1.1. This Personal Data Processing Policy (hereinafter referred to as the “Policy”) of the ZOZI service (hereinafter referred to as the “Operator”) is an official document that sets out the general principles, purposes, and procedures for processing the personal data of users of the websites (zozi.cash and zozi.club) (hereinafter referred to as the “Site”), as well as information on the personal data protection measures implemented.

1.2. This Policy has been developed in accordance with applicable personal data legislation, including the requirements of the European Union General Data Protection Regulation (GDPR), as well as other applicable legal requirements depending on the User’s country and the scope of the services provided.

1.3. This Policy applies exclusively to the Site. The Operator does not control and is not responsible for third-party websites that the User may access via links available on the Site.

1.4. The processing of personal data of other categories of data subjects may be governed by separate internal policies of the Operator, privacy notices, and the terms of specific services.

1.5. This Policy shall enter into force upon its approval and shall remain valid indefinitely until replaced by a new version.

2.1. The following terms are used in this Policy:

2.1.1. Personal Data Information System – a set of personal data contained in databases, together with the information technologies and technical means used to process such data.

2.1.2. Personal Data Processing – any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), depersonalisation, blocking, deletion, and destruction of personal data.

2.1.3. Personal Data Operator (Operator) – a legal entity or individual that independently or jointly with others organises and/or carries out the processing of personal data, and also determines the purposes of personal data processing, the scope of personal data subject to processing, and the actions (operations) performed with personal data.

2.1.4. Personal Data – any information relating directly or indirectly to an identified or identifiable natural person (data subject).

2.1.5. Site User – any person who visits the Site and uses the information, materials, and services available on the Site.

2.1.6. Site – a set of interconnected web pages located on the Internet under a unique address (URL), including its subdomains.

2.1.7. Cookies – a small piece of data sent by a web server and stored on the User’s device, which the web client or web browser sends back to the web server in an HTTP request each time the User attempts to open a page of the relevant website.

2.1.8. IP Address – a unique network address of a node in a computer network through which the User accesses the Site.

3.1. The Operator processes Users’ personal data on the following legal grounds, depending on the specific situation: the User’s consent, the necessity to perform a contract or provide a service at the User’s request, compliance with obligations imposed by applicable law, as well as the Operator’s legitimate interests, including ensuring security, preventing abuse, and maintaining and developing the Site.

3.2. If the User does not agree with the terms of this Policy, the use of the Site and/or any services available through the Site must be discontinued immediately. Where processing is based on consent, the User has the right to withdraw such consent at any time in the manner specified in this Policy.

3.3. Users’ personal data may be processed for the following purposes:
- registration, creation, and maintenance of the User’s account;
- provision of Site functions and delivery of services requested by the User;
- identification of the User, authorisation, and ensuring account security;
- handling User enquiries, requests, and applications, as well as providing feedback;
- sending service notifications and messages related to the use of the Site;
- sending advertising and informational materials where the User’s consent has been obtained or in other cases permitted by applicable law;
- maintaining statistics, analytics, error diagnostics, and improving the operation of the Site and user experience;
- prevention of fraud, violations of the terms of use, and other abuses;
- compliance with obligations required by applicable law, as well as protection of the Operator’s rights and legitimate interests.

3.4. The Operator may process the following categories of the User’s personal data:
- surname, first name, patronymic;
- nickname, login, and other profile data;
- email address;
- phone number;
- data required for payouts, settlements, or verification of the User’s payment details, including card number, wallet number, first name, surname, country, and phone number;
- data obtained when authorising through third-party services or social networks, to the extent permitted by the User and the relevant provider;
- technical data and information about the device, browser, IP address, activity logs, cookies, access time, referrer, and similar parameters;
- the content of support requests and any other information that the User chooses to provide voluntarily.

3.5. For analytics, maintaining functionality, and improving the Site, the Operator may use cookies, event logs, and analytics services, including Google Analytics and other similar tools. Where required by applicable law, non-essential cookies and analytics technologies are used only after the User’s appropriate consent has been obtained.

3.6. Google Analytics is a web analytics tool provided by Google and may use cookies and other technical identifiers to analyse the use of the Site. Information collected through Google Analytics may be transferred to and stored on Google’s servers in accordance with Google’s terms. To limit the use of Google Analytics, the User may use browser settings, cookie management tools, as well as the browser add-on available at https://tools.google.com/dlpage/gaoptout. Additional information can be found in Google’s Privacy Policy: https://policies.google.com/privacy.

3.7. The Operator may also engage providers of hosting, analytics, communications, payment processing, authorisation, customer support, information security, technical maintenance, and other contractors who process personal data on behalf of the Operator within the stated purposes and on the basis of contractual obligations relating to confidentiality and data protection.

3.8. If cookies or analytics tools are blocked, certain functions of the Site may operate incorrectly or become unavailable.

3.9. The processing of biometric personal data and special categories of personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, health, intimate life, as well as other sensitive data, is not carried out, except where such processing is expressly required by applicable law or voluntarily initiated by the User and permitted by law.

3.10. The Site is not intended for children under the minimum age established by applicable law for independently giving consent to the processing of personal data. The Operator does not knowingly collect personal data from children and, if such a case is identified, takes measures to delete such data within a reasonable period.

3.11. The Operator does not verify the accuracy of the information provided by the User and assumes that the User provides accurate, up-to-date, and sufficient information, and updates it in a timely manner where necessary.

