Effective as of 06.06.2025
This Privacy Policy (the “Policy”) is issued by REZONO GROUP LIMITED, a company registered under the laws of the Republic of Cyprus, with its registered office at Themistokli Dervi, 41 Nicosia, Cyprus 1066, (“we”, “us”, or “the Company”) and describes how we collect, use, store, and protect Personal Data (as defined below) in connection with the provision of our advertising services, platform access, and related technologies (collectively, the “Services”).
This Policy applies to:
(a) Personal data of Clients and their representatives;
(b) Platform users interacting with campaigns or services delivered via our systems;
(с) Business partners, suppliers, affiliates, and end users are impacted through pixel, cookie, or integration events.
This Policy is intended to satisfy the legal requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), Brazilian LGPD, and relevant anti-money laundering and anti-corruption frameworks.
1. Scope of Application
This Policy applies to the processing of Personal Data by the Company in its capacity as a data controller and/or processor, including:
(a) Data from Clients and business partners;
(b) Data relating to Users of campaigns launched through our systems;
(с) Data collected from our websites, platforms, and communications.
The Company may also act as a data processor on behalf of Clients who use our platform to deploy or optimize campaigns.
2. Data Controller Identity
The data controller for purposes of applicable data protection laws is:
REZONO GROUP LIMITED
Themistokli Dervi, 41 Nicosia, Cyprus 1066
Email: contact@rezono.com
Republic of Cyprus
Where services are provided on behalf of third parties (e.g., ad platforms or publishers), we may also act as a data processor, subject to appropriate data processing agreements (DPAs).
3. Categories of Personal Data Collected
We may collect and process the following categories of personal data:
3.1 From Clients and Business Partners:
(a) Identity data (name, role, company affiliation)
(b) Contact data (email address, telephone number, address)
(с) Financial information (payment account, billing info, tax ID)
(d) Login credentials and access tokens
(e) Usage metadata (login times, IP, user agent)
3.2 From End Users (subject to configuration):
(a) Device/browser metadata (IP address, device type, operating system, screen resolution)
(b) Ad engagement metrics (clicks, view time, conversion paths)
(с) Pixel data and cookie identifiers
(d) Geolocation data (city-level or region-level, approximate only
3.3 For AML/KYC Compliance:
(a) Identity documents (passport, ID card)
(b) Company registration and beneficial ownership data
(с) Statements regarding the lawful source of funds and non-sanctioned status.
We do not intentionally collect sensitive personal data (as defined under Art. 9 GDPR), or data from individuals under the age of 16.
4. Purpose and Lawful Basis for Processing
We process data for the following purposes and legal bases:
Purpose
Client onboarding, communication, and billing
Campaign setup and performance analysis
Platform fraud prevention, abuse control
Sanctions screening, AML verification
Cookie-based remarketing and tracking
Legal defense and enforcement
We will only process your personal data where we have a valid legal basis. Where required, we will request explicit consent prior to collecting data through cookies or similar technologies.
5. Use of Personal Data
We may use your personal data to:
(a) Provide access to Services, campaigns, and account dashboards;
(b) Fulfill contractual obligations including invoicing, reporting, and billing;
(с) Respond to legal requests, audits, or lawful investigations;
(d) Prevent fraud, money laundering, or account misuse;
(e) Generate anonymized analytics to improve our performance;
(f) Communicate with you regarding updates, alerts, or incidents.
We do not use personal data for automated decision-making that has legal or significant effects on the data subject.
6. Data Sharing and Disclosures
We may share your personal data with:
(a) Third-party processors (e.g., CRM, billing platforms, data centers)
(b) Cloud hosting and infrastructure providers
(с) Legal advisors, accountants, or compliance consultants
(d) Platforms such as Meta, Google, TikTok, and their verification systems
(e) Regulatory or law enforcement agencies, upon valid request
Where data is transferred outside the European Economic Area (EEA), we ensure adequate protections via Standard Contractual Clauses (SCCs), Data Transfer Agreements (DTAs) and/or Binding Corporate Rules (if applicable).
7. Anti-Money Laundering and Sanctions Screening
We comply with all applicable AML/CTF laws, including EU 5AMLD, Cyprus AML Law, FATF guidance, OFAC regulations, and UK Sanctions Law. In line with this:
(a) We collect and verify identity and ownership data for Clients and UBOs;
(b) We may conduct periodic background screening, cross-checking against global sanctions lists.
(с) We may suspend or terminate services if a Client or beneficial owner is found to be a Sanctioned Person or acts on behalf of such an entity.
(d) Data collected for AML/KYC purposes is securely stored and used only for compliance.
Failure to cooperate or provide documents may result in account restrictions or reporting to authorities.
8. Data Retention
We retain personal data:
(a) As long as required to provide Services and maintain client relationships
(b) For five (5) years for regulatory or accounting compliance
(с) Until the expiration of statutory limitation periods for legal defense
(d) Shorter periods (e.g., 12–24 months) for analytics and campaign metrics
(e) Cookie and pixel data retention is outlined in our [Cookie Policy]
Upon expiry of applicable retention periods, data is securely deleted or anonymized unless longer storage is required by law or legitimate interest.
9. Your Rights under GDPR and Other Laws
Depending on your jurisdiction, you have rights including:
(a) Right of access – receive a copy of your personal data
(b) Right to rectification – correct inaccurate or incomplete data
(с) Right to erasure – request deletion (“right to be forgotten”)
(d) Right to restrict or object – limit or stop certain processing
(e) Right to data portability – receive data in machine-readable format
(f) Right to withdraw consent – where processing was based on consent
(g) Right to lodge a complaint – with the Cyprus Commissioner for Personal Data Protection or your local authority
To exercise your rights, contact us at contact@rezono.com.
