TOKEN FAIR PROCESSING NOTICE
- About this noticeThis fair processing notice (“Notice“) explains how and why the Zeneca Group (also referred to as “COMPANY“, “we“, “our“ and “us“) uses personal data about those individuals that either:
or whose details we collect or receive through social media or communication channels (in each case, referred to as “you“).You should read this Notice, so that you know what we are doing with your personal data. Please also read any other privacy notices that we make available to you, that might apply to our use of your personal data in specific circumstances outside the scope of this Notice, which primarily concerns our processing of your personal data in relation to or in connection with the Services.
- participate in our token launch, community, membership and use our services (“Services“));
- communicate with us in relation to the Services and other related matters; or
- use or access our platforms at website https://zenacademy.com (“Platforms“);
- Who we are and our contact details
- Zen Business Holdings, whose registered office address is at Quijano & Associates (BVI) Limited, Quijano Chambers, PO Box 3159, Road Town, Tortola, British Virgin Islands, is a limited liability company incorporated under the laws of the British Virgin Islands. We own the Platforms and manage and operate this ourselves together with the Zeneca Group including Zen Labs. Zen Labs is a limited liability company with address at Dubai Silicon Oasis, DDP, Building A1, Dubai, United Arab Emirates.
- Our contact for data protection purposes is firstname.lastname@example.org.
- Our data protection responsibilitiesIn this notice we refer to the following terms, which have the following meanings:
- “Personal data“ is any information that relates to an identifiable natural person. Your name, address and contact details are all examples of your personal data, if they identify you.
- The term “process“ means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.
- The Company is a so-called “controller“ of your personal data. This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws.
- What types of personal data do we collect and where do we get it from?We collect your personal data from various sources. The table below sets out the different types of personal data that we collect and the sources we collect it from. Typically, you provide us with personal data directly when you communicate with us (including via the Platforms) and when you seek to use our Services. We also obtain some personal data from other sources, and create some personal data ourselves, as set out in the table.
Category Type of Personal Data Collected From Contact Information
- Telephone number
- Email address
- Organisation details (eg your place of work, job title and organisation contact information)
- Your marketing preferences
- Social media and other user IDs
Background And Identity Check Information
- Contact Information (see above)
- Date of birth
- Passport and/or any other national identity document
- Utility bill and/or other proof of address, such as bank statement or driving license
- Third parties and systems used for our identity and anti-money laundering checks
- Contact Information (see above)
- Details relating to your use of the Services
- Payment information
- You/your organisation’s banking details
- Wallet information including wallet address(es), crypto holdings, membership of crypto communities
- Responses to surveys carried out by you including feedback
- Online courses taken, completed, passed and your scores
- Details of events attended (online and in person)
- Systems used for the Services
- Contact Information (see above)
- IP address and other online identifiers / web beacons
- Social media IDs, and wallet information
- Usernames, passwords and other log-in details (including profile picture(s))
- Details of your online browsing activities on our Platforms, such as the pages, products or areas of our Platforms that you visit
- Your account settings including any default preferences, any preferences we have observed, such as the types of offers that interest you, or the areas of our Platforms that you visit.
- Device used to access the Platform(s)
- Our Platforms
Sensitive and special category Information
- Racial or ethnic origin (including your nationality and passport information)
- Information relating to actual or suspected criminal convictions and offences (pursuant to anti-money laundering and identity checks)
- Third parties and systems used for our identity and anti-money laundering checks
Please be aware that we cannot communicate with you or administer the Services without your personal data. Where we don't need your personal data, we will make this clear, for instance we will explain if any forms you are required to complete are optional or contain sections that can be left blank.
If any of the personal data you have given to us changes, such as your contact details, please inform us without delay by contacting email@example.com.
- What do we do with your personal data, and why?We process your personal data for particular purposes in connection with your engagement with us and our community, use of the Services and the management and administration of our business.We are required by law to always have a so-called “lawful basis“ (i.e. a reason or justification) for processing your personal data. The table below sets out the purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing.Please note that where we have indicated in the table that our processing of your personal data is either:
if you choose not to provide the relevant personal data to us, we may not be able to provide our services to you.
