ZUPER GmbH uses the following EEA privacy policies

Valid from 25th May 2018

Introduction

Collection of Personal Data
Storage of Personal Data
Processing of Personal Data
Sharing of Personal Data
Collaboration with Other Services and Platforms
International Data Usage
Use of Cookies and Tracking Technologies
Your Privacy Choices
Your Rights
Protection of Your Personal Data
Use of Our Services by Minors
Other
Contact Us
Definitions

1. Introduction

The Privacy Policy gives you, the customer, an overview of how we collect, store, process, share, and transmit personal data when you use our services. This privacy policy applies to personal data that are relevant when you visit our websites or use our services; they do not apply to data related to online websites or services that are not owned or controlled by us. Websites or services of other ZUPER customers are also excluded.

The data protection principles do not constitute a "framework agreement" within the context of the EU Payment Services Directive (2007/64/EC) or otherwise implement this directive for the European Economic Area.

Their sole purpose is to provide our customers with information about our privacy practices and to identify what privacy options are available to you when you use our websites and services. Please note that the services we offer may vary by region. These privacy policies may be supplemented by additional communications depending on the pages and services involved. Additional information can be found in the Cookies and Tracking Technologies Statement.

We have defined terms that we use within the context of this privacy policy. The meaning of the terms can be found in the "Definitions" section.

Feel free to contact us if you have any questions about our privacy practices that are not answered in this privacy policy.

2. Collection of Personal Data

We collect personal information from you when you visit our pages or use our services. This includes the following information:

Registration and use information -- When you register to use our services by creating an account, we collect the personal data necessary to provide the services you request. Depending on the services you select, you may need to provide your name, address, phone number, email address, and other identifying information to help you set up an account. If necessary, we ask you to provide us with additional personal information when you use our services.

Transaction and experience information -- When you use our services or access our sites, device information, technical usage data, and location data.

Personal data of transaction participants -- When you use our services or access our sites, we collect personal data you provide us about other participants connected with the use of our sites.

Personal data about your friends and contacts -- We may be able to assist you better with transactions between your friends and contacts if you provide us with personal information such as your friend's name, email address, and phone number when you use our services. Alternatively, you can just link your contact list or friend list to your account. If you choose to link the data in your contact list on the device to your account and/or create an account link between a social media platform and your account, we will collect and use your contact list or friends list to improve our services.

Personal data that you provide to us to obtain additional services or specific online services -- If you request or use an optional website feature, or if you request advanced services or other advanced features, we may collect additional information from you. We will send you a separate notification at the time of collection if your personal information is used in a manner that differs from the uses disclosed in this privacy policy.

Personal data about you when you use our services as a guest -- Certain limited services are available without having to log into a ZUPER account or create an account. These services are also referred to as guest transactions. We collect personal information, information about accounts used to conduct a guest transaction, as well as device details, technical usage data, and location data so that we can conduct the requested guest transaction. If you own an account and make a guest transaction, we collect information about the transaction and associate it with your account as part of our compliance and analytics activities. If you are not an account holder and you are making a guest transaction, we will collect, store, and transmit all the information you provide to us as described in this privacy policy.

Personal data about you from third-party sources -- We receive third-party information, such as from traders, data providers, and credit bureaus, where permitted by law.

Other information we collect when you use our websites or services -- We may collect additional information from you or about you when you communicate with us, contact our customer support teams, or participate in a survey.

3. Storage of personal data

We retain personal data in an identifiable format for as long as legally required or necessary for our business purposes. We retain personal information for longer periods of time than is legally required if it is in our legitimate business interests and is not prohibited by law. When your account is closed, we may take steps to mask personal information and other information, but we reserve the right to retain and access the information for as long as required by applicable law. We will continue to use and disclose personal information in accordance with this Privacy Policy.

The cookies we use have fixed expiration times. If you visit our pages or use our services within these times, the cookies will be automatically deactivated and stored data will be deleted. For more information, see our Cookie and Tracking Technologies Statement.

4. Processing of personal data

We process your personal data for a variety of reasons, which are permitted under the data protection laws in the European Economic Area (EEA) and in Switzerland.

