Data Protection Policy

For Website Visitors, Clients, and Account Holders

Data Protection Policy

For Website Visitors, Clients, and Account Holders

For Website Visitors, Clients, and Account Holders

1. Who We Are

Zolvat Ltd (“Zolvat”, “we”, “us”, or “our”) is a licensed Electronic Money Institution (EMI) and Payment Service Provider (PSP), regulated by the Central Bank of Cyprus under authorization number 115.1.3.59.

Our registered office is located at:
Zolvat Ltd, Archbishop Makariou III, 213B, MAXIMOS PLAZA, Office 3, 3105, Limassol, Cyprus
Email: contact@zolvat.com
Phone: +357 99 175946

We are committed to protecting your personal data and respecting your privacy in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) and the Cyprus Data Protection Law 125(I)/2018.

2. Scope of this Policy

This policy applies to all individuals whose personal data we process, including:

• Visitors of our website (www.zolvat.com)
• Users registering or onboarding through our platform
• Clients using our payment, issuing, or acquiring services
• Individuals communicating with us via email, phone, or other channels referencing this policy.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identification and Contact Details: Name, email, phone number, date of birth, address, and national ID or passport copies.
• Financial and Transaction Data: Payment account details, transaction history, and associated payment information.
• Technical and Usage Data: IP address, browser type, device identifiers, and browsing activity on our website.
• Compliance and KYC Data: Information required for identity verification, AML/CFT screening, and source of funds/wealth assessment.
• Communications Data: Correspondence records when you contact us or interact with our support team.

We collect only data that is necessary for service delivery, compliance, and security.

4. How We Use Your Data

We process your personal data for the following purposes:

• Service delivery: Opening and maintaining e-money or payment accounts, processing transfers, issuing cards.
• Customer support: Responding to inquiries, troubleshooting issues.
• Legal and compliance: Conducting KYC, AML/CFT, and sanctions checks; fulfilling CBC and EU regulatory obligations.
• Security and fraud prevention: Monitoring transactions, detecting suspicious activity.
• Marketing and communications (optional): Sending service updates, newsletters, and offers (only if you opt in).

You may withdraw consent for marketing at any time by contacting contact@zolvat.com.

5. Legal Basis for Processing

Your data is processed based on one or more of the following legal grounds:

• Contract performance: To provide you with payment or e-money services.
• Legal obligation: To comply with financial regulations, AML/CFT, and data retention laws.
• Legitimate interests: To improve our services, protect against fraud, or secure our systems.
• Consent: Where required, such as for marketing communications or optional analytics cookies.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described above or as required by law.

• Data related to financial transactions and KYC may be retained for five (5) years after the end of the business relationship, in accordance with Cyprus AML legislation.
• Website logs and technical data are retained for shorter operational periods unless required for security or legal reasons.

7. How We Share Your Data

We may share data only when necessary and under strict confidentiality agreements, including with:

• Service providers (e.g., IT hosting, payment processors, ID verification providers)
• Regulators and public authorities, such as the Central Bank of Cyprus, Cyprus FIU (MOKAS), and Tax Department
• Financial institutions involved in transactions
• Professional advisors (legal, compliance, audit, or IT security firms)

All third parties are contractually required to protect your personal data and process it only under our instructions.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), Zolvat ensures that adequate protection mechanisms are in place, such as:

• The European Commission’s Standard Contractual Clauses (SCCs)
• Transfers to countries with an adequacy decision under Article 45 GDPR.

9. Your Rights

Under GDPR, you have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Request erasure of data under certain conditions.
• Restrict processing in specific situations.
• Object to processing for legitimate interest or marketing purposes.
• Data portability, to receive your data in a structured, commonly used format.
• Withdraw consent at any time where consent was the basis for processing.

To exercise these rights, contact contact@zolvat.com.
If you believe your rights have been infringed, you may also lodge a complaint with the Office of the Commissioner for Personal Data Protection (Cyprus) at commissioner@dataprotection.gov.cy.

10. Cookies

We use cookies and similar technologies to enhance website functionality, personalize content, and analyze performance. For detailed information, please refer to our Cookie Policy available at /cookies/

11. Data Security

We implement comprehensive technical and organizational measures to protect your data, including:

• Encryption in transit and at rest
• Role-based access controls
• Multi-factor authentication for administrative systems
• Regular vulnerability assessments and backups

While we take every reasonable step to safeguard your information, no online system can be guaranteed fully secure. Please ensure you also keep your login credentials confidential.

12. Updates to this Policy

Zolvat may update this policy from time to time to reflect changes in our practices, regulatory updates, or technological developments. The latest version will always be available on our website, with the ‘Last Updated’ date displayed above.

13. Contact Us

Data Protection Officer (DPO):
Zolvat Ltd
Email: contact@zolvat.com
Address: 213B Arch. Makariou III, Maximos Plaza, Office 3, 3105, Limassol, Cyprus
Phone: +357 99 175946

14. Acceptance of this Policy

By using our website or registering for an account, you acknowledge that you have read, understood, and agree to the terms of this Data Protection Policy. If you do not agree with any part of this policy, please discontinue the use of our website and services.