Updated: October 5th, 2023
WHO IS ZŪM RAILS
Zūm Rails is a financial interaction tool that helps streamline digital transactions between multiple payment rails to ensure the simplest and most secure experience with your chosen business.
About this Policy
The purpose of this Policy is to provide a direct and straightforward explanation of the information Zūm Rails collects from and about end users (“End User Information”), and how we use and share that information. We value transparency and want to provide you with a clear and concise description of how we treat your End User Information.
Please note that this Policy only covers the information that Zūm Rails, uses, collects and shares. Zūm Rails does not sell any personal information and ensures that your information is kept secure This Policy also does not cover any websites, products, or services provided by others.
What information do we collect about you?
“Personal Data” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data from Zūm Rails aggregation.
“Anonymous Data” means data that is not associated with or linked to your Personal Data; Anonymous Data does not, by itself, permit the identification of individual persons. This includes financial interactions that occur on the Zūm Rails platform. You can browse our website without telling us who you’re or revealing any Personal Data about yourself. However, once you have given us your Personal Data, we may collect and store this information.
We may collect and store the following Personal Data:
- e-mail address, phone number and physical contact information;
- transactional information based on your activities on the Website (such as buying, selling, products and content you generate or that relates to your account);
- billing and other information you provide to purchase a product;
- community discussions, chats, dispute resolution, correspondence through our Website, and correspondence sent to us;
- other information from your interaction with our Website, Services, and content, including device ID, computer and connection information, statistics on page views, traffic to and from the sites, IP address and standard web log information;
- additional information we ask you to submit to authenticate yourself or if we believe you’re violating site policies (for example, we may ask you to send us your ID or bill to verify your address);
- information from other companies, such as demographic and navigation data;
- if you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail, in order to send you a reply; and
- other supplemental information from our third-party affiliates.
- transactional data based on your activity within the Zūm Rails environment.
Information collected from your financial accounts and transactions.
The information Zūm Rails receives from the financial product and service providers that maintain your financial accounts varies depending on a number of factors, including without limitation, the specific services developers use, as well as the information made available by your bank. In general, Zūm Rails collects the following types of identifiers, commercial information through our partners, and other personal information from your financial product and service providers:
- Account information, including financial institution name, account name, account type, account ownership, branch number, IBAN, BIC, account number, routing number, and sort code;
- Information about an account balance, including current and available balance;
- Information about credit accounts, including due dates, balances owed, payment amounts and dates, transaction history, credit limits, repayment status, and interest rates;
- Information about loan accounts, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms;
- Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
- Identifiers and information about the account owner(s), including name, e-mail address, phone number, date of birth, and address information;
- Information about account transactions, including amount, date, payee, type, quantity, price, location, involved securities, and a description of the transaction; and
- Professional information, including information about your employer, in limited cases where you’ve connected your payroll accounts or provided us with your pay stub information.
The data collected from your financial accounts includes information from all accounts (e.g. checking, savings, and credit card) is accessible through a single set of account credentials.
Zūm Rails will store transactional data that takes place on our platform for better understanding of the risks and modeling of payments on our rails. Your transactional data will be used anonymously to help structure new products for Zūm Rails.
Information we receive about you from other sources.
We also receive identifiers and commercial information about you directly from the relevant developer or other third parties, including our service providers, bank partners, and identity verification services. For example, developers may provide information such as your full name, e-mail address, phone number, or information about your financial accounts and account transactions, and our bank partners or service providers may provide information such as the status of a transaction you have initiated.
We may also share your Personal Data with:
- Service providers under contract who help with our business operations (such as identity verification, fraud investigations, bill collection, affiliate and reward programs);
- If the software licensor opts to use an alternative payment partner for subscription billing, Zūm Rails reserves the right to share payment data with the alternative provider. Sharing of information will be governed by the Credit Card Data Portability Standard and will only be done with a PCI DSS Level-1 compliant service provider;
- Other third parties to whom you explicitly ask us to send your information (or about whom you’re otherwise explicitly notified and consent to when using a specific service);
- Law enforcement, legal, governmental or regulatory agencies with proper jurisdiction, or authorized third parties, in response to a verified request relating to a criminal investigation or alleged illegal activity or any other activity that may expose us, you, or any other End User to legal liability. In such events, we will disclose information relevant to the investigation, such as name, city, state, ZIP code, telephone number, e-mail address, User ID history, IP address, fraud complaints, bidding and listing history, and anything else we may deem relevant to the investigation;
- Other business entities, should we plan to merge with or be acquired by that business entity, or any parent company, subsidiaries, or other companies under a common control. (Should such a combination occur, your Personal Data shall be governed by the policy of the new combined entity); and
- With your written consent.
In the event of an insolvency, bankruptcy or receivership, your Personal Data may also be transferred as a business asset.
How do we use the information we collect?
Our primary purpose in collecting Personal Data is to provide you with a safe, smooth, efficient, and customized experience when completing financial transactions through Zūm Rails.
In general, you can visit the Zūm Rails websites without telling us who you are or submitting any information about who you are. We collect the IP (Internet protocol) addresses of all visitors to our websites and other related information such as page requests, browser type, operating system and average time spent on our website. We use this information to help us understand our website activity and to monitor and improve our websites.
We do not send marketing emails to our end users and comply with CASL (Canadian users only)
Cookies and Website Data
Cookies, web beacons, pixel tags or other technologies may be used by Zūm Rails on the websites governed by this Policy. Cookies are small text files that are stored in a computer’s browser directory. They help site providers with things like understanding how people use a site, remembering a user’s login details, and storing site preferences.