To operate the websites and provide the services, including to:

authenticate your access to an account
communicate with you regarding your account, pages, services, or ZUPER
create an account connection between your account and a third-party account or third-party platform
perform creditworthiness and other credit checks, evaluate applications, compare information for accuracy and verification purposes.
To manage our business needs, such as monitoring, analyzing, and improving the performance and functionality of sites and services. For example, we analyze user behavior and conduct research on the use of our services.
To manage risk and to protect our sites, services, and our customers from fraud by confirming their identity, and to help identify and prevent fraud and misuse of our sites and services.
To fulfill our obligations and enforce the terms of our sites and services. This includes compliance with all applicable laws and regulations.
To pursue our legitimate interests, including to:
enforce the terms of our sites and services;
manage our day-to-day business needs, such as monitoring, analysis; and
anonymize personal data in order to share comprehensive statistics that show how, when, and why ZUPER customers access our pages and use our services, with third parties such as other companies and the public.

With your consent:

To market to our customers by providing them with marketing materials about ZUPER products and online services as well as the products and services of unaffiliated businesses. We may also process your personal information in order to tailor certain services or pages to your interests.
To provide personalized services that we provide on websites and in third-party online services. We may use your personal information and other information we collect in accordance with this privacy policy to provide you with personalized advertisements, features, or offers on third-party websites. We may use cookies and other tracking technologies, and/or work with other third parties, such as advertising or analytics companies, to provide these online services.
To provide you with location-specific options, features, or offers, if you have decided to provide your location information through the services. We use this information to improve the security of sites and services, and to provide you with location-based services, such as advertising, search results, and other personalized content.
To help you find and connect with other people, we may use the information you share with our service to suggest connections to people you may know. For example, we may associate information that we have about you through your and your contacts’ use of our services, as well as information that you and others may provide to us, in order to suggest people to you that you may be aware of and want to contact using our services. Social functionality and features designed to simplify using our services with others vary by service.
To respond to your requests, for example, to contact you regarding a question you submitted to our customer service team.
You can revoke your consent at any time and free of charge. For instructions, see the "Your Privacy Settings" section.

5. Sharing of Personal Data

We may disclose your personal information or other information about you to third parties in various ways in accordance with this privacy policy. We may disclose your personal information or other information for the following reasons: With other members of the ZUPER Group: We may disclose your personal information to members of the ZUPER Group, including to provide the services you have requested or authorized to manage risks, to facilitate the detection and prevention of potentially illegal or fraudulent acts and other violations of our policies and agreements, and to manage the availability and connectivity of ZUPER products, services, and communications. With other companies that services to us: We share personal information with other service providers who perform services and functions on our behalf and on our behalf. These service providers, for example, provide services to you, verify your identity, assist us in processing transactions, send you advertising for our products and services, or provide you with customer support. With other financial institutions we have partnered with to develop or provide a product or service: We share personal information with other financial institutions with which we have partnered to develop and offer products. Without your explicit consent, these financial institutions may only use the information to market and offer ZUPER or related products. With the other parties to transactions when you use the services, such as other ZUPER customers and service providers: We may share information with the other participants to your transactions if you use their services. The information we share includes: personal data required to perform the transaction;
personal data required by other participants to the transaction to resolve conflicts and to investigate and prevent fraud; and anonymized data and performance analytics that help other providers better understand the use of our services and increase the satisfaction of ZUPER customers. With third parties for our business purposes or as permitted or required by law: We may, for business purposes, disclose information about you to third parties, or if the disclosure is permitted or required by law. This applies in the following cases: if we are required to comply with any law, legal process, or regulations,
to law enforcement agencies, other government officials or other third parties as a result of a subpoena, court order, or other legal process or request, if ZUPER or the ZUPER group is affected, if, in our sole discretion, we believe that disclosure of personal data is necessary or appropriate to prevent physical harm or financial loss, or to assist in investigating suspected or actual illegal activity, to protect the vital interests of a person,
to credit reporting agencies and data processors for reference for credit checks, fraud prevention, and compliance purposes, to investigate any violations of any user agreement or other legal provision applicable to our services, or to enforce such legal instruments; to protect our assets, services, and rights,
to facilitate a purchase or sale of all or part of the company,
in connection with shipping and similar services for purchases with one of our services,
to assess and manage risk and prevent fraud against us and our customers, as well as fraud related to our sites or services. This also includes fraud involving our business partners, strategic ventures, or other persons or traders, such as eBay Inc. to our banking partners as required by credit card associations rules for inclusion in the list of terminated traders,
to credit reporting and collection agencies,
to companies that we plan to merge with or be acquired by,
to support our audit, compliance, and corporate governance functions.
With your consent: We will also share your personal data and other information if you consent or instruct us to do so. This also applies in the event that you authorize a connection with a third-party account or platform. In addition, ZUPER may share aggregate statistical data with third parties, including other companies and the public, to inform how, when, and why users access our site and use our services. These data are not personally identifiable and do not contain information about your use of the sites or services. We do not share your personal data with third parties for their marketing activities without your consent.

