Privacy Policy

How we protect and process your personal data in compliance with GDPR and banking regulations

Last Updated: January 17, 2025
GDPR Compliant

Table of Contents

1. Overview

Banzik, operated by Go Zazoo Ltd (HE 461195) as an Electronic Money Distributor and authorized agent of FinXP Ltd (C 65783), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our private banking services.

As a licensed Electronic Money Institution regulated by the Malta Financial Services Authority (MFSA), we comply with:

  • The General Data Protection Regulation (GDPR)
  • Malta Data Protection Act
  • European Banking Authority (EBA) guidelines
  • Anti-Money Laundering (AML) regulations
  • Payment Services Directive 2 (PSD2)

This policy applies to all Banzik services, including our website, mobile applications, and banking platform.

2. Data Collection

Personal Information We Collect

Account Opening Information:

  • Full name, date of birth, nationality
  • Residential and correspondence addresses
  • Phone number and email address
  • Government-issued identification documents
  • Employment and income information
  • Source of funds and wealth documentation

Transaction Data:

  • Payment transactions and transfers
  • Account balances and statements
  • Cryptocurrency transactions and conversions
  • Merchant and beneficiary information
  • Transaction patterns and behavior

Technical Information:

  • IP addresses and device identifiers
  • Browser type and operating system
  • Login times and session duration
  • Geolocation data (where permitted)
  • Website and app usage analytics

Communication Records:

  • Customer service interactions
  • Email correspondence
  • Phone call recordings (with consent)
  • Live chat transcripts
  • Support ticket history

3. How We Use Your Data

We process your personal data for the following purposes under applicable legal bases:

Service Provision (Contract Performance):

  • Opening and maintaining your banking account
  • Processing payments and transfers
  • Providing customer support services
  • Issuing account statements and reports
  • Managing cryptocurrency services

Legal Compliance (Legal Obligation):

  • Identity verification and KYC procedures
  • Anti-money laundering (AML) monitoring
  • Suspicious activity reporting
  • Tax reporting and compliance
  • Regulatory reporting to authorities

Security and Fraud Prevention (Legitimate Interest):

  • Fraud detection and prevention
  • Account security monitoring
  • Risk assessment and management
  • System security and maintenance

Business Operations (Legitimate Interest):

  • Service improvement and development
  • Analytics and performance monitoring
  • Market research and product development
  • Business intelligence and reporting

4. Data Sharing and Disclosure

We only share your personal data when necessary and in accordance with applicable law:

Regulatory Authorities:

  • Malta Financial Services Authority (MFSA)
  • Financial Intelligence Analysis Unit (FIAU)
  • European Central Bank (ECB)
  • Tax authorities in relevant jurisdictions
  • Law enforcement agencies (when legally required)

Service Providers:

  • FinXP Ltd (our authorized partner)
  • Payment processors and correspondent banks
  • Identity verification services
  • Cloud hosting and IT infrastructure providers
  • Customer support and communication platforms

Legal Requirements:

  • Court orders and legal proceedings
  • Regulatory investigations
  • Suspicious activity reports
  • International sanctions compliance

Third-Party Safeguards: All third parties with access to your data are bound by strict contractual obligations and must maintain equivalent security standards.

5. Data Security

We implement comprehensive security measures to protect your personal data:

Technical Safeguards:

  • End-to-end encryption for all data transmission
  • Advanced encryption standard (AES-256) for data storage
  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems

Organizational Measures:

  • Access controls and role-based permissions
  • Regular staff training on data protection
  • Incident response and breach notification procedures
  • Data minimization and privacy by design principles
  • Regular compliance assessments

Infrastructure Security:

  • Secure data centers with physical access controls
  • Redundant systems and disaster recovery
  • Network segmentation and firewalls
  • Regular security updates and patches
  • 24/7 security monitoring

6. Your Privacy Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

Request a copy of your personal data we hold and information about how it's processed.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data (subject to legal retention requirements).

Right to Restrict Processing

Request limitation of how we process your personal data in certain circumstances.

Right to Data Portability

Request transfer of your data to another service provider in a structured format.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Exercising Your Rights: To exercise any of these rights, please contact our Data Protection Officer at [email protected] or use our contact form.

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

Account Data:

  • Active accounts: For the duration of the banking relationship
  • Closed accounts: 7 years after account closure (regulatory requirement)
  • Transaction records: 7 years from transaction date

Compliance Records:

  • KYC documentation: 7 years after relationship ends
  • AML monitoring records: 7 years from creation
  • Suspicious activity reports: As required by law

Marketing and Analytics:

  • Website analytics: 26 months maximum
  • Marketing preferences: Until withdrawal of consent
  • Communication logs: 3 years for quality purposes

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and provide our services:

Essential Cookies:

Required for basic website functionality, security, and session management. These cannot be disabled.

Functional Cookies:

Remember your preferences and settings to provide a personalized experience.

Analytics Cookies:

Help us understand how visitors interact with our website to improve services.

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

9. Contact Information

Data Controller:

Go Zazoo Ltd (HE 461195)
Ardent Business Centre
No. 4, Triq L-Oratorju
Naxxar NXR 2505, Malta

Data Protection Officer:

Email: [email protected]
Phone: +356 2000 0000
Secure Contact: Contact Form

Supervisory Authority:

Malta Data Protection Commissioner
Email: [email protected]
Website: dataprotection.gov.mt

10. Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. Any material changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications for mobile users
  • Secure message in your account dashboard

Continued use of our services after policy updates constitutes acceptance of the revised terms. We encourage you to review this policy regularly.

Version History:

Version 3.0 - January 17, 2025: Updated for enhanced crypto services and GDPR compliance