Effective Date: September 25, 2019; Last Updated November 6, 2019
Your privacy is important to Zapproved LLC (“Zapproved,” “us,” “our,” and/or “we”). This Privacy Statement describes our information and privacy practices that apply when you use Zapproved’s websites located at www.zapproved.com, www.legalholdpro.com, www.datacollectpro.com, www.digitaldiscoverypro.com (collectively, our “Websites”, and each individually a “Website”), as well as our services, including ZDiscovery Suite, Legal Hold Pro, Digital Discovery Pro, Cloud Preserve Cloud Collect (collectively, the “Application Services”). We operate the Websites for the benefit of and use by our customers, and to provide information and resources about our Application Services. This Privacy Statement applies to information we process as a data controller, and describes how we process data on behalf of our customers as a data processor.
PLEASE READ this Privacy Statement before you use the Websites or Application Services. Your use of the Websites or Application Services signifies to us that you have read and understood all of the terms of this Privacy Statement.
This Privacy Statement explains:
- What personal information we collect, and why we collect it;
- How we use personal information;
- How we protect that information;
- How you can control your information, including accessing, updating and deleting what we store; and
- How and with whom we may share the information we collect.
- Our Role as a Data Processor
- Types Of Information Collected
- How We Collect Automatically Collected Information
- How We Use The Information We Collect
- Disclosure Of Collected Information To Others
- Do Not Track
- Children’s Privacy
- Transfer and Storage of Information
- Securing Collected Information
- Updating or Correcting Your Personal Information
- Your Rights Regarding Your Personal Information
- Retention of Personal Information
- Links To Third-Party Websites
- Additional Information
We may need to update and revise this Privacy Statement from time-to-time in response to changing legal, technical, or business developments. We will post any new or revised Privacy Statement here. You can determine whether this Privacy Statement has been revised since your last visit by referring to the Last Updated date at the top of this page. We will notify you of significant changes to this Privacy Statement by posting a notice on the homepage of the Websites, or by some other appropriate manner consistent with the significance of the changes we make. We will seek your consent prior to processing your personal information following any significant changes to this Privacy Statement if and where we are required to do so by applicable data protection laws, and provided we have current contact information for you.
OUR ROLE AS A DATA PROCESSOR (Notice to End Users)
We provide the Application Services to or for enterprise use by our customers, and their end-users. As described in this Privacy Statement, the use or performance of the Application Services may involve the processing of your personal information. In other words, we operate as a service provider, and, through the provision of our Application Services, we may collect and process personal information on behalf and at the direction of our customers. In these circumstances, and for purposes of applicable data privacy laws, Zapproved is acting as a “Data Processor” and our customers remain the “Data Controller” with regard to any personal information that we collect, or they provide, for processing through use of our Application Services.
As the data controllers, our customers have primary responsibility for compliance with data privacy obligations over this personal information, including maintaining their own privacy program to communicate to individuals how their personal information is being processed and shared. As such, our customers’ individual organizational privacy statements will govern the use of personal information that is collected and processed through use of our Application Services. Zapproved is not responsible for our customers’ privacy or security practices which may differ than those described in this Privacy Statement.
As the data processor, we process personal information input into the Application Services on behalf of our customers, and in accordance with our customers’ written instructions as well as the terms of our contracts with our customers. This also means that where instructed or authorized by our customers, we may share personal information with third parties to carry out further processing of personal information on our customers’ behalf. Further, as a data processor, we will assist our customers in complying with applicable data privacy laws to the extent any such laws cover the personal information we process on their behalf. As such, we do not respond directly to any requests from individuals who desire to exercise their data privacy rights (as describe herein, below) with regard to their personal information for which we are a only a processor. Rather, we will refer any such requests to the customer who is the data controller of such personal information.
TYPES OF INFORMATION COLLECTED
Information You Provide To Us Through the Websites
Certain features of the Websites may enable or require you to provide personal information. Some common ways you may provide us with personal information include when you contact us through the Websites with an inquiry or to request support; create or manage an account or profile on our website; participate in surveys or webinars; download whitepapers; update your mailing list or any other subscription preferences with us. Depending on the nature of your interaction with us, the personal information collected on the Websites may consist of information including, but not limited to:
- first and last name;
- job title and company name;
- email address;
- phone number;
- mailing address;
- password to register with us;
- information you provide to us through the application process for recruiting purposes (see Employment Recruitment Information section, below);
- any other identifier that permits us to make contact with you;
- your photo or images of your likeness.
