Privacy Policy

Last updated: 12 May 2024

ZERO Financial LTD (hereinafter referred to as "We", "Us", "Our" or the "Firm") is committed to protecting the confidentiality and privacy of information you entrust to us, and to handling your personal data in a transparent manner in compliance with the data protection regulations applicable in Mauritius.

1. Who we are

ZERO Financial LTD (hereinafter referred to as "We" ("Us", "Our") or the "Firm") is an investment dealer (Full-Service Dealer excluding underwriting) in Mauritius, duly licensed by the Mauritius Financial Services Commission to provide investment services under Licence No. GB21026308 (hereinafter referred to as the "Services").

Acting as a full-service dealer (excluding underwriting), We may collect, store and process certain personal data about you which may vary according to the nature of our engagement with you and the product or service we provide to you.

2. Purpose

We are dedicated to protecting the confidentiality and privacy of information you entrusted to us and handling your personal data in a transparent manner always in compliance with the requirements of the data protection regulations which are applicable in Mauritius. This privacy policy describes our policy on privacy, including among others, the following matters:

• the type of personal data we process;
• how we use personal data;
• what is our basis of processing personal data; and
• what are your data protection rights and how you can enforce them.

We are committed to ensuring that we collect, use, share, disclose and/or otherwise process personal data in accordance with the requirements described in this Privacy Policy.

This Privacy Policy is directed to the persons set out in Section 4 below.

3. Useful Definitions

(a) Personal Data

Any information relating to you, i.e. data which may be used to identify you, either directly or indirectly and which may include, without limitation, your name, address, identification number, family status, occupation.

(b) Special categories of personal data

Personal data which may reveal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union activities, genetic data, biometric data, physical or mental health, or sexual orientation.

(c) Controller

Where we act as the controller in relation to your personal data, we determine the purposes for which and how we will process your personal data.

(d) Processor

We may act as processors for your personal data in certain circumstances, i.e. process your personal data on your behalf (the controller) and on the basis of your instructions.

(e) Processing

Includes the handling of your personal data by us, whether or not by automated means, including without limitation, the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of your personal data.

(f) Data Protection Legislation

This includes the data protection laws and/or regulations which are applicable in Mauritius and/or other applicable data protection legislation and/or guidelines.

4. Whose personal data we process

• Individual clients;
• Individuals that are considering entering into an agreement with us to offer services to them;
• Former clients;

Hereinafter collectively referred to as the "Individual Clients".

• Individuals connected to Individual Clients, including authorized representatives and/or agents and/or officers and/or signatories and/or employees;
• Individuals connected and/or relevant to non-individual clients, either current or prospective, including companies, other corporate clients or other legal or non-legal entities (hereinafter referred to as the "Corporate Clients"). Without limitation, such persons include shareholders, owners, employees, directors, secretaries, beneficial owners, signatories, authorized representatives or agents and/or of any other associates.

* Individual Clients and Corporate Clients are hereinafter collectively referred to as Clients.

• Other individuals that may be connected with the services that we are engaged to provide to our Clients;
• Our employees and/or persons applying for employment and/or other persons acting and working on our behalf;
• Our Associates, including without limitation, other service providers, consultants, IT service providers, with whom we may cooperate in offering our services to our Clients; and
• Visitors of our website, namely zeromarkets.online.

5. What personal data we may process

We collect and process various types of personal data relating to you, which may vary according to the circumstances and nature of our engagement with you. Examples include where you apply to use our services or where you visit our website.

We limit the processing of personal data to what is necessary to achieve one or more of the purposes listed in this Privacy Policy.

Personal data we may process include the following:

• personal details including name, surname, place and date of birth, residential address, email address, billing address, work address, telephone number, ID, passport;
• due diligence and know-your-customer information and evidence including passport or other personal identification information, proof of address information, nationality, place and date of birth, country of residence, source of wealth, tax reference, background information such as non-bankruptcy records and in case of corporate clients, full corporate documents, individual identification documents for the corporate clients' officers, including without limitation, that of directors and UBOs;
• financial information including your personal credit card details, financial position and credit and borrowing history, billing information, payment details, proof of income;
• employment and professional details including details about your work, job title and function, education, curriculum vitae, academic qualifications, diplomas, references and other related information;
• other personal data which may be provided to us.

We do not seek to collect and/or otherwise process special categories of personal data. However, for specific and limited purposes and in pursuance with our engagement and/or relationship with you, we may need to process special categories of personal data such as data revealing racial and/or ethnic origin and biometric data.

6. How we collect your personal data

We may obtain your personal data:

1. mainly through any information you provide directly to us either in person or through email and telephone correspondence. For instance, when you contact us to apply for our products and/or services and/or contact us for an enquiry, complaint or for any other reason;
2. indirectly from other sources, including:
   • your authorized representatives and/or agents;
   • our Associates;
   • background check agencies (e.g. world compliance checks);
   • due diligence investigation;
   • internet and social media activity;
   • publicly available sources, including governmental departments/agencies, the press and media and online search engines;
   • third parties who provide services to you or us, including other service providers and fraud prevention or government agencies; and
   • when you visit our Website, e.g. personal data is collected when you complete any forms found on our website. Please see Section 15 "Cookies".

