Privacy Policy

Last updated: 7 April 2022

Zest Technologies DIFC Ltd is a company established in the Dubai International Financial Centre with a registered office at Unit 201, Level 1, Gate Avenue – South Zone, Dubai International Financial Centre, Dubai, United Arab Emirates, and registered company number CL4831.

Zest Equity Holdings SPC is a segregated portfolio company incorporated pursuant to the laws of the Cayman Islands whose registered office is situated at Zest Equity Holdings SPC C/O Walkers Corporate Limited, 190 Elgin Avenue, George Town KY1-9008, Cayman Islands.

For the purposes of applicable data protection laws, Zest Technologies DIFC is the data controller for personal data collected in relation to our Site and for your login, account and transaction data on the Zest Platform, and Zest Equity Holdings SPC is the controller for the identification and onboarding information which you provide. The relevant entity you communicate with, including for employment purposes, is the data controller in relation to those communications.

This privacy policy (the “Privacy Policy”) sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use of our Site, www.zestequity.com (our “Site”) and in connection with our liquidity solutions platform and service Platform (together, the “Platform”). The purpose of the Platform is to enable transactions of and relating to shares, ESOP contracts and other securities (“Assets”) in secondary markets, including submission of Assets for sale and the placing of bids for Assets (the “Transactions”).

Please read this Privacy Policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. This Privacy Policy supersedes any previous privacy-related notice or equivalent document which you may have been provided with by us from time to time. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Site, use our Platform or otherwise provide your information to us.

Our Site and Platform are not intended for children, and we do not knowingly collect data relating to children. Children must not use the Platform, except where their parent or guardian has provided consent, if this option is available in your location.

1. Information we collect

Information you give to us

You may provide some or all of the following personal data to us by: (i) meeting or interacting with us; (ii) contacting us by telephone, fax, email or other forms of electronic communication; or (iii) completing registration or other forms:

• Personal data relating to identification (e.g. full name, date of birth, residence address, email address, mobile number, passport, national identity card, visa details, photo, tax number).
• Employment details (e.g. employer name, employment address, employment details).
• Account data (e.g. your account ID, login details, details of transactions carried out, investment objectives and means)
• Communications (e.g. details of your communications with us, such as for customer service purposes)
• Other personal data (e.g. sources of wealth, banking relationships).
• Special categories of personal data relating to biometric data (facial recognition processing during onboarding).

Information we collect automatically

When you visit our Site and use our Platform we automatically collect the information sent to us by your computer, mobile phone or other device. This information includes: (i) your IP address; (ii) device information including, but not limited to, name and type of operating system; (iii) mobile network information; (iv) standard web information such as your browser type and the pages you access on our Site; (v) transaction and account activity information (but not payment card or account details), including device information, transaction details, and IP address; (vi) security information including a list of certain installed software, device and internet connection information, and available space on the device. In addition, we may use third party Platform such as Google Analytics that collect, monitor and analyse information about demographics and navigational behaviour.

Information we collect from third parties

We may process some or all of the following personal data as a result of such data being: (i) provided to us by your company, an authorized intermediary, agent, advisor or custodian or your assets; (ii) provided to us by one of our group companies, or (iii) collected from publicly available sources.

• Personal data relating to identification (e.g. full name, date of birth, residence address, email address, mobile number, passport, national identity card, visa details, photo, tax number).
• Employment details (e.g. employer name, employment address, employment details).
• Account data (e.g. your account ID, login details, details of transactions carried out, investment objectives and means)
• Communications (e.g. details of your communications with us, such as for customer service purposes)
• Other personal data (e.g. sources of wealth, banking relationships).
• Special categories of personal data relating to biometric data (facial recognition processing during onboarding), or criminal data (e.g. as a result of sanctions, politically exposed persons and other legal and regulatory warnings databases).

2. What do we do with your personal data?

Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, recording, storing, adjusting, organizing, using, disclosing, transferring or deleting it.

We process your personal data in order to perform our contract with you, such as provide you with our Platform, other content and Site functionality.

