Privacy Policy

Last Updated: 15th January 2026

Introduction

zenithcraft Lda. ("zenithcraft", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our commercial banking services or visit our website at zenithcraft.pro.

As a commercial bank operating in Portugal and across the European Union, we comply with all applicable data protection laws, including the General Data Protection Regulation (GDPR) and Portuguese data protection legislation.

Data Controller Information

The data controller for your personal information is zenithcraft Lda., a commercial bank registered in Portugal with registration number 845921367. Our registered address is Avenida dos Aliados 217, 4768-325 Braga, Portugal.

Data Collection

The data we collect includes personal information that you provide directly to us and information that we automatically collect when you use our services. We collect the following types of personal data:

  • Identity Information: Name, date of birth, nationality, identification numbers
  • Contact Information: Address, email address, telephone numbers
  • Financial Information: Account details, transaction history, credit information
  • Business Information: Company details, business activities, financial statements
  • Technical Information: IP address, browser type, device information, website usage data
  • Communication Records: Records of correspondence, support requests, and service interactions

How We Use Your Information

We use the personal data we collect for various legitimate business purposes. How we use your information depends on the specific services you use and how you interact with us. We use your data to:

  • Provide and maintain our commercial banking services
  • Process transactions and manage your accounts
  • Verify your identity and prevent fraud
  • Comply with legal and regulatory obligations
  • Communicate with you about our services
  • Improve our services and website functionality
  • Conduct risk assessments and credit evaluations
  • Provide customer support and respond to enquiries

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contractual Necessity: To perform our banking services contract with you
  • Legal Obligation: To comply with banking regulations and anti-money laundering laws
  • Legitimate Interests: For fraud prevention, risk management, and service improvement
  • Consent: For marketing communications and certain cookie usage

Data Sharing and Disclosure

We may share your personal data with third parties in the following circumstances:

  • With regulatory authorities and government agencies as required by law
  • With our service providers who assist in delivering our banking services
  • With credit reference agencies for credit assessment purposes
  • With correspondent banks for international transactions
  • In connection with business transfers or restructuring

Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations. The specific data retention periods vary depending on the type of information and legal requirements:

  • Account Information: Retained for the duration of the banking relationship and up to 10 years after closure as required by banking regulations
  • Transaction Records: Retained for 5-10 years as required by anti-money laundering laws
  • Marketing Data: Retained until you withdraw consent or for 3 years from last interaction
  • Website Data: Retained according to our Cookie Policy

Your Rights

Under GDPR and Portuguese data protection law, your rights include:

  • Right of Access: Request information about how we process your personal data
  • Right of Rectification: Request correction of inaccurate personal data
  • Right of Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of processing in certain situations
  • Right to Data Portability: Request transfer of your data to another service provider
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing based on consent

Please note that some rights may be limited by banking regulations and legal obligations. We will respond to your requests within one month and may require verification of your identity.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication systems
  • Employee training on data protection
  • Incident response procedures

International Transfers

As a bank operating within the European Union, we primarily process your data within the EEA. However, we may occasionally transfer data to countries outside the EEA for specific business purposes. When we do so, we ensure appropriate safeguards are in place, such as:

  • European Commission adequacy decisions
  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules for multinational organisations

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the following information:

Privacy Officer

zenithcraft Lda.

Avenida dos Aliados 217

4768-325 Braga, Portugal

Email: privacy@zenithcraft.pro

Phone: +351 257 423 484

You also have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados) if you believe we have not handled your personal data in accordance with applicable law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you through our website or other appropriate channels. The "Last Updated" date at the top of this policy indicates when the most recent changes were made.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.

Governing Law

This Privacy Policy is governed by Portuguese law and the General Data Protection Regulation. Any disputes relating to this policy or our processing of your personal data will be subject to the jurisdiction of Portuguese courts.