ZEPTO PRIVACY POLICY

Your privacy is important to us. In this Privacy Policy, we aim to help you understand how Zepto Payments Pty Ltd and Zepto Payments (NZ) Ltd (“Zepto,” “we,” “us,” “our”) collects and uses information, and the choices you have about your information. This Privacy Policy applies to all websites operated by Zepto, including www.zepto.com.au and www.zepto.co.nz (the “Sites”), and Zepto’s services, including our web service and APIs (collectively, together with the Sites, the “Services”).

1. INFORMATION WE COLLECT

We may collect different types of information about you depending on the Services you use, how you use them, and the information you provide to us, as set forth below.

1.1 Information you provide to us

We may collect certain information about you as you use the Services or when you otherwise interact with or communicate with us. This information includes:

  • Identification and contact information, such as the name, postal or email address, and date of birth you provide when applying for an account at Zepto;
  • Financial information, such as financial account and other payment information, provided to facilitate transactions through the Services;
  • Customer service interaction information, such as the messages you submit to us to inquire about the Services or to get technical support; and
  • Survey/feedback information, such as information that you share in connection with surveys/requests for feedback that we send.

You may choose whether or not to provide this type of information to us. However, if you choose not to provide certain necessary information, you may be unable to use our Services.

1.2 Information we collect automatically as you use the Services

We and our service providers use a variety of third-party technologies, including cookies and similar tools, to automatically collect certain information when you use our Services. The types of information we collect using such technologies include:

  • Log files. As you use our Services, we automatically record information in log files. These log files may include information such as your web or content requests, IP address, browser type and settings, referring/exit pages and URLs, number of clicks, date and time stamp information, language preferences, data from cookies and similar technologies, and other such information.
  • Service metadata. We collect metadata that provides high-level information about how you interact with the Services, such as the names of pages on the Sites that you visit or parts of our app that you access, frequency and duration of use, and other information.
  • Information from cookies and similar technology. As you use the Services, we and our service providers use a variety of technologies, including cookies and similar technology, to assist in collecting information about how you access and use the Services. Such information may include your operating system, your IP address, browser type and language, referring pages and URLs, keywords, date and time, what sections of our Sites you visit or use, device identifiers such as MAC address, carrier and country location, hardware and processor information, network type, and similar data (collectively, the “usage information”). We also work with third-party partners that use cookies to collect usage information to allow us to better understand how users interact with the Services. For more information about how we use cookies and similar technology, please see the section titled “Cookies and Online Analytics” below.

1.3 Information we collect from other sources

We may collect information about you from other sources, such as publicly available sources, social media when you interact with our social media pages, anti-fraud services, risk scoring services, sanctions and adverse media watchlists and others. If you are an end user of Zepto’s customer, we may collect information about you for our customer and from the other sources listed in this section 1.3.

1.4 De-Identified Information

We may de-identify and/or aggregate any information we collect so the information cannot reasonably identify you or your device, or we may collect information that is already in de- identified form. Our use and disclosure of de-identified information is not subject to any restrictions under this Privacy Policy, and we may use and disclose it to others for any purpose, without limitation.

2. HOW WE USE YOUR INFORMATION

We may use the information we collect to:

  • Provide, maintain, and operate the Services;
  • Improve the Services and develop new features and services;
  • Respond to your inquiries;
  • Respond to enquiries from Zepto’s customers (if you are an end user of Zepto’s customer);
  • Respond to enquiries from other financial institutions or services providers who are involved in payment instructions that are processed through the Services;
  • Provide technical support and assistance;
  • Communicate with you about the Services, including to provide you with service-related communications, inform you of new products or features, or solicit feedback about the Services;
  • Send you marketing communications about our products and servicesas permitted by local law and consistent with your preferences;
  • Engage in analysis, research, and reports regarding use of the Services;
  • Protect and secure the Services and our users;
  • Establish, exercise, or defend our legal rights, including to enforce compliance with our Terms of Service and Privacy Policy;
  • Comply with applicable laws, regulations, codes, subpoenas, governmental requests or legal process, or in connection with a legal or regulatory investigation. For example, under anti-money laundering and counter-terrorism financials laws, we are required to collect or disclose information about you;
  • Prevent, detect and investigate any actual or suspected fraud, crime, non-compliance with laws;
  • Comply with our legal obligations towards our payment infrastructure providers and licence holders; and
  • Processing your information for other purposes following your specific consent.

3. HOW WE SHARE YOUR INFORMATION

We may share your information with entities outside of Zepto only as follows:

  • Service Providers. We may share or provide access to your information with external service providers that use such information only to perform services on our behalf, such as supporting the operation of our Services, advertising and marketing our Services, analytics, research, data storage, security and compliance solution providers.
  • Third-party applications, with your consent. Zepto allows you to authorise the connection to and automated exchange of data with third-party applications. We will share data with such applications with your authorization.
  • With other parties, with your consent. We may share information with others when we have your consent to do so, including when you direct us to share information, such as contact and banking details, with your contacts (as identified by a verified email, mobile phone number or account numbers).
  • Business transfers. If the ownership of all or substantially all of our business changes, we may transfer your information to the new owner. In such case, your information would remain subject to the promises and commitments contained in this Privacy Policy until such time as this Privacy Policy is updated or amended by the acquiring party upon notice to you. If such transfer is subject to additional mandatory restrictions under applicable laws, Zepto will comply with such restrictions.
  • Entities for legal and safety purposes. We may disclose the information we collect where we have a good faith belief that such disclosure is: (a) required by law (or to respond to subpoenas, warrants, government requests, or similar process served on us), or b) reasonably necessary to protect the property or rights of Zepto, third parties or the public at large.

