Zanbato Privacy Policy
Effective Date: February 5, 2025
What kinds of Personal Data does Zanbato use?
How does ZX use my personal information?
Fraud Prevention and Legal Compliance
Account Management/Secure Login
Email Platform Activity Updates
For Private Label Users (sites “Powered by Zanbato”)
How does Zanbato Private Label handle personal information?
Account Management/Secure Login
Email Platform Activity Updates
For People Doing Non-ZX Private Placement Business with Zanbato
How do Zanbato personnel handle personal data?
Fraud Prevention and Legal Compliance (Non-Platform)
Cookies and Tracking Technologies
Accessing and Updating information
Right to Erasure and Restriction of Processing
Direct Marketing and Email Preferences
Special Notice For Private Label Users
Other Third Party Services Used by Zanbato
Legally Required Information Disclosure
Overview
Zanbato, Inc. and its affiliates (collectively, “Zanbato”) provide services that help users engage in private securities transactions efficiently, securely, and lawfully. Although our services mainly process information concerning legal entities, we also sometimes have to handle information about natural persons like yourself. To that end, personal information collected by Zanbato is used solely for providing the services for which you have engaged Zanbato.
This Privacy Policy covers Zanbato services provided through zanbato.com and related Zanbato mobile applications (the “Websites”). It describes how Zanbato collects, uses, shares, and secures the personal information you provide. It also describes your choices regarding the use, access and accuracy of your personal information.
What kinds of Personal Data does Zanbato use?
For all site visitors
Regardless of whether you’re signed into Zanbato, we collect basic information associated with your browsing session, such as your IP address, browser type, and preferred language, to effectively display the site for you. We also use cookies provided by Google Analytics solely to track your browsing session’s movement within the Websites. (For more information about what cookies are and how you can control them, check out the section below titled “Cookies and Tracking Technology.” For more information about how Google uses and processes Google Analytics data, see www.google.com/policies/privacy/partners).
We use this data to identify usage patterns and improve our site’s design. In this context, your IP address is used purely as a geographic indicator assigned to an anonymous user. As long as you aren’t signed in, we can’t link this information back to you as an individual.
We do not knowingly collect personal information from minors without proper consent from a parent or legal guardian. If you believe that we may have collected personal information from a minor without the requisite consent, please contact us at privacy@zanbato.com.
For ZX ATS and ZXData Users
The ZX ATS is the Alternative Trading System platform located at zx.zanbato.com, and ZXData is the data platform located at zxdata.zanbato.com. These services (collectively, “ZX”) are only accessible by secure login to users authorized by Zanbato staff. To use ZX, we need to collect and process some of your personal information for a few purposes.
On the ZX ATS, you will have the ability to chat with other ZX ATS users and Zanbato market operators to conduct relevant ZX ATS business. Conversation participants and ZX staff will be able to see your full name in those chats. When a deal has been agreed to and transaction documents are required to be signed, you’ll exchange further personal information as needed.
On both platforms (ZX ATS and ZXData), your personal information may be used by ZX staff for other specific purposes detailed below. In this section, we describe each of our processes, and how we handle the data.
How does ZX use my personal information?
Fraud Prevention and Legal Compliance
When you register for access to the ZX ATS, several financial regulatory agencies require us to collect certain personal information. This “registration information” includes full name, employer, title, business address, business telephone number, and business email address. In addition, before you close a transaction, we are required by the same agencies to have you fill out a “confidential customer questionnaire” which requires the disclosure of further personal information, such as a copy of your driver’s license, passport, or similar government-issued ID.
This information is used to prevent fraud and to comply with applicable law, rules, and regulations.
- GDPR Legal Basis: Legitimate Interests (fraud prevention and to allow you to use ZX to transact legally); Legal Obligation.
- To Access or Update Info: Some information may be updated at zx.zanbato.com/accounts/settings/ (ZX ATS) or zxdata.zanbato.com/accounts/settings/ (ZXData) , but we may be required to preserve other registration information/customer questionnaire data, as prescribed by applicable law, rules, or regulations. You may contact us at privacy@zanbato.com if you want more details.