When we ask you to provide personal information on the Websites, we will explain, or otherwise make it evident, the reasons why you are asked to provide that information. Generally, and unless otherwise indicated, any required information that you may be asked to provide is needed to enable your use of certain features of the Websites, or provide you with services or information you request from us. In some instances, if you choose not to provide us with your personal information, you may not be able to use certain features of the Websites.
Employment Recruitment Information
Zapproved generally collects the following categories of candidate information when you apply or are recruited for employment with Zapproved:
- Your name, address, and contact information, including email address and telephone number;
- Details of your qualifications, skills, experience, and employment history;
- Data you submit in connection with your employment application, including résumés / CVs, letters, writing samples, or other written materials for evaluation of employment;
- Data generated by interviewers and recruiters in connection with your application for employment;
- Information about candidates we collect from other sources, such as information from:
- Recruiting agencies and vendors with whom we have agreed terms in place;
- Candidates’ public professional networking profile(s);
- Referral sources, including current Zapproved employees, among others, who suggest or refer individuals to us for consideration for employment.
Further, as part of the employment recruitment process you will have the option to voluntarily disclose information about yourself, which may include information about your race, gender, disability status, or military/veteran status. Disclosures of these categories of information is voluntary, and you may elect to decline to self-identify or otherwise disclose these categories of information. If you elect to voluntarily disclose any of these categories of information, Zapproved will only ever use the information you voluntarily provide for the purposes of government reporting where required, and to better understand the diversity characteristics of Zapproved’s workforce. Zapproved will never disclose your personal information collected for employment or recruitment purposes to third parties except as described in this Privacy Statement.
Information You Provide When You Attend Events
When you register for or attend an event or user group Zapproved hosts or sponsors, or other events in which any member of Zapproved participates, we may be provided or collect information that you are asked to provide upon registering or attending the event, such as:
- first and last name;
- email address;
- phone number;
- job title and company name.
Information Provided or Collected About You Via our Application Services
As described above, Zapproved is a service provider, and, through the provision of our Application Services, we may collect and process personal information about you on behalfand at the direction of our customers. Specifically, the Application Services we provide to our customers are described online at www.zapproved.com under the “Products” and “Solutions” headings. Through the provision of the Application Services, we may collect the following types of personal information from you, or about you:
- first and last name;
- email address;
- phone number;
- employment status;
- job title and company name;
- other information provided by our customers to enhance their usage of Application Services.
Information That We Collect Automatically
Zapproved, along with its authorized partners, uses certain analytics tools on the Websites that help us analyze usage and performance of the Websites when you visit and use the Websites. The information we collect automatically typically does not include any individuals’ names or contact information. Rather, when you visit, use, or navigate to the Websites, these analytics tools automatically collect and store certain information from your computer or device about your visit, such as your IP address, browser and device characteristics, the date and time of visit, duration of visit, operating system, referring URLs, device name, and certain location information such as the country or region you are browsing from. We may also note whether and how you use the Websites by recording site traffic patterns and “clickstreams.” Information regarding the usage data that is collected and provided to us is explained in greater detail in the Third Party Cookies and Website Analytics section, below.
This Automatically Collected Information allows us to better understand the visitors to our Websites, where they come from, and what content on our Websites is of interest to them. This Automatically Collected Information enables us to provide a more personalized experience for you by displaying information associated with you when you revisit a Website, and remembering user settings and session information while you navigate the Website. It also helps us to maintain the security and operation of our Websites. We only ever use this Automatically Collected Information for our internal analytics purposes, to diagnose problems with our servers, and to improve the quality, performance, and functionality of the Websites.
HOW WE COLLECT AUTOMATICALLY COLLECTED INFORMATION
A cookie is a text file containing small amounts of information that are downloaded to a device when it visits a website. Standing alone, a cookie does not identify an individual user. Rather, it identifies the computer, mobile device, or browser that a user uses to access the Websites. Cookies may be used to remember your personal settings, pre-fill forms for you, and to monitor your use of the Websites to improve our services.
