Privacy Policy

Last Updated

February 15, 2026

Zetl is a financial services company. Your privacy is important to us, and this policy outlines how we collect, use, and protect your information when you use Zetl.

1. Introduction and Regulatory Compliance

At Zetl, we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounts and lending services.

This Policy complies with:

• Singapore Personal Data Protection Act 2012 (PDPA), as amended

• Hong Kong Personal Data (Privacy) Ordinance (Cap. 486) (PDPO)

• Anti-Money Laundering and Counter-Terrorist Financing requirements in both jurisdictions

• Applicable payment services and money lending regulations

2. Data Protection Officer

In accordance with the Singapore PDPA, we have appointed a Data Protection Officer (DPO) who is responsible for ensuring our compliance with data protection laws and handling your data-related enquiries.

Contact our Data Protection Officer:

Email: dpo@zetl.com

Address: 7 Temasek Boulevard #12-07, Suntec Tower One, Singapore 038987

Phone: +65 8895 2594

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Identity and Contact Information

• Full name, date of birth, nationality, and gender

• National identification numbers (NRIC, FIN, HKID, passport numbers)

• Residential and correspondence addresses

• Email addresses and telephone numbers

• Employment details, job title, and company name

3.2 Financial and Transactional Data

• Bank account details and payment information

• Income, assets, and liabilities information

• Credit history and credit bureau reports

• Transaction history and payment records

• Loan applications and repayment information

3.3 KYC and Due Diligence Data

• Proof of identity documents (copies of ID cards, passports)

• Proof of address documents (utility bills, bank statements)

• Source of funds and wealth documentation

• Ultimate beneficial ownership information

• Sanctions and PEP (Politically Exposed Persons) screening results

3.4 Technical and Usage Data

• IP addresses and device identifiers

• Browser type, operating system, and device information

• Website and application usage patterns

• Cookies and similar tracking technologies (see Section 12)

4. Purposes for Collecting and Using Personal Data

We collect, use, and disclose your personal data for the following purposes:

4.1 Service Delivery

• Processing your applications for payment and lending services

• Assessing your creditworthiness and eligibility for our services

• Managing your account and providing customer support

• Processing transactions and payments

• Communicating with you about your account and services

4.2 Legal and Regulatory Compliance

• Conducting Know Your Customer (KYC) and Customer Due Diligence (CDD)

• Complying with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) obligations

• Meeting requirements under the Singapore Payment Services Act and Hong Kong Money Lenders Ordinance

• Responding to regulatory enquiries and law enforcement requests

• Fraud prevention, detection, and investigation

4.3 Business Operations

• Improving our products, services, and customer experience

• Conducting market research and analytics

• Training and quality assurance purposes

• Internal auditing and record-keeping

4.4 Marketing Communications

• Sending promotional materials about our products and services (with your consent)

• Inviting you to events and providing relevant industry information

You may opt out of marketing communications at any time (see Section 10).

5. Automated Decision-Making and Artificial Intelligence

Important: We use automated systems, including artificial intelligence (AI) and machine learning technologies, in our operations. We are committed to transparency about how these technologies affect you.

5.1 How We Use AI and Automation

We use automated decision-making and AI for:

• Credit scoring and risk assessment for loan applications

• Fraud detection and prevention

• Identity verification and document authentication

• AML/CTF transaction monitoring and suspicious activity detection

• Customer service chatbots and automated responses

• Personalisation of services and communications

5.2 Decisions with Significant Impact

For decisions that have a significant impact on you (such as credit decisions or loan approvals), we ensure:

• Human oversight and review is maintained

• You have the right to request an explanation of the decision logic

• You may request human review of automated decisions

• You can contest decisions and provide additional information

5.3 AI Training and Data Usage

We may use anonymised and aggregated data derived from your interactions to improve our AI systems. Your personal data is not used to train third-party AI models without your explicit consent. Where we engage third-party AI service providers, we ensure they are contractually bound to protect your data and not use it for their own purposes.

6. Legal Basis for Processing (Consent)

Under the Singapore PDPA and Hong Kong PDPO, we process your personal data based on:

Consent: Where you have given us clear consent to process your personal data for specific purposes. You may withdraw consent at any time (see Section 10).