3.12. Personal data may be transferred to third parties only to the extent necessary to achieve the stated processing purposes, including service providers, authorisation partners, payment and technical contractors, as well as competent authorities in cases provided for by applicable law. In the case of cross-border transfers of personal data, the Operator applies protection mechanisms provided for by law, including transfers to countries with an adequate level of protection or the use of contractual safeguards and other permissible protective measures.

3.13. The Operator performs the following actions with personal data: collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), depersonalisation, blocking, deletion, and destruction. The Operator does not make decisions that produce legal effects for the User or otherwise significantly affect the User’s rights solely on the basis of automated processing, unless this is expressly permitted by applicable law and has been duly communicated to the User.

3.14. Personal data is stored no longer than necessary to achieve the purposes of processing, fulfil contractual and legal obligations, resolve disputes, and protect the Operator’s rights. Unless a different period is required by applicable law or by the nature of the relationship with the User, data may generally be retained for up to 1 year from the User’s last interaction with the Site. Where the provision of certain data is necessary for registration, performance of a contract, or the provision of a Site function, failure to provide such data may make the use of the relevant functions impossible.

4.1. The security of personal data processed by the Operator is ensured through the implementation of legal, organisational, technical, and software measures necessary and sufficient to comply with applicable law and reduce the risks of unauthorised access, loss, alteration, disclosure, or destruction of data.

4.2. The Operator takes the following measures to ensure the security of personal data:
- appointing responsible persons for organising personal data processing and ensuring personal data protection;
- limiting the number of employees and contractors who have access to personal data;
- segregation of access rights to personal data and keeping records of actions performed with such data;
- using organisational and technical information security measures, including passwords, logging, backups, software updates, and protection against malicious software;
- restricting physical and logical access to systems in which personal data is processed;
- carrying out periodic assessments of the adequacy of the security measures taken;
- identifying security incidents, responding to them, and taking measures to eliminate their consequences;
- applying contractual and organisational measures to contractors involved in personal data processing.

5.1. The Site User has the right to obtain information relating to the processing of their personal data and, subject to applicable law, the right:
- to confirmation that the Operator processes personal data;
- to obtain information about the legal grounds and purposes of personal data processing;
- to obtain information about the categories of personal data processed, the categories of sources from which such data is obtained, and the categories of recipients of such data;
- to obtain information about the retention periods for personal data or the criteria used to determine them;
- to access their personal data;
- to rectify, update, or correct their personal data;
- to request the deletion of personal data in cases provided for by law;
- to restrict the processing of personal data in cases provided for by law;
- to data portability in a structured, commonly used, and machine-readable format, where this is provided for by applicable law and technically feasible;
- to object to the processing of personal data, including processing for direct marketing purposes, in cases provided for by law;
- to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before such withdrawal;
- to obtain information about cross-border transfers of personal data and the safeguards applied, where provided for by applicable law;
- to lodge a complaint with a competent data protection authority at their place of residence, place of work, or place of the alleged infringement, where such a right is provided for by applicable law;
- to exercise other rights provided for by applicable law, including additional rights of residents of certain U.S. states where such laws apply to the Operator.

5.2. The Site User has the right to require the Operator to rectify, block, restrict the processing of, or destroy their personal data where such personal data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as to take other measures provided for by law to protect their rights.

5.3. The Site User has the right to submit a request to exercise their rights, including a request for access, rectification, deletion, restriction of processing, data portability, or withdrawal of consent. The Operator may request reasonable information to verify the identity of the applicant before fulfilling the request, where necessary to protect data against unauthorised disclosure.

5.4. All questions, requests, and enquiries relating to the processing of personal data should be sent to: admin@zozi.club.

6.1. The User is responsible for complying with the requirements of the applicable laws of their country, including with regard to the lawful use of materials, compliance with intellectual property rights, trademarks, trade names, and other distinctive signs, advertising rules, and other mandatory requirements, as well as for the content and form of materials transmitted or used by them when using the Site’s services.

7.1. The Operator has the right to amend this Policy unilaterally in the event of changes in applicable law, changes in business processes, changes in the services used, or at its own discretion.

7.2. Compliance with the requirements of this Policy shall be monitored by the person responsible for organising personal data processing or by another authorised representative of the Operator.

7.3. Persons guilty of violating the rules governing the processing and protection of personal data shall bear liability in accordance with applicable law.

By registering on our service, you confirm your consent to receive informational and, where a valid legal basis exists, advertising emails, which may contain news, promotions, special offers, as well as other information related to our services.

Each email sent will contain a link allowing you to unsubscribe from future mailings. You may unsubscribe at any time by simply following the relevant link at the bottom of the email or by contacting the Operator using the contact details provided in this Policy.

We are an international service focused on helping users save money, and therefore operate under multiple domains. These domains may change or be expanded over time. At present, the service uses, among others, the following domains: zozi.club and zozi.cash.

For Asia and Kazakhstan: CASHBACK HUB LLP, BINN 220440025877, Almaty, Kazakhstan.

For the United States, Canada, Australia, the United Kingdom, and Europe: EDGE EVOLUTION LLC, United States of America, Florida, 7901 4TH ST N STE 30, ST PETERSBURG, FL 33702, +1-267-405-0710.

For privacy and personal data processing matters: admin@zozi.club.