Most browsers allow you to refuse to accept cookies and to delete cookies, though the methods for doing so may vary from browser to browser. Information about managing cookies in commonly used browsers is available online from www.allaboutcookies.org.
Types of Cookies And Why We Use Them
There are two types of cookies: Session-based and persistent. Session cookies exist only during one session, and they disappear from your computer or device when you close your browser software or otherwise end your session. Persistent cookies remain on your computer or device after you close your browser or otherwise end your session.
The Websites uses session cookies to provide us with information about the Websites features used and activities conducted while you are using the Websites. It also uses session cookies to help process information you input into the Websites. The Websites uses persistent cookies solely for remembering any preferences or choices you make regarding your use of the Websites, including your cookie settings.
There are four general categories of cookies. A description of each category of cookie is below, followed by a table describing the categories of cookies used on the Websites.
- Strictly necessary cookies. These cookies are essential to enable you to move around a website and use its features. Without these cookies, services you have asked for, like logging into a secure area of our Websites, cannot be provided.
- Performance / analytical. These cookies collect information about how visitors use a website. The information collected by these cookies is performance and usage data such as that collected by Google Analytics as described throughout this Privacy Statement.
- Functionality cookies. These cookies allow a website to remember choices you make (such as your username or ID, language preference, or the area or region you are in) and provide enhanced, more personal features. They may also be used to provide services you have asked for. The information these cookies collect may be anonymized, and they cannot track your browsing activity on other websites.
- Targeting and advertising cookies. These cookies track browsing habits and are used to deliver targeted (interest-based) advertising. They are also used to limit the number of times you see an ad and to measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the Websites operator’s permission. They remember that you have visited a website and this information is shared with other organizations, such as advertisers.
We use the following categories of cookies for the reasons described below:
Do we use?
Purpose and Description
We use these cookies to enable you to navigate the Websites and use certain features, including accessing your account.
We use these cookies to improve the performance of our Websites and enhance your experience. Google Analytics automatically collects certain usage and performance data from our Website users. The information these cookies collect is aggregated and anonymous information, and we are never provided with your personal information from these cookies.
Functionality cookies enable the Websites to temporarily remember choices you make on the Websites, and to provide a more personalized experience. You can customize or disable these cookies through your browser settings. A link to cookie management resources for commonly used browsers is above.
We do not use any advertising, targeting, or marketing cookies on our Websites.
We use web beacons alone or in conjunction with cookies to compile Automatically Collected Information about your use of the Websites, as well as your interaction with emails from us. Web beacons are clear electronic images embedded in a web page, website feature, or email message, which can recognize certain types of information on your computer or device, such as cookies, when you viewed a particular website associated with the web beacon, and a description of any such website. For example, we may place web beacons in email messages that notify us when you click on a link in the email that directs you to the Websites. These assist us in delivering cookies, counting visits to our Websites, understanding usage and campaign effectiveness and determining whether an email has been opened and acted upon. We use web beacons to operate and improve the Websites and electronic communications, and to statistically monitor how many people are using the Websites or viewing electronic communications from us, and for what purposes. We may receive reports based on the use of these technologies by our third-party service providers on an individual and aggregated basis.
As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites or our Application Services. This information includes IP addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, and system configuration information.
Occasionally, we connect personal information to information gathered in our log files as necessary to improve our Websites and the Application Services. In such a case, we would treat the combined information in accordance with this Policy.
Third Party Cookies and Website Analytics
We use third party services including Google analytics to analyze Website activity. When you visit the Websites, Google Analytics automatically collects information from you through the use of Google’s analytics IDs, and Google provides some of this information to us. An analytics ID is a specific string of numbers and letters (often called a “character string”) that is assigned to your computer or device but does not name you. The analytics ID allows Google to track usage data of the Websites, such as date and time of visit, duration of visit, Website traffic patterns, “clickstreams,” other similar information about your use of the Websites, the type of web browser used, the operating system/platform you are using, your IP address, the websites that referred or linked you to our Website, and your CPU speed. Google Analytics does not share the analytics ID assigned to your computer or device that you use to access and use the Websites. Google Analytics provides information about the use of our Websites to us in aggregate form (i.e., data about many Website users combined and not just about you). Some of this data might include the regional location of Website users, but again, this data will be in aggregate (and not individual) form. We rely on this aggregate data to inform us how users are using the Websites and to help us improve the Websites.