In order to be responsive to you, to provide effective Platform to you, and to maintain our business relationship, as a matter of our legitimate interests, we will use your personal data to:

• verify your identity, and assess whether we can accept you as a customer;
• create and maintain your account and to allow you to access and use our Platform;
• maintain the safety and security of our users, the Site, our Platform, and business;
• administer the Site and Platform, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
• send you announcements in relation to security, privacy or administrative related communications (these communications are not marketing orientated, and we do not rely on consent, so you may not opt out);
• personalise our Site and our Platform to ensure content is presented in the most effective manner for you and your device; and
• improve and develop our products.

We obtain your consent to process your personal data for the following reasons:

• if you opted into marketing, to communicate with you about our products, Platform, marketing, promotions, events and other news and information we think will be of interest to you; and
• to process your biometric data (using facial recognition processing) as this is necessary to effectively verify your identity for onboarding purposes.

In addition, we will use some or all of the above information to comply with any applicable legal obligations (such as in relation to onboarding users), to enforce any applicable terms and conditions and/or terms of service, and to protect or defend the Platform, our rights, the rights of our users, or others.

3. Cookies

Cookies are small text files, stored on your browser, that uniquely identify your browser or device.

We use cookies and other similar technologies (“Tracking Technologies”) which are essential to the functioning of our Site and Platform, to provide a service requested by you or to comply with the law (e.g. the security requirements of data protection law). We do not need to obtain your consent in order to use these Tracking Technologies and these Tracking Technologies cannot be turned off as we cannot provide the Site and Platform without them.

Most browsers allow you to change your settings so that you can:

• See what Tracking Technologies are used on your device and delete all non-essential Tracking Technologies on a collective basis.
• Block third party Tracking Technologies.
• Block Tracking Technologies from particular sites.
• Block all Tracking Technologies from being set.
• Delete all Tracking Technologies when you close your browser (although deleting cookies means that any preference settings you have made on our Site and Platform may be lost).

For more information on how to manage your browser settings, please see below:

• Cookie settings in Internet Explorer
• Cookie settings in Edge
• Cookie settings in Firefox
• Cookie settings in Chrome
• Cookie settings in Safari

4. With whom do we share your personal data and for which reasons?

We do not use or share your personal data with others except as described in this Privacy Policy. In certain circumstances, we will share your information with third parties with your consent, as necessary, or as otherwise required or permitted by law. Specifically, we share your personal data:

• With service providers for business purposes in our legitimate interests, or to perform a contract with you. Such third parties include: (i) IT service providers; (ii) marketing companies; and (iii) data analytics vendors. These service providers assist us with many different functions and tasks, such as providing application or infrastructure support, managing customer communications, and preparing reports and statistics, printing materials and designing products. One such third party provider is Onfido, who conducts liveliness checks, identity verification and AML / sanctions screening processes on our behalf (to find out more about Onfido’s processing, please visit their Privacy Policy).
• When you request us to share certain information with third parties, with consent or to perform a contract with you. With your permission or upon your discretion, we will disclose your personal data to relevant third parties.
• With professional advisors, in our legitimate interests or as required by law. As necessary, we will share your personal data with professional advisors functioning as service providers such as auditors, law firms, or accounting firms.
• For legal and security reasons and to protect our Platform and business, in our legitimate interests or as required by law. We will share your personal data with regulators, law enforcement agencies, public authorities, or any other relevant organisations: (i) in response to a legal obligation; (ii) if we have determined that it is necessary to share your personal data to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries; (iii) to protect the interests of, and ensure the safety and security, of us, our users, a third party or the public; (iv) to exercise or defend legal claims; and (v) to enforce our terms and conditions, other applicable terms of service, or other agreements.
• With our affiliates, in our legitimate interests. We may share your personal data with companies within our corporate family.
• In connection with an asset sale or purchase, a share sale, purchase or merger, bankruptcy, or other business transaction or re-organization, in our legitimate interests. We will share your personal data with a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.

5. Where we store your information

The personal data that we collect from you may be transferred to, and stored at/processed in countries outside the Dubai International Financial Centre and/or the Cayman Islands. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy.