Account Management/Secure Login
Your email address, combined with a password of your choosing, will allow you to sign into ZX securely. We may also send you emails where necessary to help you manage your account, for example, if you need to reset your password, or to notify you of a material change to one of our policies.
- GDPR Legal Basis: Legitimate Interests (allowing you to securely authenticate & interact with ZX).
- To Access or Update Info: visit zx.zanbato.com/accounts/settings/ (ZX ATS) or zxdata.zanbato.com/accounts/settings/ (ZXData) , or contact us by email at privacy@zanbato.com.
Platform Communication
You can use the ZX ATS to chat with other ZX ATS users and Zanbato market operators to conduct relevant ZX ATS business. Conversation participants will be able to see your full name in the chats. Any conversations you have on our platform will be associated with your account and will be captured and stored to comply with applicable law, rules, and regulations or for archival purposes.
- GDPR Legal Basis: Legitimate Interests (Providing ZX services, fraud prevention).
- To Access or Update Info: To change the way your name is displayed, visit zx.zanbato.com/accounts/settings/ (ZX ATS) or zxdata.zanbato.com/accounts/settings/ (ZXData), or contact us by email at privacy@zanbato.com.
Usage Analytics
When signed in, your activity on ZX is logged and linked to your user id. This data includes information about what pages under zx.zanbato.com or zxdata.zanbato.com you’ve visited, and when such access occurred. ZX staff review this data to better understand usage patterns on ZX. We also review this data periodically to prevent fraud, to monitor suspicious activities, or to comply with applicable laws, rules, and regulations.
- GDPR Legal Basis: Legitimate Interests (Improving ZX services, fraud prevention).
- To Access or Update Info: Contact us at privacy@zanbato.com if you would like more information about the information we hold.
Email Platform Activity Updates
We’ll use your email address to provide you with a variety of updates about Zanbato. These include feature announcements, platform activity notifications, policy updates, and others. We only send these emails if you have an active user account. Additionally, you can configure your email preferences on the Websites (see below).
- GDPR Legal Basis: Legitimate Interests (providing relevant activity updates & marketing based on your preferences).
- To Access or Update Info: Configure your Email Notification Settings by signing in, clicking your name in the top right corner, and clicking the “Email Notification Settings” option in the dropdown. The emails you receive also have hyperlinks to the notification settings page.
- Note: certain important emails, such as policy update notifications, will always be sent as long as you have an active user account; please contact us at privacy@zanbato.com if you have concerns with or objections to this.
For Private Label Users (sites “Powered by Zanbato”)
Zanbato licenses a tool called Private Label (“PL”) to clients. When you use a Private Label platform, the private label licensee ultimately makes the decisions about how your data is handled. We describe what our tools do in this section, but be sure to consult the licensee’s Privacy Policy to get the full picture.
How does Zanbato Private Label handle personal information?
Account Management/Secure Login
You or the licensee can create an account on Private Label for you. Your email address, combined with a password of your choosing, will allow you to sign in securely. We send you emails whenever necessary to help you manage your account, for example, if you need to reset your password, or to notify you of a material change to one of our policies.
Your full name may also be linked with your account at registration.
- GDPR Legal Basis: Legitimate Interests (allowing you to securely authenticate & interact with PL).
- To Access or Update Info: visit /accounts/settings/ on your portal, or contact the controller.
Email Platform Activity Updates
We use your email address to provide you with a variety of updates about Zanbato. These include feature announcements, platform activity notifications, policy updates, and others. We only send these emails if you have an active user account. You can configure your email preferences on the Websites (see below).
- GDPR Legal Basis: Legitimate Interests (providing relevant activity updates & marketing based on your preferences).
- To Access or Update Info: Configure your Email Notification Settings by signing in, clicking your name in the top right corner, and clicking the “Email Notification Settings” option in the dropdown. The emails you receive also have hyperlinks to the notification settings page.