Social Media Widget Cookies
Some pages of our Websites include social media features, such as the Facebook “Like” button, and widgets, such as the “Share This” button or interactive mini-programs that run on our Websites. These features may collect your IP address, which page you are visiting on the Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third-party or hosted directly on the Websites. See the Social Media section under the heading Disclosure Of Collected Information To Others, below, for more details about your interactions with these features on our Websites.
HOW WE USE THE INFORMATION WE COLLECT
We use information that we collect about you or that you provide to us for the reasons described in this Privacy Statement. In general, we will use the personal information we collect from you only for the purposes described in this Statement, or for the purposes stated at the time we collect your personal information. We may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you if and where this is permitted or required by applicable data protection laws.
We may use both Automatically Collected Information and your personal information to help diagnose problems with the Websites, to analyze performance and usage patterns on the Websites, and to improve the Websites and the services offered to you through the Websites.
Our Lawful Basis for Processing Your Information
Where required by applicable data protection laws, we will only use your personal information where we have a lawful basis to do so. In such cases, we generally process personal information either to perform a contract for requested services with you, or for our legitimate interests. Any processing of personal information we perform in our role as a data processor is done in accordance with the instructions of our customers, who, as the data controllers, are responsible for establishing the lawful basis for such processing where required by applicable data protection laws. We also use the information we collect or are provided for the following purposes:
- To perform our contract with you: To perform the services that you request from us (including to [process orders and payments]), respond to your inquiries and support our customer relationship with you, to contact you about your account, and to notify you about changes to our Websites, products, or services, and/or this Privacy Statement and our other Website terms and policies.
- For our legitimate interests: To improve Website performance and user experience, we use the information provided to us, as well as automatically-collected information, to analyze trends and statistics, as well as to update and improve our Websites and the services and features that we provide. We also use this information to generally run the Websites and for internal operations, including to help diagnose problems with the Websites, in order to provide you with an up to date, efficient and reliable service. In some cases we may use this information for certain marketing purposes (as described in greater detail in the [Marketing] section, below).
- To comply with our legal obligations: In certain situations we may disclose the information provided to us, as well as automatically-collected information, to any competent law enforcement body, regulatory or government agency, court, or other third party if (i) we believe we are legally obligated to do so, including under applicable data protection laws, (ii) we believe disclosure is necessary to protect, establish, or exercise our legal rights or defend against legal claims, or (iii) we believe disclosure is necessary to help prevent fraudulent or criminal activity, or to protect you, our customers, third parties, or our employees, property, or business.
- With your consent: If you request to be put on our promotional mailing list, or otherwise provide your consent to receive marketing messages from us, we may use the information you voluntarily provide to us, as well as automatically-collected information, to send you announcements and other materials from time-to-time. More information about our marketing and advertising practices are described in greater detail in the Marketing Purposes section, below.
Information You Provide To Us
We use personal information you provide to us to provide you with services or information associated that you request from us. Specific uses of your personal information you provide to us include:
- To enable you to access and use the Websites and the Application Services
- To send you transactional messages, including responses to the comments, questions, and requests you send us
- To provide customer service and support, including to send you technical notices, updates, security alerts, and support and administrative messages
- To send you marketing communications as described in greater detail in the How we use Information for Marketing Purposes section, below.
Employment Recruitment Information
Zapproved uses the personal information it collects about candidates for employment for a variety of purposes related to the employment recruitment process. These purposes include for the performance of contracts with candidates, such as acting upon or responding to information or inquiries related to an employment agreement. Zapproved also processes candidate information for its legitimate interests, including: to assess candidate skills, qualifications, and suitability for the role the candidate applied for, or other roles for which the candidate consented to be considered for; communicate with candidates about the recruitment process; maintain records related to our recruitment and hiring processes; and initiate and administer candidate employment, as applicable.
