Contact

Data Protection & Compliance (GDPR / CCPA)

Building Trust through Ethical Data Stewardship
Effective Date: June 2025

At Zoiko Group, we recognize that in today’s digital economy, trust is paramount. We are deeply committed to respecting individual privacy and protecting personal information across all of our brands, platforms, and operations.

Our data protection practices are not driven by compliance alone — they reflect our core values of transparency, integrity, responsibility, and innovation.

This Data Protection & Compliance Policy outlines how Zoiko Group aligns with global data protection standards, including:
  • The General Data Protection Regulation (GDPR)
  • The California Consumer Privacy Act (CCPA)
  • The California Privacy Rights Act (CPRA)
  • Other applicable national and regional privacy laws
We also align our practices with industry-leading frameworks, including:
  • ISO/IEC 27701 (Privacy Information Management System)
  • NIST Privacy Framework
  • APEC Cross-Border Privacy Rules (CBPR)
1. Our Commitment to Global Data Protection
Zoiko Group maintains a Global Privacy & Data Protection Program designed to:
  • Embed privacy and data protection into the fabric of our organization
  • Promote accountability and ethical stewardship of personal information
  • Respect individual privacy rights across all jurisdictions where we operate
  • Support responsible innovation and AI governance aligned with data ethics principles
  • Foster a culture of privacy across all levels of the company
2. Scope of This Policy
This Policy applies to all personal information processed by:
  • Zoiko Group Inc. and its subsidiaries and affiliates
  • All Zoiko Group brands and business units, including: ZoikoPay, ZoikoPal, ZoikoTime, ZoikoNex, ZoikoSocial, BookingOrbit, Zoiko Mobile, GoLite Mobile, DriverX Mobile, Zoiko Telecom, Zoiko TV, NoxxChicken, La Caribbean Taste, and others
  • Employees, contractors, partners, vendors, and third parties processing data on behalf of Zoiko Group
3. Roles & Responsibilities
Depending on the nature of the processing, Zoiko Group may act as:
  • A Data Controller — determining the purposes and means of processing personal data
  • A Data Processor — processing personal data on behalf of another controller
We ensure that appropriate contracts, Data Processing Agreements (DPAs), and privacy safeguards are in place with all business partners, vendors, and customers.
4. Cross-Border Data Transfers
Given our global operations, personal information may be transferred across borders, including to countries without the same level of data protection.

To safeguard these transfers, Zoiko Group:
  • Implements Standard Contractual Clauses (SCCs) approved by EU and UK authorities
  • Conducts Data Transfer Impact Assessments (DTIAs) to assess potential risks
  • Utilizes Adequacy Decisions where applicable
  • Ensures contractual, organizational, and technical safeguards are in place
  • Aligns with APEC CBPR principles where relevant
5. Data Security & Protection
Zoiko Group employs a defense-in-depth approach to securing personal data, including:
    • Encryption of data in transit and at rest
    • Identity and access management controls
    • Multi-factor authentication and zero-trust principles
    • Network segmentation and advanced threat protection
    • Endpoint detection and response (EDR) systems
    • Application security reviews and secure development practices
    • Continuous monitoring, penetration testing, and incident response capabilities
    • AI model governance and bias testing for AI-powered services (ZoikoPal, ZoikoTime, ZoikoNex)
6. Data Subject Rights
We respect and enable individuals to exercise their privacy rights, in accordance with GDPR, CCPA, CPRA, and other applicable laws.

Your rights may include:
  • Right of Access — obtain a copy of your personal data
  • Right to Rectification — correct inaccurate or incomplete data
  • Right to Erasure (Right to be Forgotten)
  • Right to Restriction of Processing
  • Right to Object — to processing, including direct marketing
  • Right to Data Portability
  • Right not to be subject to automated decisions with legal or significant effects
  • Right to Withdraw Consent
  • Right to Non-Discrimination (CCPA/CPRA)
To exercise your rights, contact: [email protected]
We will respond in accordance with applicable laws and regulatory timelines.
7. AI & Data Governance
As an innovator in AI-powered services, Zoiko Group is committed to Responsible AI Use aligned with data protection principles.

Our AI governance framework includes:
  • Algorithmic Impact Assessments (AIAs) for high-risk AI uses
  • Human oversight of automated decision-making
  • Explainability and transparency in AI outputs
  • Bias testing and mitigation
  • Alignment with AI ethics principles and data protection laws
8. Vendor & Third-Party Management
Zoiko Group maintains a robust Vendor Risk Management Program.

We:
  • Conduct privacy and security due diligence on all third parties processing personal data
  • Require Data Processing Agreements (DPAs) that include GDPR Article 28 requirements
  • Monitor and audit vendor compliance
  • Require vendors to process personal data only under Zoiko Group’s documented instructions
9. Children’s Data
Zoiko Group does not knowingly collect personal data from children under 16 without appropriate parental consent.

If you believe we may have collected such data, please contact [email protected] and we will take prompt action.
10. Governance, Accountability & Audits
Data protection governance is overseen by:
  • Group Privacy Office
  • Chief Legal & Governance Officer
  • Corporate Governance and Nominating Committee (Board-level oversight)
  • Appointed Data Protection Officers (DPOs) where required
The Board receives regular privacy reports to ensure accountability at the highest level.

We conduct:
  • Privacy Impact Assessments (PIAs) for new processing activities
  • Regular internal and external privacy audits
  • Alignment with ISO/IEC 27701 Privacy Information Management standards
  • Employee privacy training and awareness programs company-wide
We foster a culture of privacy through leadership, training, and transparent communication.
11. Regulatory Cooperation & Compliance
Zoiko Group cooperates fully with:
  • European Data Protection Authorities (GDPR)
  • California Privacy Protection Agency (CPPA)
  • UK Information Commissioner’s Office (ICO)
  • Other national privacy regulators
We actively monitor regulatory developments worldwide and continuously adapt our practices.
12. Continuous Improvement
We are committed to continuous improvement of our Data Protection & Privacy Program.

This includes:
  • Regular policy and process reviews
  • Benchmarking against Fortune 100 best practices
  • Participation in global privacy and AI governance initiatives
  • Engaging with stakeholders to ensure alignment with emerging privacy expectations
We view privacy as a strategic advantage and a core component of ethical business leadership.
13. Contact Information
For questions or to exercise your data protection rights, contact:



Zoiko Group Privacy Office

1401 21st Street, Sacramento, CA 95811, USA

Email: [email protected]
Closing Statement
At Zoiko Group, we believe that privacy is a human right and that ethical data stewardship is foundational to building trust.



We will continue to uphold the highest standards of data protection, transparency, and accountability as we deliver world-class innovations to our customers and partners globally.

Zoiko Group

Corporate Engagement & Support

Legal

Connect on Social media

Facebook-f Instagram Linkedin-in Youtube X-twitter
Zoiko Group
Facebook-f Instagram Linkedin-in Youtube X-twitter

© 2025 Zoiko Group. Zoiko Group Inc is headquartered at 1401 21st Street, Suite R, Sacramento, CA 95811. All rights reserved.

© 2025 Zoiko Group. Zoiko Group Inc is headquartered at 1401 21st Street, Suite R, Sacramento, CA 95811. All rights reserved.

Scroll to Top