- (a) necessary for us to comply with a legal obligation; or
- (b) necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it,
Lawful basis Purposes of processing Your consent To perform a contract with you To comply with a legal obligation For our legitimate interests Contact Information a) Responding to your communications with us, sending you surveys ✔✔(It's important that we can receive and respond to your enquiries, complaints, surveys or other communications) b) Notifying you in relation to your use of the Services ✔✔(It's important that we keep you informed of matters related to your courses, use of Services or proposed enrolment) c) Sending you information as set out in the section “How do we communicate with you?“, below ✔ ✔✔(It is important to keep you updated of our services Background and Identity Check Information d) Performing anti-money laundering checks ✔ ✔ ✔✔(We need to ensure compliance with anti-money laundering requirements) e)Providing your personal data to exchanges for the purposes of the exchange operating company conducting any necessary anti-money laundering checks. Such services are only provided in limited circumstances at the discretion of Zeneca Group and with your consent, as required.Please note that exchange providers may be processing such personal data in their own capacity as a Controller. You should therefore ensure that you have reviewed the exchange's fair processing notice in addition to this Notice. ✔ ✔ f) Performing identity checks ✔✔(We need to ensure that the identity of our investors is verified) g) Assessing your suitability for our Services ✔ ✔✔(We need to ensure the above checks have not resulted in potential issues in relation to your use of the Services) Platform Information h) Ensure the operation and performance of the Platforms✔(We need to ensure the Platforms functions correctly) i) To improve the functionality of the Platforms✔(It is in our interest to keep the Platforms up to date and improve its functionality for the benefit of users) j) To enable you to create accounts and log-in to them via the Platforms ✔✔(It is in our interests to grant you access to a private log-in where you can access information relevant to you and your use of the Services) k) To use targeted cookies in relation to advertising and other non-essential cookies ✔ Token Information l) Providing you/your organisation with the token and Services ✔ m) Taking payment from you in respect of your token/use of Services ✔ n Sharing relevant information in relation to your token ✔✔(It is important that we keep you updated as to your token) All categories o) Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity ✔ p) Complying with instructions from law enforcement agencies, any court or otherwise as required by law ✔ q) For our general record-keeping and community relationship management ✔✔(We need to store related information so we can refer back to it) r) Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation ✔✔(We have a legitimate interest in being able to sell any part of our business) s) Resolving any complaints from or disputes with you ✔✔(We need to be able to try and resolve any complaint or dispute you might raise with us)We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand the input spread of our customers.
- Sensitive InformationSome of the processing described in the above table will include the processing of 'special categories of personal data', criminal offences data and/or sensitive personal data (together, “Sensitive Information“ – as set out in the table at paragraph 3, above). This refers to sensitive, criminal offences or special categories of personal data which we are required to process with more care, according to applicable laws.The table below sets out the different purposes for which we process your Sensitive Information and the relevant lawful basis on which we rely for that processing. For some processing activities, we consider that more than one lawful basis may be relevant – depending on the circumstances.