Zapproved relies on a candidate’s consent to perform certain types of processing of candidate information. For example, where a candidate provides their consent, their personal information may be considered for employment opportunities with other organizations in the “Vista” portfolio. (Vista Equity Partners, which includes Vista Consulting Group, is Zapproved’s private equity investor.) As described above, in connection with the recruitment process Zapproved collects certain categories of information (such as race, gender, disability status, or military/veteran status) for certain government or diversity reporting purposes. Zapproved will not process these or other sensitive information types absent your voluntary disclosure or consent to processing of such information.
Information Provided or Collected About You via our Application Services for Our Customers
As a service provider, we use the information provided or collected about you through the provision of the Application Services to our enterprise customers for the sole purpose of providing the Application Services to, or on behalf of, our customers. Our customers are the data controllers with respect to this information, and are responsible for instructing us on how to process it, as well as for establishing a lawful basis for processing any personal information (where required by applicable data protection laws). Depending on the data processing instructions we receive from a customer, we may disclose to the customer all or part of the personal information processed through the provisions of Application Services on their behalf, or data or information derived therefrom. With regard to your personal information processed on behalf of our customers using the Application Services, our customers are able to:
- restrict, suspend or terminate your access to the Application Services;
- access and describe your personal information that you provided to them;
- access and export your personal information processed by them; and
- amend your personal information, including your end-user profile.
Unless instructed by a customer, or required for legal or regulatory purposes, we will never disclose information processed through the provision of the Application Services to any third party, or use such information for marketing purposes.
Information We Collect Automatically
As described in the sections on Automatically Collected Information above, we use
Automatically Collected Information to provide, operate, maintain, improve, secure, and promote the Websites and the Application Services. This Automatically Collected Information aides us in our efforts to ensure that our Websites and Application Services will appear and function appropriately on your computer, to help us improve the Websites and Application Services, to give you a more personalized experience when you use our Websites or the Applications Services, and to determine which website referred you to our Websites. It also helps us in our efforts to keep the Websites and Application Services safe by assisting us to investigate and prevent unauthorized access to the Websites and the Application Services, and other illegal activities. We may also use Automatically Collected Information to track what our Website users are looking at most frequently so we can recognize and deliver more of the features, products, and services that our users desire.
Zapproved may use the information provided or collected about you for its direct marketing purposes. For example, if you contact us to learn more about Zapproved or any of the Application Services, we may use the personal information you provide when you contact us to provide you with information related to your inquiry, which may include marketing information about our products or services. Further, if you sign up to receive marketing communications from us, we will contact you to provide information about products and services that may be of interest to you, or to provide other information regarding Zapproved, such as upcoming events and promotions, sweepstakes, or contests, new features or products, surveys, newsletters, as well as news and information about our partners and other general information about our products and/or services.
With each marketing communication, you will be given the opportunity to opt-out of receiving future marketing notices by using the unsubscribe mechanism provided through the marketing communication. You can also opt-out of receiving marketing communications from us at any time by visiting our subscription center, clicking on the unsubscribe link on the bottom of our marketing emails, or contacting us at email@example.com. If you request that we not contact you for marketing purposes, we reserve the right to retain your contact information and to contact you for non-marketing purposes relating to your use of the Websites and any of your purchases from us. We further retain the right to use your contact information to comply with our legal obligations, resolve disputes, and enforce our agreements.
DISCLOSURE OF COLLECTED INFORMATION TO OTHERS
Zapproved does not sell personal information to third parties. And, except in the limited circumstances described in this Privacy Statement, we do not share, transfer, or otherwise disclose your personal information to any third party.
Third-Party Service Providers
We may provide your personal information and Automatically Collected Information to third parties that provide us with data processing services, including hosting for and maintenance of our Websites, application development, backup, storage, analytics and other services, and for employment recruiting purposes (as described in greater detail, below). We only make such disclosures to the extent they are necessary and appropriate, in our discretion, to perform certain services on our behalf (e.g., improving security, services and features, directing mailings, fulfilling orders, conducting website analytics, or other data processing as described in this statement or described to you when we collect your information). These third parties may have access to or process your personal information for the purpose of providing services to us, but are required to keep the information confidential and are not authorized to process your personal information or Automatically Collected Information for any other purpose other than as instructed by us. We do not permit our third-party service providers to use the personal information that we share with them for their marketing purposes. And, we will not make third-party disclosures of any personal information we process in our role as a data processor for our customers, unless we are instructed or authorized to do so by our customers.
