GDPR Compliance

ABOUT ZYKZPURPOSEDATA CONTROLLERLAWFUL BASES FOR PROCESSINGDATA SUBJECT RIGHTSDATA RETENTIONINTERNATIONAL TRANSFERSSECURITY MEASURESCOMPLAINTS

ABOUT ZYKZ

ZYKZ is a trading name of Jigzo, a regulated financial services provider. All regulated services offered under the ZYKZ brand are provided by Jigzo. This GDPR Compliance statement applies to all data processed in connection with ZYKZ's services.

PURPOSE

This statement sets out ZYKZ's commitment to compliance with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU General Data Protection Regulation (EU GDPR). It explains how we fulfil our obligations as a data controller and how we protect the rights of individuals whose data we process.

DATA CONTROLLER

ZYKZ acts as a data controller in respect of the personal data of its corporate customers and their authorised representatives. As data controller, ZYKZ determines the purposes and means of processing personal data and is responsible for ensuring that processing is carried out lawfully, fairly, and transparently.

LAWFUL BASES FOR PROCESSING

ZYKZ processes personal data on the following lawful bases:

Legal obligation (Article 6(1)(c) UK GDPR):

  • Processing is necessary to comply with AML, CTF, and KYB regulatory requirements.

Contract (Article 6(1)(b) UK GDPR):

  • Processing is necessary for the performance of the contract between ZYKZ and the Customer.

Legitimate interests (Article 6(1)(f) UK GDPR):

  • Processing is necessary for fraud prevention, security monitoring, and service improvement, where these interests are not overridden by the rights of the individual.

DATA SUBJECT RIGHTS

Individuals whose personal data ZYKZ processes have the following rights under UK GDPR:

Right of access (Article 15):

  • The right to obtain confirmation of whether personal data is being processed and to receive a copy of that data.

Right to rectification (Article 16):

  • The right to have inaccurate personal data corrected without undue delay.

Right to erasure (Article 17):

  • The right to request deletion of personal data where it is no longer necessary for the purposes for which it was collected, subject to legal retention obligations.

Right to restriction of processing (Article 18):

  • The right to request that processing is restricted in certain circumstances.

Right to data portability (Article 20):

  • The right to receive personal data in a structured, commonly used, and machine-readable format.

Right to object (Article 21):

  • The right to object to processing based on legitimate interests.

To exercise any of these rights, please contact us at support@zykz.com.

DATA RETENTION

We retain personal and business data for a minimum of five years following account closure, in accordance with our legal and regulatory obligations under AML legislation. Data is securely deleted or anonymised once the retention period has elapsed.

INTERNATIONAL TRANSFERS

Where personal data is transferred outside the United Kingdom, ZYKZ ensures that appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority or adequacy decisions where applicable.

SECURITY MEASURES

ZYKZ implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures are reviewed regularly and updated in response to emerging risks.

COMPLAINTS

If you have concerns about how ZYKZ processes your personal data, please contact us at support@zykz.com. If your concern is not resolved to your satisfaction, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters, at ico.org.uk or by telephone at +44 (0)303 123 1113.