7. Why we need your personal data

We are committed to collect, use and/or otherwise process your personal data where it is necessary for us to carry out our lawful business activities. In particular, we may process your personal data for one or more of the following reasons.

(a) For the performance of a contract or in order to take steps at your request prior to entering into a contract

We may process your personal data when it is necessary in order to enter into a contract with you for the provision of our services and/or our products or to perform our obligations, duties and responsibilities in accordance with our engagement and/or contract with you.

The purpose of processing personal data depends on the requirements for each product and/or service and the contract terms and conditions provide more details of the relevant purposes.

(b) For compliance with a legal obligation

We may process your personal data in accordance with legal obligations to which we are subject to and that require us to carry out certain data processing activities, including without limitation, anti-money laundering controls, reporting obligations, identity verification, compliance with court orders.

(c) For the purposes of safeguarding legitimate interests

Under certain circumstances, we may process your personal data so as to enforce the legitimate interests of our own or those of any third parties, provided that your interests and/or fundamental rights are not overridden by our interests. For instance, we may need to process your personal data in order to:

• protect and/or enforce our and/or a third person's legal rights, e.g. initiating legal claims and preparing our defence in litigation procedures;
• ensure business continuity and disaster recovery;
• monitor and improve internal business processes and communications solutions and services;
• perform analysis of our clients' complaints in order to ensure that we perform our contractual obligations effectively and we provide the very best client service we can to our clients; and
• understand our clients' actions, behavior and preferences in order to improve the offering of our services and/or products.

(d) You have provided us your consent

We will request your consent, when we wish to provide you with any marketing information in relation to our services and/or products which we believe that may be of interest and/or benefit to you.

Where it becomes necessary to process any special categories of personal data concerning you for any reason, we will request your prior explicit consent.

8. Failure to provide personal data

If you fail to provide us with your personal data that we request from you or you exercise any of the rights, as these are set out in Section 12 which oblige us to restrict the processing of your personal data, we may be unable to provide some or all of our services and/or products to you and as a result, we may have to cancel the engagement we have with you. However, we will notify you in case this happens.

9. Who we may share and/or disclose your personal data with

In the course of the performance of our contractual and statutory obligations, we may share and/or disclose and/or transfer your personal data to third parties where it is required in order to meet one or more of the purposes listed above. When we proceed with the sharing and/or disclosure and/or transfer of your personal data to third parties, we do so in accordance with data protection legislation and our internal security standards. Such recipients may include:

• our employees and other persons working for us and/or offering services to us;
• our associates;
• service providers; and
• governmental and regulatory authorities to whom we may be legally bound to share your personal data.

When we share and/or disclose and/or transfer your personal data to any third parties, our contractual agreements with such parties include confidentiality and data protection clauses.

10. Using Sub-Processors

We may share and/or disclose and/or transfer your personal data with any third parties in order to perform certain processing activities on our behalf, i.e. sub-contractor data processors, that will assist us in exercising our business and legal obligations, duties and responsibilities under our engagement with you.

It should be emphasized, that this disclosure of personal data may also be required in order to protect and/or pursue our and/or the third party's legitimate interest so as to ensure that we perform our contractual obligations effectively and in the best way that we can.

When collaborating with such third parties, we perform an appropriate level of due diligence so as to ensure that such persons comply with our legal and regulatory obligations related with the security of personal data and for that purpose we put in place relevant contractual documentation.

11. How long we keep your personal data

We keep records of your personal data that are maintained in both physical and electronic formats. We will keep your personal data for no longer than reasonably necessary for the purposes originally collected. In particular, once our business relationship has ended, we may keep your personal data for up to seven (7) years. After the expiration of this timeframe, we shall erase and/or destroy your personal data via secured procedures in order to ensure that the recovery of such personal data with technical and/or other means will not be possible.

However, we may keep your personal data for longer than 7 (seven) years if:

• we are required to do so according to our regulatory or professional indemnity obligations;
• where we deem it necessary to retain your personal data to protect ourselves from any legal claim or dispute relating to the services and/or products we provide to you; and
• where we cannot delete the data for technical reasons.

If we do so, we will make sure that your privacy is protected and that your personal data is only used for those specific purposes. Under such circumstances, we shall determine the appropriate retention period, by taking into account, among others, the amount, nature and sensitivity of the personal data and the purposes for which we will process your personal data and whether we are able to achieve those purposes by other means, and the applicable legal requirements.

After the expiration of such time period, we shall destroy your personal data without further notice or liability.

12. Your rights

You have certain rights in relation to your personal data, which are:

(a) Right of access

You are entitled to obtain from us confirmation as to whether or not we process personal data concerning you and, if we are, you can request access to such personal data and details on how we process your personal data, including information on the purposes of the processing, the categories of personal data concerned and the recipients to whom the personal data have been or will be disclosed.