Employment and Recruiting
For recruiting purposes, we may disclose employment candidate personal information to “Vista” (as Vista Consulting Group and Vista Equity Partners), together with its affiliates, for administration, research, database development, and business operations of Zapproved’s recruitment processes, as well as may otherwise be described in this Privacy Statement. Vista processes personal information on the basis of its legitimate interests in overseeing the recruitment process and, if applicable, the employment relationship with Zapproved. As described above, where a candidate provides their consent, Zapproved will also share a candidate’s personal information with other Vista portfolio companies for the purpose of being considered for job opportunities in the Vista portfolio pooling system, both inside and outside the EEA and UK. Please find a full list of all Vista portfolio companies at: https://www.vistaequitypartners.com/companies/.
Zapproved engages third party service providers, including iCIMS (a Vista portfolio company), to assist in its employment and recruiting processes, such as to provide Zapproved with candidate tracking and assessment services. Zapproved discloses candidate personal information to these third-party services providers, or they collect candidate personal information on Zapproved’s behalf, for the limited purposes of providing the services for which Zapproved has engaged them. These third-party service providers may only use candidate personal information in accordance with Zapproved’s instructions, are subject to the same security and acceptable use limitations as described in relation to other third-party service providers, above. Further, Zapproved contractually requires its service providers to comply with applicable data protection laws when processing candidate data, including any specific frameworks or protections, such as EU-U.S. Privacy Shield Framework, governing cross-border data transfers.
Merger, Acquisition, or Sale
We may share and transfer any and all personal information and Automatically Collected Information with and to a third party (whether affiliated or not), in the event of a sale or transfer of assets, or other disposition of all or any portion of our business, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceedings in which information of users is among the assets transferred. Note that personal information and Automatically Collected Information will be shared in connection with evaluating any such transaction before it happens, and as part of the transferred assets. We will inform any successor in interest of the requirement to handle your personal information in accordance with this Privacy Statement.
Required by Law
Notwithstanding anything to the contrary in this Privacy Statement, we may also use and/or disclose your personal information and Automatically Collected Information, to any competent law enforcement body, regulatory or government agency, court, or other third party if (i) we believe we are legally obligated to do so, (ii) we believe disclosure is necessary to protect, establish, or exercise our legal rights or defend against legal claims, or (iii) we believe disclosure is necessary to protect our customers, third parties, or our employees, property, or business.
Certain pages of our Websites might include social media features, such as the Facebook “Like” button, and widgets, as well as the “Share This” button or interactive mini-programs that run on our Website. These features might require us to implement cookies, plug-ins, or application programming interfaces (APIs) provided by such social media platforms to facilitate the communications and features. When you provide us with information through these platforms, the information also becomes subject to their privacy statements. In addition, by choosing to use any third party social media platform or choosing to share content or communications with any social media platform, you allow us to share information with the designated social media platform. We cannot control any policies or terms of such third party platform. As a result, we cannot be responsible for any use of your information or content by a third party platform, which you disclose at your own risk. We encourage you to review the privacy statements of these platforms.
De-identified and Aggregate Automatically Collected Information
We may share anonymized and/or aggregated Automatically Collected Information in a non-personally identifiable manner to third parties for development, marketing, promotional or other purposes. We do not disclose to these entities any information that could be used to identify you personally without your knowledge and consent.
DO NOT TRACK
The Websites does not track your online activities over time and across third-party web sites or online services, and so does not respond to browser “Do Not Track” signals. As described below, the Websites may contain links to other websites not owned or operated by Zapproved. These websites may set cookies that obtain information about the fact that a web browser visited the Website from a certain IP address. These websites are not authorized to collect any other personal data from the Websites unless you provide it to them directly.
