Articles in this section

GDPR Policy

  • Updated

This policy has been adopted by Zero Hash Holdings Ltd. ("Zero Hash") and its subsidiaries, Zero Hash Liquidity Services LLC ("ZH Liquidity") and Zero Hash LLC ("ZH") (Zero Hash, ZH Liquidity and ZH are collectively "Zero Hash"). The purpose of this policy is it illustrate Zero Hash's commitment to Processing data in accordance with its responsibilities under the General Data Protection Regulation ("GDPR"). Zero Hash is committed to protecting the privacy and security of your Personal Data. The information you share with Zero Hash allows Zero Hash to provide you the best experience with our products and services. Zero Hash has implemented a privacy program to protect all Personal Data collected and to help Zero Hash properly handle your Personal Data.

This Privacy Notice explains our privacy practices. Please read this notice to understand how Zero Hash collects and uses your Personal Data.

 

Definitions

Consent of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

Data Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

Data Subject means a natural person, such as an individual, a customer, a prospect, an employee, a contact person, etc.

Personal Data means any information relating to an identified or identifiable Data Subject.

Processing covers any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, Data Processor and persons who, under the direct authority of the controller or Data Processor, are authorized to process Personal Data.

 

Overview

Data Protection Principles

Article 5 of the GDPR requires that Personal Data shall be:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals;
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the Personal Data is processed; Personal Data may be stored for longer periods insofar as the Personal Data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
  6. Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Transparent Processing

  1. To ensure its Processing of data is lawful, fair and transparent, Zero Hash will maintain a register of systems.
  2. The register of systems will be reviewed at least annually.
  3. Individuals have the right to access their Personal Data and any such requests made to Zero Hash will be dealt with in a timely manner.

Lawful Purpose

  1. All data processed by Zero Hash must be done on one of the following lawful bases: Consent, contract, legal obligation, vital interests, public task or legitimate interests.
  2. Zero Hash shall note the appropriate lawful basis in Zero Hash's register of systems.
  3. Where Consent is relied upon as a lawful basis for Processing data, evidence of opt-in Consent shall be kept with the Personal Data. If we process information based on your Consent, you may withdraw such Consent at any time. You will not suffer any detriment for withdrawing your Consent. Please contact the Data Protection Officer outlined below to withdraw your Consent.
  4. Where communications are sent to individuals based on their Consent, the option for the individual to revoke their Consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in Zero Hash’s systems.
  5. Zero Hash gathers and processes Personal Data to fulfill its anti-money laundering and know your customer obligations, open and manage your account, and track account activity. Zero Hash has determined these activities to be in its legitimate business interest. Zero Hash may process your Personal Data for internal marketing purposes. Zero Hash may also share Personal Data with Third Parties, provided that you provide prior Consent.
  6. Zero Hash also processes your Personal Data in furtherance of contracts you have entered with Zero Hash, including when onboarding you as a customer, funding your account, Processing your orders, facilitating transactions, and Processing withdrawals. Zero Hash may share your Personal Data between its affiliated entities or with Third Parties to facilitate these actions, which are necessary in furtherance of your contract(s) with Zero Hash.

Data Minimization and Accuracy

  1. Zero Hash shall ensure that Personal Data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  2. Zero Hash shall take reasonable steps to ensure Personal Data is accurate.
  3. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that Personal Data is kept up to date.

Archiving and Deletion

  1. To ensure that Personal Data is kept for no longer than necessary, Zero Hash shall put in place an archiving policy for each area in which Personal Data is processed and review this process annually.
  2. The archiving policy shall consider what data should/must be retained, for how long, and why.
  3. We may keep a record of your Personal Data, correspondence or comments, in a file specific to you. We will utilize, disclose or retain your Personal Data for as long as necessary to fulfill the purposes for which that Personal Data was collected and as permitted or required by law.
  4. Zero Hash entities are required by their various regulators to keep and maintain much of your Personal Data for prescribed periods. The longest of such periods are as follows:
    1. ZHLS: 7 years (FinCEN and New York Department of Financial Services)
    2. ZH: 7 years (FinCEN and New York Department of Financial Services)
  5. Some of your Personal Data may be deleted prior to the expiration of the above periods, if such deletion is permitted by the laws and regulations governing each entity.

Security

  1. Zero Hash shall ensure that Personal Data is stored securely using modern software that is kept up to date.
  2. Access to Personal Data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorized sharing of information.
  3. When Personal Data is deleted this should be done safely such that the data is irrecoverable.
  4. Appropriate back-up and disaster recovery solutions shall be in place.

Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data, Zero Hash shall promptly assess the risk to people’s rights and freedoms and, if appropriate, report the breach to the proper authority.

 

Data Protection Officer

Zero Hash's Director of Information Security, James Hemenway, can be reached at privacy@zerohash.com. 

 

The Data We Collect

Zero Hash collects:

  • Financial Information, including account numbers, transaction history, net worth, account balances, and assets and liabilities.
  • Identifying Information, including names, government issued identification, Social Security Numbers, passport numbers, birth dates, addresses, and all other background information necessary for AML/KYC requirements.
  • Account Authenticating Information, including hashed representations of account passwords, PINs, and account recovery information.