Sensitive Information - lawful Basis Purpose of processing You have given your explicit consent to the processing It is necessary to protect somebody's vital interestsor they are incapable of giving consent It is necessary for the establishment, exercise or defence oflegal claims It is necessary for reasons of substantial public interest a) Performing anti-money laundering checks ✔ ✔ b) Performing identity checks ✔ ✔ c)Providing your personal data to exchanges for the purposes of the exchange operating company conducting any necessary anti-money laundering checks. Such services are only provided in limited circumstances at the discretion of Zeneca Group and with your consent, as required.Please note that exchange providers may be processing such personal data in their own capacity as a Controller. You should therefore ensure that you have reviewed the Exchange's fair processing notice in addition to this Notice. ✔ ✔
- Who do we share your personal data with, and why?Sometimes we need to disclose your personal data to other people.Inside the Zeneca GroupWe are part of a group of companies. Therefore, we will need to share your personal data with other companies in our group for our general business purposes, to manage your use of the Services and, in some cases, for authorisations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis.Access rights between members of our group are limited and granted only on a need-to-know basis, depending on job functions and roles. As a basic principle, Zen Academy is responsible for managing the membership side of the Services and we are responsible for the token side of the Services.Outside the Zeneca GroupFrom time to time, we may ask third parties to carry out certain business functions for us, such as IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third-party service providers include service providers and/or sub-contractors, which include IT systems software and maintenance, back up, and server hosting providers.In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right, for example where:
We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
- (a) we agree to provide exchange services at your instruction, whereby your personal data will be shared with a third party exchange provider, so that they can conduct the exchange and any necessary identity and anti-money laundering checks;
- (b) we buy, sell or transfer our business (or part of it) in connection with a share or asset sale or outsourcing, we may disclose or transfer your personal data to the prospective seller, buyer or transferor and their advisors; and
- (c) we need to disclose your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
- (a) IT support, cloud platform and data hosting providers;
- (b) exchanges;
- (c) payment processors in relation to your token;
- (d) partner providers , where we may share contact information in order to deliver their services;
- (e) consultants and professional advisors including legal advisors and accountants;
- (f) courts, court-appointed persons/entities, receivers and liquidators; and
- (g) governmental departments and statutory and/or regulatory bodies.
- Where in the world is your personal data transferred to?We are based outside the UK and EEA and may also transfer your personal data to external recipients that are established in jurisdictions other than your own.Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under the laws in your jurisdiction.We will always seek to ensure that adequate protections are put in place when transferring your personal data from within to outside the UK or European Economic Area. For more information regarding the transfers undertaken by us and the protections put in place, please contact us using the details set out at the end of this Notice.
- How do we keep your personal data secure?We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
- How long do we keep your personal data for?We will only retain your personal data for a limited period of time (for example, for so long as you have an active account or token with us or are otherwise active in our community plus a period of time following, based on the factors below), and for no longer than is necessary for the purposes for which we are processing your personal data. This will depend on a number of factors, including:
- (a) any laws or regulations that we are required to follow;
- (b) whether we are in a legal or other type of dispute with each other or any third party;
- (c) the type of information that we hold about you; and
- (d) whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
- How do we communicate with you?We will use your personal data to communicate with you:
From time to time and with your consent (where required), we will provide you with information about our launch, services, promotions and/or offers which may be of interest to you.Where you have subscribed to our online newsletter, we will also provide a copy by email.Please note that you may opt-out of receiving the newsletter and any other marketing materials that we send you, by unsubscribing.
- in relation to any use of our services you make and to remind you when the token launch is open;
- to administer our relationship with you;
- to respond to any questions or complaints that you may have; and
- to invite you to take part in market research or request feedback on our products and services.
- What are your privacy rights and how can you exercise them?Where our processing of your personal data is based on your consent (please see the tables above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.Where our processing of your personal data is based on the legitimate interests(please see the tables above), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, excersise or defend a legal claim.Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing at any time. You can do this by unsubscribing to the address specified in a direct marketing email or by notifying us at firstname.lastname@example.org.Laws in certain jurisdictions may provide you with rights relating to your personal data, such as listed below. We will honour these rights to the extent required by law. You have the right to (subject to applicable laws and certain limitations):
If you wish to exercise any of these rights, please contact us at email@example.com in the first instance. We will aim to respond to all legitimate requests within one month of receipt.You may also have the right to lodge a complaint with the relevant data protection regulator (for example for the Information Commissioner’s Office in the UK).
- access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;
- require us to correct any inaccuracies in your personal data without undue delay;
- require us to erase your personal data;
- require us to restrict processing of your personal data;
- receive the personal data which you have provided to us, in a machine-readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (please see the tables above) and where the processing is automated; and
- object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making).
- Updates to this NoticeWe may update this notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. We will update you on material changes to this notice. We also encourage you to check this notice on a regular basis – updated copies can be found at: https://zenacademy.com/privacy-policy.
- Where can you find out more?If you want more information about any of the subjects covered in this Notice or if you would like to discuss any issues or concerns with us, you can contact firstname.lastname@example.org.