6. Collaboration with Other Services and Platforms

An innovative advantage of ZUPER's services is that you can connect your account to a third-party account or platform. For the purposes of this privacy policy, an “account connection" with such a third party is any connection you authorize or enable between your account and any third-party accounts, payment instruments, or platforms that you lawfully control or own. When you authorize such a connection, your personal data will be exchanged directly between ZUPER and the third party. Examples of account connections:
You link your account to a social media account or social messaging service,
You connect your account with a data aggregation or financial services company if you provide such company with your account log-in credentials.
When you create an account association, we may receive information from the third-party about you and your use of the third-party’s service. For example, if you link your account to a social media account, we will receive personal data about you from the social media provider via the account connection. If you connect your account to other financial accounts, directly or through another service provider, we may have access to your account balance and transactional data. We use the information we receive from a third-party via an account connection only in accordance with the terms of this privacy policy.
Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party's privacy policy. Before authorizing an account connection, you should always review the privacy policy of the third-party that will gain access to your personal information via the account connection. For example, personal information that ZUPER shares with a third-party account or platform (such as a social media account) may, in turn, be disclosed to certain third parties, including the general public, depending on the privacy policy of the account or platform.

7. International Data Usage

Our business activities are supported by a network of computers, cloud-based servers, and other infrastructure and information technologies. This also includes other service providers. These parties may be located in countries other than you and outside the European Economic Area and Switzerland. In these countries, there is not always an equivalent data protection. We have taken certain steps in accordance with the EEA Data Protection Act to ensure the protection of your personal data. In particular, the transmission of your personal data within companies affiliated with ZUPER will be subject to the Binding Corporate Rules approved by the relevant regulatory authorities (29 of Directive 95/46 EC - Data Protection Directive). Other data transfers may be based on contractual safeguards. Please contact us for more information. If you conduct transactions with persons outside the EEA or Switzerland or connect our services with platforms, such as social networks, outside the EEA or Switzerland, we are obliged to share your personal data with these parties in order to make the requested service available to you.

8. How do we use cookies and tracking technologies?

When you visit our sites, use our services, or visit a third-party website for which we provide online services, we or our business partners or providers may use cookies and other tracking technologies (hereinafter collectively referred to as "cookies”) to identify you as a ZUPER customer and to customize your online experience, the services you use, as well as other online content and advertising, to evaluate the effectiveness of promotions and to perform analytics, to minimize risks, prevent possible fraud, and promote the trust and security associated with our websites and services. Some aspects and features of our services and websites are only available through the use of cookies. If you disable or decline cookies, your use of the Websites and Services may, therefore, be restricted or no longer possible. Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. We do not respond to DNT signals. Learn more about how we use cookies in our Cookies and Tracking Technologies Statement.

9. Your privacy choices

You have some choices regarding the privacy practices and communication described in this privacy policy. Most options will be explained to you when you sign up for or use a service, or when you use a website. You will receive instructions as you navigate the service or website.

Choices related to the collection of personal data

Personal data. You may refuse to provide ZUPER with personal data when it is requested by ZUPER. Certain or all services, however, may then be unavailable to you. Location and other device information. The device that you use to access the sites or services may collect information about you. This includes location data and user data that ZUPER can then collect and use. Use the settings of the device to restrict the collection and use of such information.

Choices related to the use of your personal information

Online tracking and personalized advertising. We work with partners and other service providers to show you advertising using ad-related cookies and web beacons. You can disable advertising cookies and web beacons. In this case, our advertising is not targeted to you. You will still be shown our advertising on third-party websites. For more information about advertising cookies and personalized advertising from other providers, see Your Online Options. You will also learn how to disable these operations here. Locating and connecting with others. If available, you can manage your settings for searching and connecting with other people via the account of the service you use.

Choices related to account connections

If you have an account connection with a third-party account or a third-party platform, such as a social media account, you may be able to manage your connection settings via your account or via the third-party account or third-party platform. Please see the third-party privacy policy for more information about the choices you have in this case.