For any transfers of data outside the Dubai International Financial Centre, the data transfer will be under:

• the Commissioner’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses) (the “Model Clauses”), unless the data transfer is to a country that has been determined by the Commissioner, to provide an adequate level of protection for individuals’ rights and freedoms for their personal data. Please contact us at [email protected] should you wish to examine a copy of the Model Clauses; or
• one of the specific derogations in Article 27(2) of the Data Protection Law DIFC Law No. 5 of 2020, as amended, updated or replaced from time to time.

6. What are your rights and how do we respect them?

You have certain rights in relation to your personal data:

• Access: You have the right to access personal data we hold about you, how we use it, and who we share it with.
• Rectification: You have the right to correct any of your personal data we hold that is inaccurate.
• Objection: You have the right to object to our processing of your personal data.
• Objection to marketing: You can object to marketing at any time by sending an email.
• Restriction of processing: You have the right to require us to stop processing the personal data we hold about you in certain circumstances and with certain exceptions.
• Portability: You have the right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
• Erasure: In certain circumstance, you have the right to delete the personal data we hold about you.
• Complain: Should you not be satisfied with the way we have responded to your concerns you have the right to submit a complaint to us. If you are still unhappy with our reaction to your complaint and Zest Technologies DIFC Ltd is acting as the data controller, you can also contact the DIFC Data Protection Commissioner (The Gate, Level 14, PO Box 74777, Dubai, Tel: +971 4 362 2222).
• Withdrawal of consent: Where we rely on consent to process your personal data, you have the right to withdraw this consent at any time.
• Non-discrimination: If you exercise any rights afforded to you under the Data Protection Law DIFC Law No. 5 of 2020, you have the right not to be discriminated against.

You can exercise your rights by contacting us (see section “Our contact details” below).

We aim to respond to your request as quickly as possible. In some instances, this could take up to one month. If we require more time to respond to your request, we will let you know how much longer we need and provide reasons for the delay. Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain your personal data.

7. Are you obliged to provide us with your personal data?

In some cases, we are legally required to collect personal data, or your personal data may be needed before we may perform certain services and provide certain products. We request only the personal data that is strictly necessary for the relevant purpose. Failure to provide the necessary personal data may cause delays or lead to refusal of certain products and services.

8. How do we protect your personal data?

We take appropriate technical and organizational measures (policies, procedures, IT security, etc.) to ensure the confidentiality and integrity of your personal data and the way it’s processed. We apply an internal framework of policies and minimum standards across our business to keep your personal data safe. These policies and standards are periodically updated to keep them up to date with regulations and market developments. Notwithstanding the foregoing, we cannot guarantee the security of your information transmitted through the Site or over email; any transmission is at your own risk.

In addition, our employees are subject to confidentiality obligations and may not disclose your personal data unlawfully or unnecessarily. To help us continue to protect your personal data, you should always contact us if you suspect that your personal data may have been compromised.

9. How long do we keep your personal data?

We will only retain your personal data for as long as we have a lawful reason to do so. In particular:

• where we have collected your personal data as required by anti-money laundering legislation, including for identification, screening and reporting, we will retain that personal data for six years after the termination of our relationship with you; or
• in most other cases, we will retain your personal data for a period of ten years after the termination of our contractual or other relationship with you.

We will also retain and use your personal data to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies. When your personal data is no longer necessary for the purpose for which it was originally collected, we will delete it, or we will store your information in an aggregated and anonymized format; we may use this information indefinitely without further notice to you.

10. Third party links

Our Site may contain links to other online platforms, plug-ins or other applications operated by third parties. We do not control such other sites or applications, and are not responsible for their content, their privacy policies, or their use of your information. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of the Site and/or users of those third-party online platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators except as disclosed on the Site. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of personal data by third parties. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy.

11. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time in order to remain compliant with any changes in law or to reflect how our business processes personal data. We will note on our Site when our Privacy Policy has been updated. Please check the Site regularly for notices of changes to our Privacy Policy.

12. Our contact details

We welcome your questions, comments, and concerns about this Privacy Policy or your personal data.

To contact Zest Technologies DIFC Ltd, please send us an email to [email protected].

To contact Zest Equity Holdings SPC, please send an email to [email protected].

You can also send mail to our registered offices (details above). We endeavor to respond to your questions as soon as practicable.