Click here for Business Account and Payment Gateway.

Order your ZEN Card in the app.

Do it conveniently in our app. The virtual card will be ready immediately.

Scan to download

Privacy Policy

Download in PDF

1. Introduction

Welcome to the ZEN Privacy Notice. This explains how companies operating within ZEN (“we”, “us” or “our”) are committed to protecting and respecting your privacy.

As part of our business operations, we collect certain personal data from our clients. This Privacy Notice sets out the legal basis for processing any such personal data or personal information that we collect or that you provide us. Please read this notice carefully to understand our practices regarding your personal data or personal information. This Privacy Notice must be considered in conjunction with the Terms and Conditions applicable to each operating jurisdiction. By visiting
zen.com,
https://www.zen.com/pl/,
https://www.zen.com/lt/,
https://www.zen.com/ua/,
my.zen.com,
ask.zen.com
and our ZEN mobile application (“our sites”) you are accepting the practices described in this notice.

2. Who is ZEN?

ZEN consists of several entities set up in the different jurisdictions in which we operate. You will be informed of which entity you have a relationship with when you agree to use/purchase a product or service from us. This entity is known as the “Data Controller” of your personal data. You can click here to find the legal name of our companies, as per the operating jurisdiction.

3. Applicable Data Protection Laws

The applicable Data Protection Laws are:

  • the EU General Data Protection Regulation, and
  • any other applicable Data Protection Law in effect in your country of residence. You can find the applicable Data Protection Laws here

These shall be hereinafter referred to as the (“Regulations”)

4. What data is collected?

Depending on your country of residence, we may collect, use, store, process and transfer the following data about you. Personal data or personal information means any information from which an individual can be identified. It does not include data where an individuals’ identity has been removed (anonymous data) or any data on a legal entity.

Identity data Title, first name, surname, date of birth, nationality, city and country of birth, ID document
Contact data Residential address, email address, telephone numbers
Financial data Financial and credit information
Profile data Username, products used by you, occupation, occupation address, feedback and survey responses
Marketing data Preferences for receiving marketing communications from us or from our third parties
Transaction data Payment details
Technical data The internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
Usage data Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time).

5. How does ZEN collect data?

Direct Interactions Information you give us through the use of our sites and/or our services.

  • You may give us information about you by filling in forms on our sites or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our sites, subscribe to our services, engage in any transaction via our sites or report a problem with our sites.
  • You may give us information relating to beneficiaries, shareholders, trustees and directors so we can deliver our services and be compliant to local laws and regulations. The information you give us may include their name, address, email address and phone number, financial and credit information.
  • You may give us information relating to other accounts held by other financial institutions so we can deliver our services. The information you give us may include the bank code, the bank country, the type of account, the name of the bank and the account number.

You must obtain appropriate consent before disclosing such information to us.

Third Parties or Publicly Available Information
  • When data/information is provided to us by a third party which is connected to you and/or is dealing with us, for example (but not limited to) business partners, sub-contractors, service providers, merchants.
  • Third party sources, for example, register held by governmental agencies or where we collect information about you to assist with compliance and regulatory requirements (e.g. Know Your Customer checks).
  • From banks or other financial institutions during payment operations.
  • From public available sources such as social media websites, websites and company registers worldwide.

We ensure full compliance with regulations irrespective of how we obtain any information.

6. How does ZEN use my data?

We will only use the information you give to us when the applicable law or regulation allows and as described below:

  1. To enter into or perform a contract with you.
  2. To comply with a legal or regulatory obligation as a Data Controller and regulated business:
    1. For the detection and prevention of crime.
  • For compliance with anti-money laundering and counter-terrorism financing regulations.
    1. For compliance with requests for information from law enforcement, courts or regulators.
  1. When we have your clear and unambiguous consent:
    1. When you are an existing client, we will only contact you with information about services similar to those which were the subject of a previous sale or negotiations of a sale to you.
  • When you are a new customer, we will only contact you if you have consented to such. ZEN will also review ‘Do Not Call’ registers to ensure numbers that are listed are not contacted.

