Legal

Privacy Policy

Name: ZingZee
Address: Nicosia, Cyprus
Telephone: +35799769757

This Privacy Policy explains how ZingZee collects, uses, shares, and protects personal data when you use our website, communicate with us, or engage our AI services. It is designed to provide clear, transparent information under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable laws.

Last updated: March 4, 2026

1. Data Controller

The data controller for processing described in this policy is ZingZee, a business operating in Nicosia, Cyprus. Where we process personal data on behalf of our clients as a processor, the relevant client remains the controller for that processing context.

Company: ZingZee
Location: Nicosia, Cyprus
Email: hello@zingzee.com
Phone: +357 99 769 757

2. Scope and Applicability

This policy applies to personal data processed through our website, sales and onboarding channels, support communications, and AI delivery operations. It does not govern third-party services that operate independently from ZingZee and have their own privacy notices.

3. Personal Data We Collect

Identity and contact data

- Full name, business name, job title, email address, phone number, and country.
- Communication preferences and consent records.
- Contact history and meeting notes when you engage with our team.

Account and service configuration data

- User credentials, role permissions, and access logs for customer portals and integrations.
- System settings, workflow rules, automation prompts, and deployment configuration.
- Project documentation and implementation artifacts needed to deliver services.

Operational and interaction data

- Messages, prompts, instructions, and AI outputs processed in our service workflows.
- Business process inputs such as lead forms, support requests, and qualification data.
- Feedback, quality flags, incident reports, and support ticket content.

Technical and device data

- IP address, browser type, operating system, language settings, and approximate geolocation.
- Device identifiers, cookies, session identifiers, and security telemetry.
- Application logs, diagnostics, performance metrics, and API request metadata.

Commercial and transaction data

- Contract details, billing contact data, invoices, payment status, and tax-related records.
- Service plan information, procurement details, and account lifecycle events.

4. How Data Is Collected

Directly from you when you submit forms, book consultations, sign contracts, or communicate with us.
Automatically through website technologies including server logs, cookies, analytics tags, and consent tools.
From your authorised systems and integrations when we deploy AI workflows for your business.
From third-party sources such as communication platforms, CRM tools, or payment providers you connect.
From publicly available sources, when relevant to lawful business development and service qualification.

5. Lawful Bases for Processing (GDPR)

Lawful Basis	How We Use It
Article 6(1)(b) GDPR - Contract	To take pre-contract steps and to provide, operate, and support contracted AI services.
Article 6(1)(f) GDPR - Legitimate interests	To secure systems, prevent misuse, improve service quality, and run proportionate B2B communications.
Article 6(1)(a) GDPR - Consent	For optional marketing, non-essential cookies, and processing activities where consent is required.
Article 6(1)(c) GDPR - Legal obligation	To comply with tax, accounting, regulatory, and lawful disclosure requirements.
Article 6(1)(d) GDPR - Vital interests	Only where strictly necessary to protect an individual's vital interests.

6. Purposes of Processing

- Provide AI employee, automation, and implementation services to clients.
- Onboard customers, configure integrations, and manage project delivery.
- Monitor performance, debug issues, detect abuse, and maintain service resilience.
- Generate analytics and business intelligence to improve product quality and reliability.
- Respond to enquiries, deliver support, and manage commercial relationships.
- Comply with legal, regulatory, audit, accounting, and contractual obligations.

7. Marketing Communications

We may send business updates, service announcements, and relevant marketing content where permitted by law or where you have consented. You can unsubscribe at any time using opt-out links or by contacting us directly. We maintain suppression records to honour your preferences.

8. Cookies and Tracking Technologies

We use strictly necessary cookies for site functionality and security. Subject to consent requirements, we may also use analytics and performance cookies to measure website usage and improve user experience. You may control cookies in browser settings and via consent controls where presented.

9. Analytics

We use analytics tools to understand traffic sources, page performance, and engagement metrics. Analytics data is aggregated where possible. We do not intentionally use analytics to identify individuals unless required for security or fraud prevention.

10. AI Processing and Sub-Processors

Our service model may involve AI model providers, cloud infrastructure providers, and communication platform providers acting as sub-processors under contractual controls. We apply due diligence, data processing agreements, confidentiality obligations, and technical safeguards before onboarding sub-processors. We require sub-processors to process personal data only on documented instructions and with appropriate security measures.

Depending on your implementation, data may be used for real-time inference, workflow automation, quality assurance, abuse prevention, and system diagnostics. We aim to minimise personal data in prompts and outputs and support customer controls for retention, access governance, and processing scope.

11. International Data Transfers

Personal data may be transferred outside the European Economic Area where required for service delivery. Where transfers occur, we implement safeguards such as the European Commission Standard Contractual Clauses, transfer risk assessments, and supplementary technical and organisational controls where needed.

12. Security Measures

We apply layered security measures including access control, encryption in transit, secure authentication, role-based permissions, monitoring, vulnerability management, backup practices, and incident response procedures. No method of transmission or storage is completely secure, but we continuously improve safeguards.

13. Data Retention Schedule by Category

Category	Retention Period	Rationale
Sales enquiries and lead records	Up to 24 months from last meaningful interaction.	Lead follow-up, analytics, and dispute prevention.
Client contract and account records	Contract term + up to 7 years.	Contract administration, legal defense, and statutory obligations.
Billing and tax documentation	Up to 7 years (or longer if required by law).	Accounting, tax, and financial reporting compliance.
Support tickets and service correspondence	Up to 36 months after closure.	Quality assurance, continuity of support, and issue history.
Application and security logs	Typically 30-180 days; security events may be retained longer.	Incident investigation, fraud prevention, and service security.
AI input/output operational records	Configured by service context; generally 30 days to 24 months.	Service delivery, auditability, troubleshooting, and model safety review.
Marketing preferences and consents	Until withdrawal + suppression list retention as needed.	Consent evidence and opt-out enforcement.

We may retain data longer where necessary for legal claims, investigations, or binding legal obligations.

14. Children's Privacy

Our services are not directed to children and we do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us so we can investigate and take appropriate action.

15. Third-Party Links and Services

Our website or services may include links to third-party sites and tools. Their privacy practices are independent of ZingZee. We recommend reviewing third-party privacy notices before submitting personal data through those channels.

16. Your Rights

Subject to applicable law and processing context, you may exercise the following rights:

Right of access.

Right to rectification.

Right to erasure (right to be forgotten).

Right to restriction of processing.

Right to data portability.

Right to object to processing.

Right to withdraw consent at any time where consent is the lawful basis.

Right to lodge a complaint with a supervisory authority.

17. How to Exercise Your Rights

Submit requests by emailing hello@zingzee.com with enough information for verification. We may request additional details to confirm identity and prevent unauthorised disclosure. We aim to respond within one month, subject to lawful extensions for complex requests.

18. Automated Decision-Making

ZingZee does not intentionally make decisions producing legal or similarly significant effects solely by automated means about individuals without meaningful human oversight, unless expressly agreed and lawfully permitted.

19. Policy Updates

We may update this policy from time to time to reflect legal, technical, or operational changes. The "Last updated" date indicates the latest version. Material changes will be communicated through appropriate channels.

20. Contact Details and Complaints

If you have privacy questions, requests, or complaints, contact us at hello@zingzee.com or +357 99 769 757. You also have the right to lodge a complaint with your local supervisory authority, including the Office of the Commissioner for Personal Data Protection in Cyprus where applicable.

Contact ZingZee