Zendr Privacy Policy

In this Privacy Notice, we use the following terminology:

• Business User – You are a Business User if you are a Zendr client, typically a small or independent business using Zendr’s QR code solutions to receive payments directly from customers.
• End User – You are an End User if you make a payment to a Business User through Zendr’s services, such as by scanning a QR code technology for account-to-account transactions.
• Zendr Dashboard – The web-based portal available to Business Users, providing real-time access to transaction insights, customer data management, and business performance tracking.

At Zendr, protecting your data is paramount. This Privacy Notice outlines your rights, our responsibilities, and the measures we implement to ensure the privacy and integrity of your personal data throughout your use of our platform. By choosing Zendr, you place your trust in us to handle your information responsibly, and we are committed to honouring that trust every step of the way.

1. Types of Data Collected

Zendr collects both personal and non-personal data to deliver a secure, efficient, and personalized experience. The types of data we collect include:

• Personal Information: This includes names, email addresses, phone numbers, payment details, and other identifiers essential for account setup, authentication.
• Transactional Information: Details of transactions made through Zendr’s platform, including transaction amount, date, merchant information, and associated bank account information, are collected to process payments and provide a record for users.

2. Purpose of Data Collection

Data collection enables Zendr to provide core services and improve functionality. Specific purposes include:

• Service Provision and Maintenance: Data is used to enable transactions, ensure account security, and maintain service functionality.
• User Experience Optimization: : We analyze usage data to refine our platform, address technical issues, and introduce features that enhance the user experience.
• Marketing and Communication: Where permitted, Zendr may use contact information to share updates, offers, and news. Users have the right to opt out of these communications at any time.
• Compliance and Legal Obligations: Data is collected and processed in adherence to legal and regulatory standards, ensuring compliance with industry regulations and safeguarding against fraud.

3. Data Collection Methods

Zendr collects data directly from users and through automated methods:

• Direct Collection: Users provide information through account creation, profile updates, and direct interactions with our platform. This includes any information users voluntarily share with Zendr, such as customer support inquiries.

Data Collection Transparency

• Zendr is committed to informing users about the data we collect. Clear notices and privacy disclosures are provided during account setup and at points where additional information is required.

5. User Control over Data Collection

Users can manage their data preferences, including opting out of certain types of data collection. Zendr respects these preferences while maintaining essential data collection for service provision.

6. Data Minimization and Retention

Zendr follows data minimization principles, collecting only the data necessary for each purpose. Data is retained only for as long as needed for service provision, compliance, or legitimate business purposes.

7. Safeguards for Collected Data

We implement technical and organizational measures to secure collected data. This includes encryption, access controls, and regular audits to prevent unauthorized access or disclosure.

8. Third-Party Data Collection

Zendr may engage trusted third-party service providers to facilitate our services. These partners collect data only as needed and are bound by confidentiality agreements to protect user information.

9. Updates to Data Collection Practices

As Zendr evolves, our data collection practices may change. We will notify users of significant changes to this policy and provide updated information to ensure users remain informed.

1. Purpose of Data Sharing

Zendr shares data only when necessary to provide essential services, meet legal obligations, and enhance user experience. We are committed to ensuring that any third-party access to user data is limited, controlled, and aligns with Zendr’s privacy standards.

2. Authorised Third-Party Sharing

Zendr works with trusted third-party providers who help us deliver high-quality services. Authorised third parties include:

• Moneyhub (Financial Service Partner): Zendr uses Moneyhub’s payment processing and Open Banking services, which require sharing relevant transaction and account information. Moneyhub is FCA-licensed, and data shared with Moneyhub is handled under their [Privacy Policy](Link to Moneyhub Privacy Policy).
• Google Analytics (Usage Analytics): To understand and improve user experience, Zendr uses Google Analytics to collect anonymised data on user interactions with our platform. This data allows us to make informed decisions on improving Zendr’s performance and functionality.

3. Data Sharing for Legal and Regulatory Compliance

Zendr may be required to share user data with third parties, such as law enforcement agencies or regulatory authorities, to comply with legal requirements. This includes situations such as responding to subpoenas, court orders, or other lawful requests for information. Zendr will disclose data only to the extent necessary to fulfil these obligations and will always prioritise user privacy within legal constraints.

4. Conditions for Data Sharing with Other Third Parties

Zendr may share data with other trusted third-party partners when required to support our services, but only as allowed by law. When data sharing occurs under these circumstances:

• Consent-Based Sharing: To understand and improve user experience, Zendr uses Google Analytics to collect anonymised data on user interactions with our platform. This data allows us to make informed decisions on improving Zendr’s performance and functionality.
• User Control Over Shared Data: Zendr provides users with options to manage their data sharing preferences where applicable, such as marketing-related sharing.

5. Data Minimisation and Anonymisation

Wherever possible, Zendr minimises the data shared with third parties. Non-essential or sensitive data is anonymised or aggregated, ensuring individual privacy while allowing necessary insights for service improvements.

6. Safeguards and Accountability

Zendr carefully selects third-party partners based on their data security practices and compliance with privacy standards. Data shared with third parties is protected by contractual agreements, ensuring data handling aligns with Zendr’s commitment to user privacy and legal obligations.

