Privacy Policy

Data Privacy and Protection Policy

Last Updated: Feb 13，2025

This page contains the official Zerocap Privacy Policy.

The document below outlines our policies and procedures on the collection, use, and disclosure of your information when you use our services, and tells you about your privacy rights and how the law protects you.

Download Official Privacy Policy (PDF)

1. Purpose

Zerocap Pty Ltd (ABN 99 164 874 597) (“Zerocap”, “we”, “us”, or “our”) is committed to protecting the personal and customer data we collect, process, store, and dispose of. This policy defines Zerocap’s approach to:

• Handling personal and customer data
• Complying with privacy laws including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• Meeting our regulatory, legal, and customer contractual obligations
• Outlining the rights of individuals (data subjects)
• Guiding internal staff and contractors on appropriate data handling practices
• Communicating our privacy practices to clients and customers

This policy covers both internal data governance and external client service operations.

2. Scope

This policy applies to Zerocap, as the parent company, and extends to all of its subsidiary entities. It covers all departments and information assets across the group. These assets include information, data, documents, hardware, software, systems, mobile devices, laptops and workstations that are provided, managed or maintained by, or on behalf of, Zerocap or its subsidiaries, regardless of location.

In terms of location, this procedure applies primarily to operations in Australia and Hong Kong.

This policy also applies to all employees and third parties who have access to Zerocap’s information systems and assets. This includes, but is not limited to, contractors, consultants, suppliers, vendors, partners and customers. For the purposes of this document, all such individuals are collectively referred to as “Users”.

3. Data Collection and Types of Personal Information

3.1 What We Collect

Zerocap may collect the following types of personal information relating to Customers:

• Identity Information: Full name, date of birth, address, contact details
• Verification Documents: Passport, driver’s licence, utility bills, bank statements
• Financial Information: Transaction history, source of funds, income details
• Online Identifiers: IP addresses, device IDs, browser type
• Usage Data: Website/app usage, behavioral analytics, cookies
• Communications: Emails, support tickets, online form submissions

We may also collect anonymised or aggregated data for analytical and service improvement purposes.

3.2 How We Collect Data

Personal information is collected:

• Directly from clients during service setup or operation
• Directly from customers on behalf of clients
• Via client systems and APIs that Zerocap is granted access to
• Automatically through Zerocap-managed systems, websites, and applications (e.g., cookies, tracking technologies)

4. Purpose of Data Collection and Use

Zerocap only collects, uses, and discloses personal information for purposes that are lawful, fair, and directly related to our business operations or as required by law.

Primary purposes include:

• Delivering services to Clients
• Conducting identity verification and KYC/AML compliance checks
• Processing transactions
• Managing client and customer relationships
• Detecting and preventing fraud and financial crime
• Handling inquiries, complaints, or disputes
• Conducting system monitoring and service improvement
• Meeting regulatory, legal, and contractual obligations

We will not use personal information for unrelated secondary purposes unless consent is obtained or permitted by law.

5. Privacy Notices and Customer Transparency

5.1 Privacy Notice Provision

Before collecting personal information, Zerocap (or the Client on our behalf) will provide clear privacy notices explaining:

• Purpose of collection
• Types of information collected
• How the information will be used and disclosed
• Customers’ rights regarding access, correction, and deletion
• Contact information for privacy inquiries

Our Privacy Notice is published on the Zerocap website and reviewed annually.

5.2 Annual Privacy Notice Review

Zerocap’s external Privacy Policy and Privacy Notices are reviewed and updated at least once per year to reflect changes in business practices, laws, or regulatory requirements.

6. Data Access, Minimisation, and Use Limitations

6.1 Data Access and Handling

• Access to personal data is restricted to authorised personnel who require it for their job functions
• Access controls, authentication measures, and regular access reviews are in place

6.2 Data Minimisation

Zerocap only collects and retains the minimum personal information necessary to fulfill the stated business purpose.

6.3 Purpose Limitation

Personal information is only used for the stated purposes at the time of collection, or as permitted under law or with explicit consent.