You may withdraw this consent at any time by using the links provided at the bottom of marketing emails from us, or by contacting our Data Protection Officer (DPO). This will only affect the way we use personal information when the basis for doing so is your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. If this is the case, we will notify you.

Once we have processed your request, we will cease the relevant collection, use or disclosure, except where the applicable data protection laws permits us to retain data.

  1. To fulfil our legitimate interests or that of a third party, and any such interests are not overridden by your interests or rights in the protection of your personal data.

This table provides information for the legal basis for processing your personal data (depending on your country of residence):

PURPOSE OF THE PROCESSING LEGAL BASIS FOR PROCESSING
To register you as a new customer and to carry out our obligations arising from any contracts entered into between you and us and to provide you with information, products and services that you request from us Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest
To carry out our obligations arising from any contracts entered into between us and third parties relating to the services provided to you Performance of a contract with you; and comply with a legal obligation
To provide you with information about other products and services we offer Necessary for our legitimate interest; deemed consent
To notify you about changes to our service Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest
To respond to any enquiry you have made through our sites, or via phone, email or otherwise Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest
To comply with legal obligations we are subject to as a Data Controller and regulated business Comply with a legal obligation
To help you provide services to your customer Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest
To administer and protect our business and our website (including troubleshooting, data analysis system maintenance, testing, support, reporting and data hosting) Necessary for our legitimate interest; Necessary to comply with a legal or regulatory obligation
To improve our products and services Performance of a contract with you; comply with a legal obligation; necessary for our legitimate interest; and/or consent
Where required, to protect your vital interests or those of another natural person Performance of a contract with you; comply with a legal obligation; and/or necessary for our legitimate interest

7. Does ZEN share my personal data?

Internal Third Parties We may share your personal information with any member of our companies, entities, representative offices, our subsidiaries, our ultimate holding company and its subsidiaries. Any such sharing will be done in full compliance with the Regulation.
External Third Parties
  • Business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you.
  • IT, analytics and search engine providers that assist us in the improvement and optimisation of our sites and delivery of services.
  • Depending on your country of residence and where you provide consent, identity verification services for the purpose of confirming your identity through online applications:
  • Police and law enforcement agencies, where required to do so by law
  • Where under a duty to disclose or share your personal data in order to comply with any legal obligation

8. Where is my data stored and transferred?

We store your data in the European Economic Area (EEA), however some of our external third parties or our staff are based outside of the EEA, so the processing of your personal data may involve a transfer of your data into or outside of the EEA. Whenever we transfer your data, we ensure a similar level of protection is afforded to it by implementing one of the following safeguards:

  • We will transfer your data to countries that have been deemed to provide an adequate level of protection (Adequacy Decision) for personal data by the European Commission
  • The recipient is in a jurisdiction that provides a standard of protection comparable to other data protection acts in scope (see Data Protection Laws [link])
  • Where we use certain service providers or our staff is operating outside of your country of residence, this is done so under relevant data protection laws, supported by specific contracts and/or clause wording approved by the European Commission (Standard Contractual Clauses) which gives your personal data the same protection it has in EEA.

9. How long do you keep my data?

How long we retain your personal information depends on the purpose for which it was obtained and its nature. We will keep your personal information for no more than the time required to fulfil the purposes described in this privacy notice unless a longer retention period is permitted by law.

10. What rights do I have?

Right to be Informed You have the right to be informed about the collection and use of your personal data.
Right of Access You have the right to access your personal data. This is commonly referred to as a Data Subject Access Request.
Right to Data Portability You have the right to ask for the personal information you have made available to us to be transferred to you or a third-party in machine-readable format, where this right is provided under applicable data protection laws. This right may not apply in all jurisdictions and may be subject to legal limitations or exemptions.
Right to Restrict Processing You have the right to request the restriction or suppression of your personal data. Note that this is not an absolute right and only applies in certain circumstances.
Right to Rectification You have a right to request that we correct your personal information where it is inaccurate, incomplete or out of date. We will comply with your request within one month of receiving it, unless we do not feel it is appropriate to do so, in which case we will let you know why.
Right to Object You have the right to object to the processing of your personal data in certain circumstances. You have the absolute right to stop your data from being used for direct marketing.
Right to Erasure You have the right to request that any Personal Data that we hold about you is erased once it is no longer required for the purposes for which it was collected. The right to erasure is also known as ‘the right to be forgotten’.
Rights related to Automated Decision-Making including Profiling If a fully automated decision is made on your account, you have the right to request that this decision be reviewed by a person and present any evidence that you believe supports your challenge of the decision.