7. Transparency and Policy Updates

Zendr is committed to transparency in its data sharing practices. As our service partners evolve or regulatory standards change, this Data Sharing Policy will be updated to reflect current practices. Users will be notified of significant changes to maintain full transparency and trust.

1. Right to Access

Users have the right to request access to their personal data that Zendr collects, processes, and stores. Upon request, Zendr will provide a summary of the personal information, including how it is used, shared, and retained.

2. Right to Rectification

Users are entitled to correct any inaccuracies in their personal data. Zendr will promptly address and rectify any errors in personal information, ensuring accuracy and relevance to enhance user experience.

3. Right to Data Portability

Users may request to receive a copy of their personal data in a commonly used, machine-readable format.

4. Right to Erasure (Right to be Forgotten)

Users can request the deletion of their personal data under certain conditions. Zendr will securely erase data, except where legal obligations or legitimate interests require retention. This ensures that users maintain control over their information.

5. Right to Restrict Processing

Users have the right to request that Zendr limits the processing of their personal data in specific circumstances, such as during a dispute over data accuracy or pending data erasure. We will comply with such requests while ensuring service continuity.

6. Right to Object to Processing

Users may object to the processing of their data for specific purposes, such as marketing communications. Zendr respects user preferences and provides easy options to opt out, prioritizing user autonomy and preferences.

7. Right to Withdraw Consent

Where data processing is based on user consent, users have the right to withdraw their consent at any time. Zendr provides a straightforward process for users to manage their consent preferences.

8. Right to Non-Discrimination

Zendr upholds a policy of non-discrimination, ensuring that users who exercise their data rights are not subject to any adverse treatment or reduced service levels.

1. Purpose-Based Retention

Zendr retains user data to provide services, enhance user experience, meet regulatory obligations, and maintain operational records. Each type of data is retained only for as long as needed for its intended purpose, with clearly defined retention periods.

2. Data Retention Periods

Different data categories have distinct retention requirements, tailored to specific business and legal needs:

• Account Information: Personal information, such as names, emails, and account details, is retained for as long as the user maintains an active account with Zendr. If an account is deactivated, this information is securely archived or deleted based on our data retention schedule.
• Transaction Data: To comply with financial and regulatory requirements, transaction records are retained for a specified period after each transaction. Zendr adheres to industry standards to ensure transactional data is stored securely and accessible for reference as required.
• Usage and Analytics Data: Aggregated and anonymised data used for analytics and platform improvement may be retained indefinitely to enhance user experience while maintaining user privacy. This data does not identify individual users.

3. Legal and Compliance Retention

Zendr may retain certain data as required by applicable laws and regulatory requirements. For instance, data may be kept to fulfil anti-money laundering (AML) regulations, or government reporting standards. Data retained for compliance purposes is protected by strict access controls and securely deleted once legal obligations are met.

4. Data Deletion and Secure Disposal

Once data is no longer necessary for its intended purpose, Zendr follows secure data deletion protocols:

• User-Initiated Deletion: Users may request the deletion of their data, subject to legal or operational limitations. Zendr will honour these requests and securely erase the data from our systems wherever possible.
• Secure Disposal: Zendr applies industry-standard security measures for data disposal, ensuring that deleted data is permanently removed from our systems and is unrecoverable.

5. User Control and Data Retention Preferences

Zendr provides users with options to manage certain retention aspects, such as account deletion or adjustment of data sharing preferences. Users can review and update their data retention preferences by emailing privacy@zendrapp.com.

6. Regular Policy Review and Updates

Zendr regularly reviews and updates this Data Retention Policy to reflect changes in legal requirements, industry standards, and best practices. Any significant changes will be communicated to users, ensuring transparency and alignment with evolving privacy expectations.

1. Encryption and Data Security

Zendr uses industry-standard encryption protocols to protect user data in transit and at rest:

• Data in Transit: All data exchanged between users and Zendr’s servers is encrypted using secure socket layer (SSL) technology, preventing unauthorised access during transmission.
• Data at Rest: Sensitive information stored in Zendr’s databases is encrypted to protect data integrity and privacy, adding an extra layer of security for stored information.

2. Access Controls and Authentication

Zendr restricts access to user data to authorized personnel only:

• Role-Based Access: Zendr employs a role-based access control (RBAC) system, ensuring that only employees with a legitimate need have access to specific data.
• Multi-Factor Authentication (MFA): For critical systems, Zendr uses multi-factor authentication to verify user identity and prevent unauthorized access.

3. Network Security and Monitoring

Zendr’s infrastructure is designed with strong network security measures to detect and prevent unauthorized access.

4. Data Minimisation and Retention Controls

Zendr adheres to data minimisation principles, collecting only the data necessary for service delivery. Data is retained only as long as needed, with secure deletion protocols for data that is no longer required. This minimises data exposure and enhances privacy

5. Policy Review and Updates

Zendr regularly reviews and updates this Data Protection Measures Policy to reflect advancements in technology, industry standards, and regulatory requirements. We communicate major policy updates to ensure transparency and uphold our commitment to user data protection.