Privacy Policy
The use of our service is possible without the indication of personal data. In case you would like to make use of specific applications of our company the processing of personal data may be necessary. For the circumstance, that processing of personal data is necessary, and a legal base, therefor does not exist, we seek your consent.
The processing of personal data takes place in order with the General Data Protection Regulation (GDPR) and the respective country-specific data protection and users’ privacy regulations. By means of this policy declaration, our company would like to inform the public about the type, extent, and purpose of the personal data collected, used and processed. Further, we want to inform you about your rights and our policy.
We have taken technical and organizational measures to protect your data against loss, modification, or unauthorized access. We continuously improve these security measures according to technological development.
General
to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art 15 GDPR);
“personal information” is data that, when submitted, can determine your identity or enables your identity to be determined.
“Only indirectly personally identifiably information” is data by which clients, service providers or recipients of a communication cannot determine the identity of a specific individual using means that are permitted by law.
“Non-personal information” is anonymized and cannot, under any circumstances, be attributed to specific individuals and is therefore information that is not subject to the Privacy Policy governing personal data.
“data subject” means an identifiable natural person whose personal data is processed by the controller.
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
”third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subjects wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal data is only processed by our company in accordance to the data protection regulations in force. In case you correspond with our company or fill in a form with your data, you accept that the data is processed for the mentioned purpose.
Name and address concerning the controller and contact partner
The body responsible for collecting, processing and using your personal data in terms of the GDPR is:
Address: The Meydan Hotel, Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E
For questions regarding data protection and privacy policy, please write to the following e-mail address:
General rules of the processing of personal data
We process personal data for mentioned purposes in this privacy policy declaration. Your personal data is not transmitted to a third party, with exception for the cases mentioned in this privacy policy declaration or binding national law.
In case of particular offers on our platform – such as user account, newsletter, contact – it may be necessary to sign up before, which leads to a needed procession of your personal data. Your data is only used, if you have transmitted our company, your personal data and if there is a legal basis for the processing.
User Account
A user account is required for the use of the Zolal-platform and therefore the streaming of video content. The user account can be deleted by yourself at any time. Some of the services we provide require cooperation with partner companies. In order to use the platform, a payment must be made, which we process via our service provider [Name, Address]. However, our service provider may not use the information provided for purposes other than those related to the service.
In order to create the user account, the following personal data must be processed: name, address and the last 4 digits of your credit card.
Newsletter
You can sign up for a newsletter during registration with your explicit consent or by disclosure of your e-mail address for this reason. The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. The newsletter is only transmitted to your disclosed e-mail address. In addition, we kindly ask you to confirm that you are owner of the e-mail address such as your agreement for receiving the newsletter.
During the registration for the newsletter, we process your personal data from the contact fields (name, e-mail address). Purpose of the process is the information of upcoming new movies or series on our platform.
The legal basis for this is Art 6 Para 1 lit a GDPR.
You may revoke your prior consent to the processing of your personal data at any time under Art 7 Para 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or to use the termination-link in each newsletter.
Contact form
Our website (www.Zolal.com) contains a contact form that enables a quick electronic contact to our company, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts our company via a contact form, the personal data transmitted by the data subject are automatically stored.
The legal basis for this is Art 6 Para 1 lit b GDPR.
Period for which the personal data will be stored
We store your personal Data, where required, for the duration of the entire business relationship (initiation, transaction, fulfilment of a contract) and moreover pursuant to the storage and documentation obligations. The storage period results from the storage obligations and periods of limitation.
Rights of the data subject
Regarding the data processing, users and data subjects have the right:
to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art 15 GDPR);
to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
to the immediate deletion of data concerning them (cf. also Art 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art 17 Para 3 GDPR, to restrict said processing per Art 18 GDPR;
to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art 20 GDPR);
to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of privacy policy provisions (see also Art 77 GDPR).
In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art 16, 17 Para 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.
Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controllers future processing of their data pursuant to Art 6 Para 1 lit f GDPR. An objection to data processing for the purpose of direct advertising is permissible.
Zolal uses Ads services of Google, Facebook, twitter, and Tiktok known as Google ads, Facebook ads, twitter ads & Tiktok ads, for advertising on third-party websites to previous visitors to the site. It could mean that we advertise to previous visitors who haven’t completed a log-in process on our site. This could be in the form of an advertisement on the Google search results page, a site in the Google Display Network, or somewhere on Facebook and mentioned platforms. Third-party vendors, including Google, Facebook, twitter, and Tiktok use cookies to serve ads based on someone’s past visits to the Zolal website. Of course, any data collected will be used in accordance with our own privacy policy, as well as Google, Facebook, twitter, and Tiktok's privacy policies.
Mixpanel
We use Mixpanel as a first-party analytics provider. By Mixpanel, we collect and control the data. As a first-party analytics provider, Mixpanel helps us maintain the confidentiality and security of your data. Mixpanel understands the importance of managing international transfers of personal data. Our Privacy Program executes standard contractual clauses and additional security assurance to ensure that the data you share with us receives legal protections equivalent to those in Europe. Mixpanel’s European Data Residency Program allows Mixpanel to process and store personal collected information entirely within their Netherlands-based data center. Mixpanel’s Data Residency Program gives us all its power while helping us meet the GDPR compliance goals.
Last Updated: January, 2023