11. How do you keep my data safe?

At ZEN, safeguarding your personal data is of the utmost importance. We have implemented a comprehensive range of security measures to protect the confidentiality, integrity and availability of your information. Keeping your information safe against unauthorised access, use or disclosure through security controls such as encryption and access controls.

If required by the applicable data protection laws, we will notify you of any data breach that is likely to result in significant harm or impact to you.

12. Cookies

We follow the “Express Consent” basis for processing cookies. The first time you visit our sites we will inform you of the cookies we use and you will be given the option to consent for us to use cookies. Some cookies are strictly necessary for the operation of our sites. Our third parties may also receive data about you if you visit other websites using our cookies, over which we have no control. These websites have their own privacy notices and we do not accept any responsibility or liability for these notices.

For more information you can read our Cookies Policy

13. How can I contact ZEN?

If you have any questions regarding this Privacy notice, including any requests to exercise your legal rights, you can do so by using the details below:

  • by email: [email protected] to the attention of our DPO.
  • by writing to us at our registered office in the jurisdictions that apply to you; click here to find the relevant contact details.

We will respond to you within 30 days from the receipt of your request.

14. How can I lodge a complaint?

You have the right to lodge a complaint with the Supervisory Authority in your country of residence. For the purpose of our processing, the lead Supervisory Authority for each jurisdiction can be found here

15. Notice Updated

This notice was last updated on 07/07/2025. Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, communicated to you by email. Please check back frequently to see any updates or changes to our Privacy Notice.

Data Controller

Per Jurisdiction

JURISDICTION EUROPE
Country Lithuania, Poland, Ukraine
Data Controller ZEN UAB Lvivo g. 25-104, LT-09320, Vilnius, Lithuania
Email: [email protected]
Lead Supervisory Authority State Data Protection Inspectorate
L. Sapiegos str. 17 LT-10312 Vilnius
Email: [email protected]
Website: https://vdai.lrv.lt/en/
Country United Kingdom
Data Controller ZEN UK Gray’s Inn Road, 344-354, London, England, WC1X 8BP
Email: [email protected]
Lead Supervisory Authority Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Email: [email protected]
Website: https://ico.org.uk/
JURISDICTION ASIA-PACIFIC
Country Singapore
Data Controller ZEN SP Level 35 150 Beach Road, Singapore 189720, Singapore
Email: [email protected]
Lead Supervisory Authority Personal Data Protection Commission (“PDPC”)
10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438
Email: [email protected]
Website: https://www.pdpc.gov.sg/complaints-and-reviews

Data Protection Laws

Per Jurisdiction

JURISDICTION EUROPE
Country EU
Law The General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”)
Regulator The European Data Protection Supervisor (“EDPS”) is the European Union’s (EU) data protection authority and monitors privacy within EU institutions and bodies. The European Data Protection Board (“EDPB”) is an independent European body comprised of representatives of the national data protection authorities and the EDPS.
Country Lithuania
Law The Law on Legal Protection of Personal Data has been in force since July 16, 2018.
Regulator State Data Protection Inspectorate (Lithuanian Data Protection Authority)
Country Poland
Law Act of 10 May 2018 on the Protection of Personal Data (“the Act”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”)
Regulator The Polish data protection authority (“UODO”)
Country Ukraine
Law The Law of Ukraine “On Personal Data Protection,” enacted in 2010
Regulator Ukrainian Parliament’s Commissioner for Human Rights
Country United Kingdom
Law The Data Protection Act 2018 (“the Act”) and the UK General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”)
Regulator The Information Commissioner’s Office (“ICO”)
JURISDICTION ASIA-PACIFIC
Country Singapore
Law Personal Data Protection Act 2012 (No. 26 of 2012) (“PDPA”)
Regulator The Personal Data Protection Commission (“PDPC”)