identity information you have provided to us, as part of complying with our legal duties. These checks consist of a ‘soft search’ and do not impact your credit score.
- KYC (Know Your Customer) and AML (Anti Money Laundering) service providers, as part of complying with our legal duties.
For more information about who we share data with please see ‘Who we share your data with and why’ below.
We may also collect information about you from public sources for AML reasons, such as official public records or information published by the press or on social media.
We collect the following types of information, on occasion, from third parties where you have given your prior consent for them to share the information with us, for the purpose of participating in promotional events:
- Personal details like your name and Zumo username, if you already have one.
- Contact details like your email address and phone number.
How and why we use your information
We’re required to have a lawful basis for using your personal data. This means one of the following must apply: contractual duty, legal duty, legitimate interest, public interest, vital individual interest or consent. This section explains which one we rely on when we are using your data in a certain way.
This is when we need to use your data for a contractual duty we have with you, or to enter into a contract with you.
We use information about you to:
- Consider your application for a Zumo account to assess whether it meets our terms and conditions.
- Give you the services we agreed to in line with our terms and conditions.
- Send you messages about your account and other services you use if you get in touch, or we need to tell you about something.
- Exercise our rights under contracts we’ve entered into with you, like managing, collecting and recovering money you owe us.
- Investigate and resolve complaints and other issues.
This is when we need to use your data to comply with a legal duty. We use information about you to:
- Confirm the identity information you have provided when you sign up or get in touch.
- Checking the identity information you have provided to us against records at anti-money laundering and data bureaus.
- Monitor activity to prevent illegal acts like money laundering and fraud.
- Keep records of information we hold about you and your account in accordance with legal requirements relating to record keeping.
- Comply with financial laws and regulations (these mean we sometimes need to share customer details with regulators, law enforcement or other third parties).
We use your data for our legitimate interests, or those of a third party. This means using data in a way that you might expect us to, for a reason which is in your and/or our (or a third party’s) interest and which doesn’t involve overriding your privacy rights. The situations where we do this are set out below.
i) Product development and marketing. We:
- Tell you about products and services through the app or other channels based on how you use our products and services.
- Track and analyse how you use the services so we can and improve the services we give you and other customers. We may ask for feedback if you’ve shown interest in or used a particular aspect of our service. We do this so that we can make our products better and understand how to market them.
ii) Security and business management. We:
- Protect the rights, property or safety of us, our customers or others.
- Carry out security and maintenance checks to make sure our app, website and other services run smoothly for you.
- Manage our business risk, financial affairs (including to enforce or apply any agreement with you or our suppliers) and to protect the rights, property and safety of us, our staff, our customers and others.
iii) Companies that give services to us. We:
- Share your information with companies so they can help us provide our services (see ‘Who we share your data with and why’ below).
We ask for your consent to:
- Send you certain types of marketing, such as that by email or push notification.
- Show your profile picture in the app if you add one.
You can withdraw your consent at any time by unsubscribing from such marketing, or deleting your profile picture in the app.
The nature of cryptoassets and blockchain
Your Zumo account includes a cryptoasset wallet which is non-custodial. Transfers to and from your cryptoasset wallet take place directly on the blockchain for that cryptoasset. The blockchain is a publicly viewable ledger. This means your transactions can be identified and viewed from this ledger. This is a design feature of the blockchain and Zumo has no control over this.
You can choose to keep your address hidden in the app, but this will not necessarily stop it from being identifiable to others. For example, if a Zumo contact sends you Bitcoin, that contact can look at their transaction on the blockchain to identify the address (i.e. your address) it was sent to and use that to look at your other transactions. Similarly, if you give your Zumo wallet address to a friend so they can send Bitcoin to it, they can also use your address to look at your transactions on the blockchain.
Who we share your data with and why
Companies that provide services
We share your data with companies that help us provide the services you use and which need to process details about you for this reason. These are:
- Our e-money account, payment provider and card issuer, which is Modulr. Here is a link to Modulr’s privacy notice that will also apply to you – https://www.modulrfinance.com/privacy-policy
- Data storage providers, which include Amazon Web Services, Google Cloud, and Very Good Security.
- Our open-banking service provider that helps us comply with regulatory obligations in this area, which is Salt Edge.
- Software companies that we use to send and receive communications with you to provide our customer support (Zendesk) and to send communications (such as legal, service and marketing) by email (Force24).
- Our KYC and AML service providers that help us comply with our regulatory obligations.Companies involved in making and dispatching our Zumo cards.
- Companies that help us with software development and functional analytics (for example to help us solve technical issues with the app).
- Companies that help us with marketing.
Law enforcement and other external parties
We may share your details with:
- Authorities that stop financial crime, money laundering, terrorism and tax evasion when we have a legal duty to do so, or if it’s necessary for other reasons.
- The police, courts or dispute resolution bodies if we have to.
- Other banks to help trace money if you’re a victim of fraud or other crimes or if there’s a dispute about a payment.
- Any other third parties where necessary to meet our legal obligations.
How long we keep your information
We’re required to keep most of your data for as long as you are a Zumo customer and then for at least 5 years after that time. This is a regulatory requirement which means this period of time can change to stay in line with any change in regulations. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to for a legitimate interest and/or the law says we have to.
To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
You have a right to:
- Access the personal data we hold about you, or to get a copy of it.
- Make us correct inaccurate data.
- Ask us to delete your data. This can sometimes be a limited right where our other duties prevent us from doing so. For example, if you asked us to delete your identity and transaction data, we would not be able to do this, as we have a legal duty to keep it under anti-money laundering regulations (see the section ‘How long we keep your information’).
- Say no to us using your data for direct marketing and in certain other ‘legitimate interest’ circumstances.
- Withdraw any consent you’ve given us.
- Ask for a copy of your personal data in a portable (machine-readable) format or make us send it to someone else.
To do any of these things, please contact us by emailing email@example.com.
Where we store or send your data
We may transfer and store the data we collect from you to organisations outside the UK. When we do this we make sure your data is protected. We also make sure it is either a country that the UK states has adequate data protection standards, or we have European Commission approved standard contractual clauses in place with the relevant organisation.
How to make a complaint
If you have a complaint about how we use your personal information, please contact us by emailing firstname.lastname@example.org. We will communicate with you in English and you should let us know if any of your contact details change.
Complaints If you’re still not happy you can raise your complaint to the Information Commissioner’s Office (ICO). For more details please visit the ICO’s website at https://ico.org.uk/
Changes to this policy