7. Data Quality and Accuracy

We take reasonable steps to ensure the personal information we hold is accurate, complete, and up to date. Clients and Customers are encouraged to notify Zerocap of any changes.

8. Data Retention and Secure Disposal

8.1 Retention

Personal information is retained only as long as necessary for:

• Service delivery
• Legal, regulatory, and business record-keeping purposes

8.2 Secure Disposal

When no longer required, personal information is securely destroyed or permanently de-identified via:

• Shredding of paper records
• Secure deletion from electronic storage
• Deletion from cloud environments following documented processes

Backups containing personal data are deleted according to Zerocap’s backup retention schedule.

9. Security and Protection Measures

Zerocap takes reasonable and proportionate steps to protect personal information from loss, unauthorized access, misuse, or disclosure. Measures include:

• Role-based access control (RBAC)
• Multi-factor authentication (MFA)
• Data encryption (in transit and at rest)
• Firewalls and intrusion detection systems
• Regular vulnerability management and patching
• Secure software development and deployment practices

We also conduct regular staff training on data privacy and security obligations.

10. Data Sovereignty

Zerocap will not transfer personal information outside Australia unless:

• Directed to do so by the Client; or
• The recipient jurisdiction has privacy protections substantially equivalent to the APPs; or
• Adequate contractual, technical, and organizational safeguards are in place

Any non-personally identifiable analytics data (e.g., website usage statistics) may be processed or stored in external locations.

11. Disclosure of Personal Information

Zerocap may disclose Customer personal information:

• To Clients as part of delivering services
• To approved service providers bound by confidentiality agreements
• To government bodies, regulators, courts, or law enforcement, where required by law
• To prevent fraud, money laundering, or other unlawful activities
• During business transfers (e.g., mergers, acquisitions), in line with privacy law

We will not sell or share personal information for direct marketing by third parties.

12. Data Subject Rights: Access, Correction, and Deletion

12.1 Access and Correction Requests

Customers have the right to:

• Request access to their personal information
• Request corrections to inaccurate, incomplete, or outdated data

How to Make a Request: Customers should first contact the Client. If unresolved, Customers can contact Zerocap directly at [email protected].

12.2 Data Deletion Requests

Zerocap will process deletion requests in line with:

• Legal and regulatory obligations
• Contractual commitments with Clients
• Our internal Data Subject Request (DSR) process

All requests and outcomes are logged.

13. Privacy Inquiries and Complaints

If you have a question, concern, or complaint regarding Zerocap’s handling of personal information:

Contact: Privacy Officer Email: [email protected]

Zerocap will investigate all privacy complaints and aim to resolve them within a reasonable timeframe. If you are not satisfied with our response, you can escalate the complaint to the Office of the Australian Information Commissioner (OAIC).

14. Cookies and Online Tracking

Zerocap uses cookies and similar technologies on our websites and systems to:

• Improve user experience
• Analyse site usage
• Support security measures

You can manage cookie preferences through your browser settings.

15. Monitoring, Review, and Enforcement

15.1 Monitoring

Zerocap monitors privacy compliance through:

• Internal audits
• Access reviews
• Breach detection and incident response processes

15.2 Policy Review

This policy is reviewed annually and updated as required.

15.3 Enforcement

Violations of this policy by employees, contractors, or third parties may result in disciplinary action, up to and including termination of employment or contract.

16. Training and Awareness

All Zerocap staff and contractors receive regular training on:

• Privacy principles
• Data protection controls
• Handling of personal information
• Breach reporting obligations

17. Contact Information

Privacy Officer Zerocap Pty Ltd

Email: [email protected]

Website: https://zerocap.com

18. Records

Sr.	Title	Document Number
1	Data Privacy and Protection Policy	ZC-CMP-01
2	Data Retention and Disposal Policy	ZC-CMP-02
3	Terms of Service and Client Communication Policy	ZC-CMP-03
4	Risk Management and Assurance Policy	ZC-CMP-04