- Note: certain important emails, such as policy update notifications, will always be sent as long as you have an active user account; please contact us at privacy@zanbato.com if you have concerns with or objections to this.
Closing Room & NDAs
Features such as Closing Room and NDA may use names and/or emails as necessary to create relevant paperwork for signature. This data is processed by a third party digital signature service (described below). We ensure that this service only uses this data for providing the tool as described.
- GDPR Legal Basis: Legitimate Interests (allowing users to create their own digital contracts).
- To Access or Update Info: Visit the page for the relevant feature, or email us at privacy@zanbato.com
- Third Party Transfers: The Zanbato digital signature service is provided by HelloSign, a Data Privacy Framework certified U.S. organization. Their privacy policy can be found at https://www.hellosign.com/privacy.
Cookies and Tracking Technologies
Zanbato and its partners use cookies or similar technologies to analyze trends, administer our Websites, track users’ movements around the Websites, and gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Websites or service.
In the future, we may partner with a third party to manage our advertising on other sites. Such a third party partner may use cookies or similar technologies to provide you advertising based upon your browsing activities and interests. To opt out of interest-based advertising click here or if located in the European Union click here. Please note you would continue to receive generic ads.
Your Rights under GDPR
You have certain rights with respect to your personal data, as described below. You will not have to pay a fee to exercise any of these rights.
Accessing and Updating information
At any time, you can request from us information about whether we store, use or share any of your personal data and what kinds of personal data we hold about you.
If you have an account on a Zanbato platform, you may sign into your account at any time to view your profile and review commonly processed personal information. Your account profile will allow you to update some of your personal information directly.
To request information or request changes, contact us at privacy@zanbato.com and we’ll respond to your request within a reasonable timeframe (no longer than 30 days from receiving your request).
Right to Erasure and Restriction of Processing
You may request that your personal information be removed from Zanbato’s systems, or that Zanbato restrict all further processing of your data. Please note that our ability to comply with your request will depend on the specifics of your circumstances, including if processing your personal data is required for us to continue providing a service, or to comply with applicable law, rules, and regulations, but we will assist you as best we can.
To request data erasure or processing restrictions,contact us at privacy@zanbato.com and we’ll respond to your request within a reasonable timeframe (no longer than 30 days from receiving your request).
Right to Object
You may object to processing of your personal data where such processing was carried out under the basis of legitimate interest. Please note that our ability to comply with your request will depend on the specifics of your circumstances, including if processing your personal data is required for us to continue providing a service, or to comply with applicable law, rules, and regulations, but we will assist you as best we can.
To object to processing of your personal data, contact us at privacy@zanbato.com and we’ll respond to your request within a reasonable timeframe (no longer than 30 days from receiving your request).
Right of Data Portability
You have the right to receive an electronic copy of the personal data that you have provided to us, or ask us to send that information to another company (the “right of data portability”). If you wish to receive or send such data, please contact us at privacy@zanbato.com.
Right to Withdraw Consent
Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time. However, withdrawing consent will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Direct Marketing and Email Preferences
Note that in the case of direct marketing emails, we provide an Unsubscribe link which allows you to opt-out automatically. You can also configure your email preferences by signing into your Zanbato account and visiting your account settings page, or by contacting us at privacy@zanbato.com.
Special Notice For Private Label Users
Zanbato acknowledges that you have the right to access your personal information. In the case of Private Label platforms, Zanbato may not have a direct relationship with the individuals whose personal data it processes.
To access, correct, amend, or delete inaccurate data, you should direct your query or request to the data controller responsible for operating the Private Label portal. If requested by the controller to remove data, we will respond within a reasonable timeframe (no longer than 30 days from receiving your request). Please note that our ability to comply with the request will depend on certain circumstances, including if processing your personal data is required for us to continue providing a service, or to comply with applicable law, rules, and regulations.
Special Categories of Personal Data
We do not, unless you explicitly consent, process any of your personal data in the following special categories: (i) personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) genetic data; (iii) biometric data for the purpose of uniquely identifying you; or (iv) data concerning your health, sex life, or sexual orientation.
