Data Protection Governance & Procedures

1. Record of Processing Activities (ROPA)

Controller: La Soluzione Web Ltd (trading as MoneyZoe)
Contact: support [at] moneyzoe.com
ICO Registration Number: ZB859987

ActivityCategories of DataPurpose of ProcessingLegal BasisData SubjectsRecipients/Sub-processors
Website analyticsIP address, UUID, device/browser info, interactionsSite performance, usage analysisLegitimate interestsWebsite visitorsGoogle LLC, Meta Platforms, LinkedIn
Newsletter signupsName, emailNewsletter, Guide deliveryConsentSubscribersInternal systems only
Affiliate trackingClicks, device ID, referral URLAttribution and commission trackingLegitimate interestsWebsite visitorsAwin, CJ Affiliate, Rakuten, financeAds, etc.
Contact formName, email, message contentResponding to user inquiriesConsent / ContractInquirersHosting provider, internal systems
Hosting and securityIP address, device dataSecure and reliable website operationLegitimate interestsAll site usersHostinger, AWS, Cloudflare, Defiant

Review cycle: Annually or when new processing is introduced.

2. Data Breach Response Procedure (Simplified)

  1. Identify and confirm the breach (e.g., unauthorized access, loss, or misuse).
  2. Contain the breach (e.g., shut down affected accounts or services).
  3. Assess the risk to individuals.
  4. Notify the ICO within 72 hours (if risk is likely to rights/freedoms).
  5. Notify affected users without undue delay if there is a high risk.
  6. Document the breach, decisions taken, and actions performed.
  7. Review and implement security improvements.

3. DSAR Procedure (Data Subject Access Request)

  • Data subjects can submit requests directly at: https://moneyzoe.com/submit-gdpr-request/
  • The form includes all standard rights: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
  • We will acknowledge receipt of the request within 3 business days.
  • We will respond within 30 days as required by GDPR. If more time is needed due to complexity, the user will be informed.
  • Identity may be verified if necessary.
  • Data is provided in a structured, commonly used format.
  • No fee is charged unless the request is excessive or unfounded.

4. Data Subject Rights Procedure (Right to be Forgotten, etc.)

  • Requests to erase, rectify, or restrict data are accepted by email.
  • Requests are assessed and, where valid, completed within one month.
  • If objection is based on marketing, the request is honored immediately.
  • Users are informed of outcomes and given appeals path if rejected.

5. Data Sharing Processes

  • Data is only shared with third parties listed in the Privacy Policy and DPA.
  • All third-party services are reviewed for GDPR compliance.
  • International transfers are protected using SCCs or adequacy mechanisms.
  • No unnecessary or informal data sharing is permitted.

Reviewed: 30 March 2025
Maintained by: Christian Morano, Data Protection Lead

Bolt
Register here for more details and use our special code BB25OFF20 to unlock 25% off your company’s first 20 rides with Bolt Business. Limited-time offer!
EN - Cloud Miner

Articles and Reviews

FreshBooks
FreshBooks Accounting Software Review & Features
Buy Gold
Gold Avenue Review: A free secure place for your physical gold
Freshbooks Review
9 Key Benefits of FreshBooks Accounting Software
Freshbooks Review
FreshBooks Best Self-Employed Accounting Software