Choices related to cookies

You have several options for managing your cookie settings. Depending on your browser or web device, you may delete, disable, or block certain cookies or tracking technologies. For more information, visit AboutCookies.org. You can enable these options; you may, however, not be able to use many of the basic features of a service or website. There may be options for the use of cookies and other tracking technologies when you use a service or visit parts of a website. For example, you may be asked if you want the service or website to store certain information about you. We use cookies and other tracking technologies only to the extent that you have allowed. For more information about our cookies and tracking technologies, see the Cookie and Tracking Technologies Statement.

Choices related to registration and account information

If you have an account, you can usually review and edit personal information by logging in and correcting the information directly or by contacting us. If you do not have an account or if you have questions about your account information or other personal information, feel free to contact us.

Choices related to communication

Notices, notifications, and updates from us:

Marketing: We may send you marketing content about our sites, services, and products, as well as about products we offer together with other financial institutions, and about products and services of unaffiliated third parties and members of the ZUPER group through various communication channels such as email, SMS, pop-ups, push notifications, and messaging applications. You can unsubscribe from this advertisement by following the instructions contained in the messages you receive from us. If you have an account with us, you can also change your notification preferences in your account settings. You can manage push notifications through your device's settings. Communication for information purposes and other: We send you notifications that are required or necessary for all ZUPER customers, notifications that contain important information, and other communications that you request from us. You cannot unsubscribe from these messages. You may, however, be able to customize the media and the format through which you receive the notifications.

10. Your Rights

Subject to the limitations of the EEA data protection laws, you have certain rights in relation to your personal data. You have, in particular, a right to access, rectify, restrict, oppose, delete, and transfer your data. Please contact us if you would like to exercise these rights. If you would like to request access to any personal information that ZUPER holds, you must provide us with a photo ID. If you have an account with one of our services, you can usually review and edit personal information in that account by logging in and updating the information directly. We may use automated decision-making to make credit decisions with your consent, or when it is necessary for the commencement or enforcement of a contract, or if authorized by EU or national law. Feel free to contact us if you need more information about automated decisions.

11. Protection of your personal data

We implement physical, technical, and administrative security measures to protect your personal information against loss, misuse, unauthorized access, disclosure, and alteration. These security measures include firewalls, data encryption, physical access restrictions to our data centers, and permission controls to access data. We are committed to securing our systems and services. You are, however, responsible for the security and confidentiality of your passwords and your account profile or registration information. In addition, it is your responsibility to verify that the personal information we hold about you is accurate and up-to-date. We are not responsible for protecting the privacy of personal information that we share with third parties based on an account connection you have authorized.

12. Use of our services by minors

The sites and services may not be used by persons who are under the age of 18. We do not knowingly collect any information from minors or other persons who are legally unable to use our services and websites. If we become aware that we have collected personal information from minors, we will delete them immediately; unless we are required by law to keep the data. Please contact us if you suspect that we have accidentally or incorrectly collected information from a minor.

13. Other

Changes to this privacy policy

We may revise this privacy policy from time to time to reflect changes in our business, the sites and services, or the applicable laws. The revised version will be effective as of the published effective date.

In the case of a substantial change, you will be notified at least 30 days prior to the change by posting on a “Policy Update” page on our website. ZUPER customers may also be notified of the change by email or otherwise.

14. Contact us

You may contact us if you have any questions or concerns about this privacy policy and its supplementary information or how we handle personal information.

We want to make sure that you direct your questions to the right place:

Email info@getzuper.com if you have questions about your ZUPER account

If you are not satisfied with the processing of your request, you have the right to lodge a complaint with the supervisory authority for data protection in your country.

You can reach our data protection officer at ZUPER GmbH, Rosa-Bavarese-Str. 3, 80639 Munich or by email: info@getzuper.com