Contractual Necessity: Where processing is necessary to perform our contract with you or to take steps at your request before entering into a contract.

Legal Obligation: Where processing is necessary to comply with legal or regulatory requirements, including AML/CTF laws.

Legitimate Business Purposes: Where processing is necessary for our legitimate business interests, provided these do not override your rights and interests.

7. Disclosure and Sharing of Personal Data

We may disclose your personal data to the following categories of recipients:

7.1 Service Providers and Partners

• Payment processors and banking partners

• Credit bureaus and credit reference agencies

• Identity verification and KYC service providers

• Cloud hosting and IT infrastructure providers

• Professional advisers (lawyers, auditors, accountants)

• Debt collection agencies (where necessary)

7.2 Regulatory and Government Bodies

• Monetary Authority of Singapore (MAS)

• Hong Kong Monetary Authority (HKMA)

• Personal Data Protection Commission Singapore (PDPC)

• Office of the Privacy Commissioner for Personal Data, Hong Kong (PCPD)

• Law enforcement agencies and courts (when required by law)

7.3 Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

We do not sell your personal data to third parties for marketing purposes.

8. Cross-Border Data Transfers

As we operate in both Singapore and Hong Kong, your personal data may be transferred between these jurisdictions and to other countries where our service providers are located.

Transfer Safeguards:

When transferring personal data outside Singapore, we ensure compliance with the PDPA Transfer Limitation Obligation by:

• Ensuring the recipient is bound by legally enforceable obligations providing comparable protection

• Using ASEAN Model Contractual Clauses or equivalent standard contractual clauses

• Transferring to jurisdictions with adequate data protection standards

• Obtaining your consent for specific transfers where required

Similarly, transfers from Hong Kong are conducted in accordance with Data Protection Principle 3 of the PDPO.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

General Retention Periods:

• Customer account data: Duration of the business relationship plus 7 years

• Transaction records: 7 years from the date of transaction (as required by AML regulations)

• KYC/CDD documentation: 7 years after termination of the business relationship

• Loan records: 7 years after full repayment or write-off

• Marketing consent records: Until consent is withdrawn plus 1 year

• Website usage data: 2 years

After the retention period expires, personal data is securely deleted or anonymised.

10. Your Rights

You have the following rights regarding your personal data:

Right of Access: You may request a copy of the personal data we hold about you.

Right of Correction: You may request correction of any inaccurate or incomplete personal data.

Right to Withdraw Consent: You may withdraw your consent for processing at any time. Note that withdrawal of consent may affect our ability to provide certain services to you.

Right to Opt-Out of Marketing: You may opt out of receiving marketing communications at any time.

Right to Explanation of Automated Decisions: You may request an explanation of the logic behind significant automated decisions affecting you.

Right to Human Review: You may request human review of automated decisions that significantly affect you.

How to Exercise Your Rights:

Submit requests to our Data Protection Officer at dpo@zetl.com or by using the Data Access Request Form available on our website. We will respond within 30 days. An administrative fee may apply for access requests.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest

• Multi-factor authentication for system access

• Regular security assessments and penetration testing

• Access controls based on the principle of least privilege

• Staff training on data protection and security

• Incident response and breach notification procedures

Data Breach Notification: In the event of a data breach that is likely to cause significant harm, we will notify the relevant authorities (PDPC in Singapore, PCPD in Hong Kong) and affected individuals as required by law.

12. Cookies and Tracking Technologies

Our website and applications use cookies and similar technologies to enhance your experience and collect usage data.

Types of Cookies We Use:

Essential Cookies: Required for the website to function properly (e.g., session management, security).

Analytics Cookies: Help us understand how visitors use our website to improve our services.

Functional Cookies: Remember your preferences and settings.

Marketing Cookies: Used to deliver relevant advertisements (with your consent).

You can manage your cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect website functionality.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Do Not Call Registry (Singapore)

In compliance with Singapore's Do Not Call (DNC) provisions, we will check the DNC Registry before sending marketing messages to Singapore telephone numbers. If your number is registered with the DNC Registry, we will not contact you for marketing purposes unless you have given us clear and unambiguous consent.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by posting the updated policy on our website with a new effective date. For significant changes, we may also notify you directly via email. Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.