If requested, we will provide you with a copy of your personal data we hold about you, without any cost provided that this will not adversely affect the rights and freedoms of others. For any further copies requested, we may charge a reasonable fee based on administrative costs.

(b) Right to Rectification

You are entitled to obtain from us without any undue delay the rectification of inaccurate personal data. By taking into account the purposes of the processing, you can request that any incomplete personal data we hold about you to be completed, for instance by providing a supplementary statement.

(c) Right to erasure ("right to be forgotten")

You are entitled to ask us to delete or remove any personal data concerning you without any undue delay, provided that one of the following grounds applies:

• your personal data is no longer required in relation to the purposes for which they were originally collected or processed;
• we processed your personal data unlawfully;
• we are legally obliged to erase your personal data;

(d) Right of restriction of processing

You are entitled to request the suspension of the processing of your personal data, where one of the following applies:

• you contest the accuracy of your personal data, for a period enabling to verify the accuracy of your personal data;
• the processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
• you have objected to processing (right of objection) pending the verification whether our legitimate grounds override yours.

(e) Right to object

You can ask us to stop processing your personal data at any time and we will proceed accordingly, if:

• we are relying on a legitimate interest (or that of a third party) to process your personal data, except where we can demonstrate compelling legitimate grounds for such processing, which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims;
• your personal data are processed for direct marketing purposes including profiling to the extent that is related to such direct marketing.

Where you object to our processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

(f) Right to data portability

You can request from us to provide you with your personal data which you may have provided to us in a structured commonly used and machine-readable format and to transmit these elsewhere or to ask us to transfer them, where technically feasible, to a third party of your choice, without hindrance from us, where:

• Our processing is based on your consent; and
• We carry out such processing by automated means.

However, please note that under all circumstances, the exercise of your right to data portability shall not, in any circumstances, adversely affect the rights and freedoms of others.

(g) Right to lodge a complaint

Where you have any concerns about any aspect of our Privacy Policy or want to file a complaint, you can contact us at [email protected].

13. Automated decision-making including profiling

In general, we do not apply automated decision making and do not decide about you using automated means.

14. Confidentiality and Security

Our employees and/or our Associates and/or other third parties with whom we collaborate in order to fulfill our contractual obligations under our engagement, are and will be obliged to confidentiality and compliance requirements in accordance with data protection legislation.

We are dedicated to keeping your personal data secured and we have taken all appropriate and suitable technical and/or organizational and/or physical and/or other security measures to safeguard against unauthorized or unlawful processing or accidental disclosure of, or access to your personal data and against accidental loss or destruction of, or damage to and/or to other unlawful forms of processing of your personal data.

We will do our best to protect your personal data; however the electronic transmission of information, including the use of Internet or email communication, cannot be guaranteed to be secured or virus/error free and hence such information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or otherwise be adversely affected or unsafe to use.

15. Cookies

(a) General

Our Website uses cookies to make it work better in order to improve our services and your experience on our Website. Cookies are small data files that are downloaded to a user's computer, phone or tablet when visiting a website. Each cookie is unique to your web browser. It will contain, for example, some anonymous information, such as a unique identifier, the site name and some digits and numbers.

(b) What cookies our Website uses

• Strictly necessary cookies. These cookies are required for the operation of our website, i.e. to enable you to browse our website and use its features. Because these cookies are strictly necessary, we do not need to ask your consent to use them.
• Functionality cookies. These are used to recognize you, when you visit our Website by remembering the choices and preferences when you first visited our website so as to enable us to provide you with enhanced and more personal features, by personalizing our content for you.

What your choices are regarding cookies

You do not have to accept cookies. You are entitled to turn off or delete cookies generated via our Website, by arranging the relevant options of your web browser. These settings will typically be found in the 'options' or 'preferences' menu of your web browser.

Warning: In case where you choose to delete cookies and/or refuse to accept them, you might not be able to use all of our Website's features and our website might not be displayed properly.

16. How to contact us

In case you have any questions, comments, concerns and/or requests regarding this Privacy Policy and/or in case you want to exercise your rights as these are set out in this Privacy Policy contact us at [email protected].

We are committed to address all your requests promptly.

17. Links to third party websites

Our website may contain links to the websites of third parties (hereinafter the "external sites"). Under such circumstances, this Privacy Policy will no longer apply, and the personal data handling practices followed by external sites is not our responsibility. Therefore, we encourage you to consult the external sites' privacy notices which will let you know how your personal data is processed by those entities.

18. Changes to our Privacy Policy

This Privacy Policy may be updated in the future and the updated version will be uploaded in our website and where appropriate, notified to you by e-mail.

Prefer the original document? Download the PDF.

Issuer: Zero Financial Ltd · Company No. 179286 GBC · FSC Mauritius Investment Dealer Licence GB21026308 (Full-Service Dealer Excluding Underwriting, SEC-2.1B) · Global Business Licence FS-4.1.