15. Definitions

Account refers to a ZUPER customer account.
Device information refers to data that can be automatically collected by any device used to access the sites or services. This information includes, but is not limited to, your device type, your device's network connections, the name and IP address of your device, information about your device's web browser, and the internet connection used to access the site or services, location information, and information about apps downloaded to your device and biometrics (eg touch ID/fingerprint to verify your identity).
Location data refers to information used to identify your location with acceptable accuracy using latitude and longitude coordinates, which are determined via GPS, Wi-Fi, or cell site triangulation.
Guest Transaction refers to the use of the services by a person who is not logged in and/or has no account.
ZUPER refers to ZUPER GmbH and its subsidiaries and affiliates. In this privacy policy, ZUPER is sometimes referred to as "we", "us", or "our", depending on the context.
Personal data refers to information that can be assigned to an identified or directly or indirectly identifiable natural person. The "personal data" includes name, address (including billing and shipping address), telephone number, email address, possibly payment card number, other account information, account number, date of birth, and data issued by authorities (eg driver's license number, identity card number, passport number).
Process means any method or way in which we handle personal data or records, whether or not they are automated processes. These include eg the collection, recording, organization, structuring, storage, adaptation or modification, extraction and retrieval, disclosure by transmission, dissemination or any other means of making available, matching or combining, and restricting, erasing or destroying personal data.
Services means all products, services, contents, features, technologies, or functions and any associated websites, applications, and services provided to you by ZUPER as part of an account or guest transaction.
Sites refers to the websites, mobile apps, official social media platforms, or other online tools through which ZUPER offers the services and which this privacy policy is published or linked to.
Technical Usage Data refers to information that we collect from your mobile phone, computer, or other device that you use to access the sites or services. Technical Usage Data helps us understand how you use the sites and services, such as what you searched for and viewed on the sites, and how you use our services. Also included in these data are your IP address, statistics on how pages are loaded or viewed, websites you've visited before our websites, and other cookie usage and browsing information collected by cookies.
ZUPER Customer refers to a person who uses the services or accesses the sites and maintains a relationship with ZUPER (eg by opening an account and agreeing to the ZUPER Terms of Use) or other transaction participants (including guest transactions) the services in other ways.

Cookies, Web Beacons, and Similar Technologies

Last update: 23 April 2018

When you use or interact with our websites, services, applications, features, or messaging features, we or our authorized service providers use cookies, web beacons, and similar technologies. The collected information helps us to make our service better, faster, safer, and serves a promotional purpose. The following is intended to give you a better understanding of these technologies and their use on our pages, services, applications, and features. You will find a summary of some key points that you should know about our use of such technologies. You will also find our complete user information on cookies at the bottom of this page. Cookies and similar technologies are necessary for our services to function in the first place, but they also improve them: They add more power, extra functionality, or show you more relevant and personalized ads. In some cases, cookies and similar files are stored on your device only as long as your browser is running (session cookie); In other cases, such information will be stored on your device for longer (persistent cookie). If your device offers this feature, you can block, delete, or disable these cookies. You can access your cookies and cookie settings in the settings of your device or browser.

Wherever possible, security measures prevent unauthorized access to our cookies or similar technologies. A unique identifier guarantees that only we and/or authorized service providers have access to cookie data. Service providers are companies that help us in various business areas, e.g. in the operation of websites or in relation to services, applications, advertising, or features. Some service providers help us show you relevant ads while you use our services or visit other websites. These service providers may use our services to store cookies on your device (so-called third-party cookies). They may also collect information to identify your device. These can be IP addresses or other data that can be uniquely assigned.

What are cookies, web beacons, and similar technologies?

Like most websites, we use technologies that essentially store small files on your computer, tablet, mobile phone, or some other device (collectively "device"). These files enable us to record certain information when you use our pages, services, applications, messaging services, or features.

The specific names and types of cookies, web beacons, and other similar technologies we use may change from time to time. Here is a short glossary to help you better understand these principles and how we use these technologies: Cookies: Small text files, which consist mostly of letters and numbers. They are stored in the memory of your browser or device when you visit a website or open a message. Cookies allow a website to recognize a particular device or browser.

There are several types of cookies:
Session cookies expire at the end of your browser session and allow us to associate your activity during that particular browser session.
Persistent cookies are stored on your device between browsing sessions, allowing us to document your priorities or activities across multiple pages.
First-party cookies are stored by the page you just visited.
Third-party cookies are placed by a third party site that is different from the site you are visiting.

You can disable or remove cookies by using tools that are included in most commercial browsers. The preferences need to be configured separately for each browser, with different browsers offering different functionalities and options.

Web beacons: Small graphics (also known as "pixel tags" or "Clear GIFs") that may be integrated into our websites, services, applications, messaging services, or features. Web beacons typically interact with cookies to identify users and analyze their behavior.

Similar technologies to store information: Technologies that store information in your browser or device, using locally shared objects or local storage (such as Flash cookies, HTML 5 cookies, and other web application software). These technologies are browser independent. Sometimes it is not possible to completely define the use of cookies in the browser. In such cases, you will need to adjust the settings of other installed applications or your device instead. We do not use the storage technologies mentioned here to show you tailored ads on our pages or elsewhere.

We may use the terms "cookies" or "similar technologies" in our principles as synonyms with regard to any technologies we use to store data in your browser or device or to collect information that enables us to identify you in the manner described above.