- Strictly necessary cookies. These are cookies that are required for the operation of our websites. They include, for example, cookies that enable you to log into secure areas of our website.
- Functionality cookies. These cookies are used to recognize you when you return to our websites. This enables us to customize your online experience (for example, by remembering your choice of language or region).
- Analytical cookies. We may use a third party such as Google Analytics to help us gather and analyze information about the areas visited on the websites (for example, the pages most read, time spent, search terms and other engagement data) in order to evaluate and improve the user experience and the websites. For more information or to opt out from using the Google Analytics opt-out browser add-on, see “How Google uses data when you use our partners’ sites or apps”.
- Advertising cookies. These cookies help us make the advertising displayed to you more relevant to your interests and to help us measure the effectiveness of our advertising on other websites. Please see “Interest-Based Advertising / Advertising Cookies” below for more information with respect to our use of advertising cookies and your choices.
- You can choose not to accept cookies by adjusting your browser settings. Certain technologies, like pixel tags, may continue to function even if you turn off cookies in your browser. However, if you choose not to accept cookies, some areas of the websites or our services may not function properly or optimally. If you would like to learn more about how to set your cookie options, please refer to your browser’s documentation or online help for instructions.
Zūm Rails Data Aggregation
Zūm Rails data aggregation retains End User Information for no longer than necessary to fulfill the purposes for which it was collected and used, as described in this Policy, unless a longer retention period is required or permitted under applicable law. As permitted under applicable law, even after you may stop using an application or terminate your account with one or more developers, the data aggregation partner may still retain your information (for example, if you still have an account with another developer). However, your information will only be processed as required by law or in accordance with this Policy.
Please refer to the “Your Data Protection Rights” section for options that may be available to you, including the right to request deletion of End User Information. You can also contact us about our data retention practices using the contact information below.
Your Data Protection Rights
Under applicable law, and subject to limitations and exceptions provided by law, if you are located in the United States, Canada, EEA, or UK, and in certain other jurisdictions, you may have certain rights in relation to the End User Information collected about you and how it is used, including the right to:
- Access End User Information collected about you;
- Request that we rectify or update your End User Information that is inaccurate or incomplete;
- Request, under certain circumstances, that we restrict the processing of or erase your End User Information;
- Object to our processing of your End User Information under certain conditions provided by law;
- Where processing of your End User Information is based on consent, withdraw that consent;
- Request that we provide End User Information collected about you in a structured, commonly used and machine-readable format so that you can transfer it to another company, where technically feasible; and
- File a complaint regarding our data protection practices with a supervisory authority (if you are in the EEA or UK, please refer to the following link for contact details: EEA—https://edpb.europa.eu/about-edpb/board/members_en and UK—www.ico.org.uk).
Under the California Consumer Privacy Act (“CCPA”), and subject to certain limitations and exceptions, if you are a California resident, you may have the following rights with respect to End User Information we have collected about you that constitutes personal information under the CCPA:
- To request access to more details about the categories and specific pieces of personal information we may have collected about you in the last 12 months (including personal information disclosed for business purposes);
- To request deletion of your personal information;
- To opt-out of any “sales” of your personal information, if a business is selling your information; and
- To not be discriminated against for exercising these rights.
To exercise your access or deletion rights, where applicable, you can submit a request via email to firstname.lastname@example.org. You may be required to provide additional information necessary to confirm your identity before we can respond to your request.
We will consider all such requests and provide our response to your request within 45 days (or within any time period required by applicable law). Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims.
How does Zūm Rails keep your Data Secure?
Zūm Rails takes the protection of customer data extremely seriously. Industry standard technical measures and procedures are in place to prevent unauthorized or unlawful access to data and against accidental loss or destruction of, or damage to, data.
These measures include industry-standard encryption, physical access security, secured networks and servers, anti-virus protection, vulnerability scans, penetration testing, firewalls, intrusion detections, defense monitoring and other appropriate technology.
Zum Rails complies with all required PCI standards and maintains SOC 2 (Type 2) compliance.
Strict internal procedures and control mechanisms require that individuals’ access to information is controlled according to job responsibility and legitimate “need to know” circumstances. To the degree reasonably possible, access controls are narrowly defined in order to restrict information access to that which is necessary and consistent with the respective job function(s) of our personnel.
Any suspected attempt to breach our policies and procedures, or to engage in any type of unauthorized action involving our information systems, is regarded as potential criminal activity. All suspected computer mischief will be reported to the appropriate authorities.
Our data protection officer, Marcel Ferreira oversees all internal procedures and control mechanisms related to privacy. If you have any questions or concerns regarding privacy or use of your personal information, please contact email@example.com.
Removing your Personal information
If you want Zūm Rails to delete your personal information, just let us know at firstname.lastname@example.org. If you request to delete your information, Zūm Rails will nonetheless preserve:
- Any information we are legally required to preserve, if applicable;
- Non-sensitive information that we are legally allowed to preserve and that we preserve for your own benefit, for example the information indicating to us that you do not want to be on our e-mailing list.
Changes to This Policy
Zūm Rails may make changes to this Policy from time to time. Any changes will be reflected on this page.
Contacting Zūm Rails
If you have any questions or complaints about this Policy, or about our privacy practices generally, you can contact us email@example.com.