4. SECURITY OF YOUR INFORMATION

We maintain a variety of security measures to protect your information from loss, misuse and unauthorized access, disclosure, alteration and destruction. However, as no method of internet transmission is completely secure, we cannot guarantee the security of your information.

When registering for an account through the Services, it’s important that you select a strong password and do not share it with others. Alert us immediately if you have any concerns about unauthorized use of your account.

5. DATA RETENTION

We retain information for different periods of time depending on the purposes for which we collect and use it, as described in this Privacy Policy. We will delete or de-identify information when it is no longer needed to fulfill these purposes, unless a longer retention period is required to comply with applicable laws.

6. CHILDREN’S INFORMATION

Our Services are intended for general audiences and are not directed at children. If we become aware that we have collected data without legally valid parental consent from children under an age where such consent is required, we will take reasonable steps to delete it as soon as possible.

7. THIRD-PARTY SERVICES

The Services allow you to connect to, and exchange data with, third-party applications, and may also contain links to third-party sites and services. We have no control over these third-party services, and as such, we are not responsible for their privacy policies or practices. You should check the applicable third-party privacy policy and terms of use before providing information or authorising the exchange of information with any third-party site or service.

8. COOKIES AND ONLINE ANALYTICS

A cookie is a small text file that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. Zepto uses cookies and similar technologies to help identify and track visitors, analyze usage of the Services, and remember access preferences. Please note that you can change your browser settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information. Note, however, that if you choose to block cookies, certain features of the Sites may not function properly or may be inaccessible altogether.

9. INTERNATIONAL USERS

9.1 International data transfers

The Services are operated from Australia. If you are located outside of Australia, please be aware that any information you provide to us and/or that we collect from you, including personal data, will be transferred from your country of origin to Australia, which may have different data protection laws than your jurisdiction. We may also transfer information that we collect about you to our affiliates and/or third party processors located in other jurisdictions around the world. In such cases, where required by law, Zepto puts into place safeguards to ensure adequate protection of your data, such as standard contractual clauses approved by the particular jurisdiction. Where permitted by law, we may also transfer data to other jurisdictions with your consent.

9.2 Legal bases

The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to process your information. Our legal bases for processing your information as described in this Privacy Policy are as follows:

  • Where use of your information is necessary to perform our obligations under a contract or commitment to you, such as when we process your information to provide Services you have requested, or to comply with our Terms of Service.
  • Where use of your information furthers our legitimate interests or the legitimate interests of others, such as operating and securing our Services, defending our legal rights, and preventing fraud.
  • Where we use your information to comply with applicable legal obligations, such as recordkeeping for tax and auditing purposes.
  • Where you have consented to our processing of your information for a particular purpose.

10. YOUR RIGHTS AND CHOICES

10.1 Email marketing

If you do not wish to receive emails from us, please click the “Unsubscribe” link located on the bottom of any Zepto marketing email and follow the instructions found on the page to which the link takes you. Please note that processing your request will take
some time, in accordance with our legal obligations. You cannot opt out of receiving transactional emails related to the Services, which communicate important information about the Services or legal notices to you.

10.2 Requests regarding your information

Depending on your jurisdiction of residence, you may have certain rights with respect to your information, including the right to correct, amend or delete your information. If you would like to exercise your rights under applicable law, please email us at privacy@zepto.com.au with your name, the email address you used to register with Zepto, and a description of your request. We may request additional information to verify your identity, and will respond to your request as required by applicable law in your jurisdiction. Please allow us a reasonable time to respond to your inquiries and requests.

10.3 Do Not Track

At this time, Zepto does not monitor, recognize or honor any opt-out or do not track mechanisms including general web browser “Do Not Track” settings and/or signals.

10.4 Privacy Complaints

Depending on your residence of jurisdiction, you may have the right to lodge a complaint with your local supervisory authority related to our privacy practices. We urge you to contact us using the information in the “Contact Us” section below prior to lodging
a formal complaint to allow us the opportunity to address your concerns. More information about Australia’s privacy laws may be found at the Australian Privacy Commissioner’s website at: www.privacy.gov.au.

11. PRIVACY POLICY CHANGES

This Policy is effective as of the “Last Updated” date posted at the top of this page. We may change this Policy from time to time and will post any changes on this page as soon as they go into effect, and/or provide additional notice as required by applicable law. By accessing the Services after we make any such changes, you are deemed to have accepted such changes. Please refer back to this Privacy Policy on a regular basis.

12. CONTACT US

If you have any questions, concerns, or complaints about Zepto’s Privacy Policy or information handling practices, please contact us:

3/66 Centennial Circuit, Byron Bay, NSW 2481, Australia