Personal Data does not include generic email address or general business information that is not linked to an individual.

 

How We Collect Your Data

You directly provide Zero Hash with most of the data we collect. We collect data and process data when you:

  • Apply for any Zero Hash account or services,
  • Use any Zero Hash service online, and
  • Voluntarily complete a customer survey, provide feedback, or speak with Zero Hash operations personnel about your account or services.

Zero Hash may also receive your data indirectly from third parties when conducting know your customer background checks or confirming the information you have provided. We only collect information that is reasonably necessary to fulfill the identified purpose. All data is collected and processed in the United States.

 

How We Will Use Your Data

Zero Hash collects your data:

  • To properly identify you.
  • To manage your account(s) with Zero Hash.
  • To determine your eligibility for products and services and the products and services of companies with whom we are affiliated.
  • To respond to questions, comments, or concerns regarding Zero Hash.
  • Provide to you the digital asset trading/custody/settlement/account servicing and related services contracted for.
  • Email you with offers on other products and services we think you might like and inform you about the products and services we provide.
  • To recruit for positions at Zero Hash.
  • To investigate legal claims.
  • To protect against fraud.
  • To administer Zero Hash websites and any Zero Hash software applications.
  • For such purposes for which Zero Hash may obtain Consent from time to time.
  • For such other uses as may be permitted or required by applicable law.

Your data may also be anonymized or aggregated to enable Zero Hash to manage our business, develop statistical information, test our performance, or develop products. Anonymized and/or aggregated data will not identify you. Zero Hash does not sell your Personal Data or information.

 

Sharing Data With Third Parties

Zero Hash may share your Personal Data with Third Parties:

  1. To provide and support Zero Hash's products and services. For example, Zero Hash may submit your information to credit bureaus or credit reporting agencies for identification purposes.
  2. To comply with legal obligations, such as responding to regulatory or criminal investigations or mandatory reporting to our regulators.
  3. To protect you from fraud, abuse, or illegal activity. In such cases, Zero Hash may disclose your information to an appropriate governmental authority or next of kin to prevent illegal or fraudulent activity in your account.
  4. If, in our best judgement, we believe someone is seeking your information as your agent, with your Consent, or if otherwise permitted by law.
  5. Any other situation or purpose for which Zero Hash obtains your Consent to share.

 

How We Protect Your Data

Zero Hash has many processes and controls in place to protect your Personal Data. Controls include limiting access to private data and confidential information to authorized employees, service providers, representatives, or agents who have all been made aware of the importance of keeping your information confidential. That is, Zero Hash only allows access to confidential information on a need-to-know basis. Additionally, Zero Hash uses safeguards that are consistent with the industry standard, including firewalls, data encryption, and physical access controls. Zero Hash stores all of your Personal Data in the United States. Data transfers are carried out in accordance with applicable laws and regulations, and transfers to another jurisdiction will be subject to the laws of the jurisdiction where the data is held.

Your data is only retained for as long as reasonably necessary to fulfill the purpose for which it was collected. Your data will be destroyed or de-identified once no longer required.

 

Marketing

Zero Hash would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marking, you may opt out at a later date.

You have the right at any time to stop Zero Hash from contacting you for marketing purposes or giving your data to other members of the Zero Hash group. If you no longer wish to be contact for marketing purposes, please email us at privacy@zerohash.com.

 

Your Data Protection Rights

Zero Hash would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to be informed - You have the right to be informed about the Processing of the information you supply (this GDPR Privacy Policy).

The right to access - You have the right to request copies of your Personal Data. We may charge you a proportionate fee for this service.

The right to rectification - You have the right to request that Zero Hash correct any information you believe is inaccurate. You also have the right to request Zero Hash to complete information you believe is incomplete.

The right to erasure - You have the right to request that Zero Hash erase your Personal Data, under certain conditions.

The right to restrict Processing - You have the right to request that Zero Hash restrict the Processing of your Personal Data, under certain conditions.

The right to object to Processing - You have the right to object to Zero Hash's Processing of your Personal Data, under certain conditions.

The right to data portability - You have the right to request that Zero Hash transfer the data that we have collected to another organization, or directly to you, under certain conditions.

The right to object - You have a right to object to the collection and Processing of your Personal Data for direct marketing and for other limited purposes. You may object orally or in writing.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights or have any questions about these rights, please contact us at privacy@zerohash.com.

 

Complaints

If you have a concern about the way Zero Hash is handling your Personal Data, please email us at privacy@zerohash.com

 

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information, visit allaboutcookies.org.

 

How We Use Cookies

Zero Hash does not currently use cookies on its website.

 

Children

Our Website is not intended for use by minors (children under the age of 18). Zero Hash does not market any products or services to children under the age of 18 or knowingly collect any information from children under the age of 18. Parental Consent to use our platform is also not permitted.

 

Changes to Our Privacy Policy

Zero Hash keeps its privacy policy under regular review and will place any updates on this web page.

 

Related articles