NOTE. We may ask you to verify your identity before fulfilling the request.
10. Cookies and Online Tracking
We use cookies, web beacons, pixels, and similar technologies to:
(a) Enable login sessions and dashboard features
(b) Track campaign performance and click behavior
(с) Perform retargeting or remarketing activities
(d) Prevent abuse and detect fraudulent traffic patterns
Users may manage cookie preferences via browser settings or our Cookie Consent Manager.
Where required by law, cookies will only be placed after obtaining valid opt-in consent.
11. Opt-Out Rights
You have the right to opt out of certain uses of your personal data, including:
Marketing Communications: You may opt out of receiving promotional or marketing emails from us at any time by clicking the "unsubscribe" link included in such emails or by contacting us directly at marketing@rezono.com. Please note that you may continue to receive transactional or administrative messages related to your account or services.
Cookie-Based Tracking: You may opt out of cookies and similar technologies used for advertising or analytics purposes by adjusting your browser settings or through our Cookie preferences tool. Where required by law, we will seek your consent before placing non-essential cookies.
Sale or Sharing of Personal Data (California residents): If you are a California resident, you may opt out of the “sale” or “sharing” of your personal information as defined under the CCPA by submitting a request via contact@rezono.com. or by enabling the Global Privacy Control (GPC) in your browser.To exercise any opt-out right, or to update your preferences, please contact our Data Protection Officer at: contact@rezono.com.We will respond to all verified opt-out requests within the timeframe required by applicable law.
12. Data Security
We are committed to ensuring the confidentiality, integrity, and availability of personal data under our control.
We implement a range of technical and organizational measures, including but not limited to:
(a) Data encryption in transit and at rest
(b) Access control with authentication and role-based permissions
(с) Logging, monitoring, and intrusion detection systems
(d) Regular system audits, backups, and penetration testing
(e) Staff training in data protection and access hygiene
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security.
In the event of a confirmed personal data breach likely to result in a risk to your rights and freedoms, we will notify affected individuals and data protection authorities within the timeframe required by law.
13. Children’s Privacy
Our Services are intended exclusively for use by persons aged 16 years or older. We do not knowingly collect or solicit personal data from children under this age threshold.
If we become aware that we have collected personal data from a child without verified parental consent, we will take immediate steps to delete the information and restrict further access.
Parents or legal guardians who believe that their child has provided us with personal data should contact us at contact@rezono.com.
14. California Consumer Privacy Act (CCPA) Disclosures
If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information.
Categories of Personal Information We Collect:
(a) Identifiers (e.g., name, email, IP address)
(b) Internet or network activity (e.g., website interactions)
(с) Commercial information (e.g., records of purchases or services)
(d) Geolocation data (approximate)
(e) Professional or employment-related data (business contacts)
We do not sell personal information as defined under the CCPA. We may “share” data for cross-context behavioral advertising as permitted by law.
California Consumer Rights:
(a) Right to know what personal data we collect and use
(b) Right to request deletion of personal data
(с) Right to opt out of sale/sharing
(d) Right to non-discrimination when exercising your rights
To exercise any of your rights under the CCPA, please submit a verifiable consumer request to contact@rezono.com.
We will respond to verifiable requests within 45 days or notify you if more time is needed (up to an additional 45 days).
15. Brazilian LGPD Disclosures
If you are located in Brazil, the Lei Geral de Proteção de Dados (LGPD) grants you similar rights to those under the GDPR, including:
(a) Confirmation of processing
(b) Access, rectification, and deletion
(с) Restriction or portability
(d) Revocation of consent
(e) Right to file a complaint with the national authority (ANPD)
We rely on legitimate interest, consent, or legal obligation as the primary bases for processing personal data under LGPD. Data subject requests may be directed to our Data Protection Officer.
16. Third-Party Websites and Services
Our Services may contain links to websites or services operated by third parties. This Policy does not apply to such external sites, and we are not responsible for their privacy practices or content.
We encourage users to review the privacy policies of any third-party sites they visit or engage with.
17. Automated Processing and Profiling
We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals.
Where campaign analytics or behavioral tracking is performed (e.g., frequency capping, retargeting), it is used only for optimization and service delivery purposes and does not result in profile-based discrimination.
If required by law, consent will be obtained prior to such tracking.
18. International Transfers and Cross-Border Flows
Given the nature of our operations, personal data may be transferred and processed outside of the European Economic Area (EEA), including in the United States, the United Kingdom, or other jurisdictions.
In such cases, we ensure:
(a) Transfers are based on lawful mechanisms (e.g., SCCs, UK IDTA)
(b) Data recipients are contractually bound to equivalent protection standards
(с) Appropriate supplementary technical and legal measures are adopted
By using our Services, you consent to such transfers under applicable law.
19. Updates to this Privacy Policy
We may amend this Privacy Policy from time to time to reflect changes in law, technology, or our business operations.
The “Effective Date” at the top of the Policy indicates when it was last revised.
Material changes will be notified directly to Clients (via email or platform alert).
Your continued use of the Services constitutes acceptance of the updated Policy.
20. Enforcement and Complaints
If you believe your privacy rights have been violated or have a concern about our data practices, you may contact our Data Protection Officer using the information in Section 21.
You also have the right to lodge a complaint with your national data protection authority.
For EU-based users, this includes the Office of the Commissioner for Personal Data Protection in Cyprus.
21. Contact Us
If you have any questions, requests, or concerns about this Privacy Policy or our data processing practices, please contact:
Data Protection Officer
REZONO GROUP LIMITED
Themistokli Dervi, 41 Nicosia, Cyprus 1066
Email: contact@rezono.com
We aim to respond to all legitimate data protection inquiries within thirty (30) days.