If personal data is to be used in a way not previously disclosed or shared with external parties not covered in this Privacy Policy, you will be provided the opportunity to opt-out.
Automated Processing
We do not use your personal data to make automated decisions about you without any human input. If we ever begin to do so, if and as applicable, and to the extent required by applicable laws, rules, or regulations, we will endeavor to implement suitable safeguards, including, for example, an opportunity for you to request human intervention, express your point of view, contest any decisions made, and request that we restrict the use of your personal data for the purposes of these automated decisions.
Data Security
Zanbato follows industry-standard best practices to protect your personal information. On a Zanbato platform, all data is encrypted both in-transit and at-rest. Access to sensitive systems, physical or digital, is secured and limited to qualified systems administrators.
Note that no data transmission over the Internet can be fully guaranteed to be completely secure. Accordingly, we cannot ensure or warrant the security of any information that you transmit to us, so you do so at your own risk.
If you have any questions about security on any Zanbato platform, please contact us at support@zanbato.com.
Other Third Party Services Used by Zanbato
We utilize the services of third parties to power the Websites. As a result, your personal data may be transferred to the entities listed below, in addition to any already listed above, or other service providers as necessary to provide the relevant service.
In all cases, through our service agreements with our service providers, we make sure that our service providers only process personal data as necessary to provide the relevant service, and that they provide at least the same level of protections Zanbato provides for your personal data of similar nature; these requirements also apply to any third parties used by our service providers.
- Amazon Web Services provides the backbone for ZX and PL, hosting our databases, web servers, and other related systems.
- Personal data processed: All personal data processed through ZX and PL (as described above).
- Transfer destination: United States (under Data Privacy Framework)
- Google provides our communications management infrastructure through G Suite.
- Personal data processed: Email addresses and email content.
- Transfer destination: United States (under Data Privacy Framework)
- Global Relay provides an archiving solution for platform communication to comply with applicable law, rules, and regulations.
- Personal data processed: Chat conversation participants and message content.
- Transfer destination: Canada (Canada is recognized by the European Commission as an “adequate” jurisdiction that offers a level of data protection similar to the EEA).
Other Information
Legally Required Information Disclosure
We reserve the right to disclose your personal data as required by applicable laws, rules, and regulations or when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal, regulatory, governmental, or administrative process or request. In certain situations, Zanbato may disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If Zanbato is involved in a merger, acquisition, or sale of all or a portion of its assets, including transfers made as part of insolvency or bankruptcy proceedings, personal data may be one of the transferred business assets. You will be notified by email (sent to the e-mail address specified in your account) or by means of notice on the relevant Website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data.
EU-U.S. Data Privacy Framework with UK Extension, and Swiss-U.S. Data Privacy Framework
Zanbato and our U.S. affiliates, including Zanbato Securities LLC, comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. Zanbato has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. Zanbato has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, and to view our certification, visit the U.S. Department of Commerce’s Data Privacy Framework List.
Zanbato is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. Zanbato complies with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Data Privacy Framework, Zanbato is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Zanbato may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zanbato commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding EU-U.S. DPF, the UK Extension to the EU-U.S DPF, and Swiss-U.S. DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on the relevant Website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Contact Information
If you have any questions or concerns related to this Privacy Policy, you may contact us in writing at Zanbato, Inc., 715 N. Shoreline Blvd., Mountain View, CA 94043 or email us at support@zanbato.com (general inquiries) or privacy@zanbato.com (for questions about personal data). In addition, if you are a resident of the European Union, Switzerland, or the UK, you have the right to complain to a Data Protection Authority if you believe that your personal data has been collected or used in violation of relevant privacy requirements.
GDPR Designated Representative
For the purposes of GDPR, our designated representative based in the EU is Christopher Fenichell. Our representative may be reached in writing at Zanbato UK Ltd., 52 Debden Road, Saffron Walden, Essex, CB11 4AB, United Kingdom, or by email at cfenichell@zanbato.com.