The Websites is not directed at nor intended for use by children under the age of 18, and we do not knowingly collect any personal information directly from children under the age of 18. We will never use or disclose any personal information of a child under the age of 18 for marketing or advertising purposes. If you are under age 18, you should not use our Websites and you should not send us personal information about yourself.
TRANSFER AND STORAGE OF INFORMATION
Your use of the Websites may involve your personal information being transferred to, and processed in, countries other than the country in which you reside. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, we are headquartered in the United States, and our Websites are hosted by Amazon Web Services (“AWS”) in the United States. This means that if you use our Websites and if we collect your personal information through the means described in this Statement, your personal information will be processed by us and AWS in the United States, which (in the absence of an adequacy decision from the EU Commission or similar body from another country or territory) may not have the same level of data protection as in your country. Where we do transfer your personal information to third-parties or service providers, appropriate arrangements will be made in order to ensure correct and secure data processing in compliance with applicable data protection law. As part of its adherence to the Privacy Shield principles and framework (as described in the “Privacy Shield Compliance” section, below), Zapproved is responsible for the processing of your personal information it receives under Privacy Shield and subsequently transfers to any third party or service provider acting on its behalf. As such, under the Privacy Shield principles and framework, and unless Zapproved proves that it is not responsible for the event giving rise to the damage, Zapproved will remain liable for the processing of your personal information in a manner inconsistent with the Privacy Shield principles by a third party or service provider acting on Zapproved’s behalf.”
Note that where you provide your personal information directly to third-party Linked Sites and our third party service providers, as discussed herein, such international transfers will be made in accordance with that third party’s applicable privacy practices, including in relation to the safeguarding of international transfers of data.
Privacy Shield Compliance
Zapproved abides by, and has certified adherence to, the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland, to the United States in reliance on Privacy Shield. For more information on the Privacy Shield frameworks, and to view the scope of Zapproved’s certification, please visit https://www.privacyshield.gov/. If you have an unresolved privacy or data use concerns that we have not addressed satisfactorily, please contact our U.S.-based third- party dispute resolution provider (free of charge) through the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. Visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. For residual Privacy Shield disputes that cannot be resolved by the methods above, you may be able to invoke a binding arbitration process under certain conditions. To find out more about the Privacy Shield’s binding arbitration scheme, please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Zapproved has further committed to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC), and to comply with the advice given by such authorities with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the European Union, the United Kingdom, and Switzerland in the context of the employment relationship.
The Federal Trade Commission has investigation and enforcement authority over our compliance with Privacy Shield. You can obtain more details of the protection given to your personal information when it is transferred outside of the EEA by using the details provided under the “Contact Us” section below.
SECURING COLLECTED INFORMATION
The Websites uses commercially reasonable physical, electronic, and managerial security measures to assist in protecting against the loss, misuse, and unauthorized alteration of your personal information processed through the Websites.
You can learn more about the security frameworks we follow, certifications we hold, and other details about how we secure your personal information by visiting the Zapproved Security & Trust Site.
Unfortunately, no data storage system, or system of transmitting data over the Internet or wireless network, can be guaranteed to be 100% secure, and no security system can prevent all security breaches. As a result, we do not and cannot guarantee the security of our servers, the means by which personal information is transmitted between your computer or device and our servers, or any personal information provided to us or to any third party to or in connection with the Websites or otherwise.
UPDATING OR CORRECTING YOUR PERSONAL INFORMATION
You may update your personal information we hold about you in our role as a data controller as follows. You may request that your personal information no longer be accessed, stored, used, and otherwise processed where you believe that we do not have the appropriate rights to do so. Where you gave us consent to use your personal information for a limited purpose, you can contact us to withdraw that consent. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your personal information, we will restrict any further use of your personal information until the request is honored or the dispute is resolved.
If you have voluntarily given us personal information through our Websites or by contacting us with a request or inquiry, you may update or change your personal information by sending an email request to firstname.lastname@example.org.
If you request that your personal information be changed or deleted from our databases, we will use commercially-reasonable efforts to remove your personal information from our databases, but see below regarding Retention and Storage as to why we might maintain some information. Please note that before carrying out your request, we may ask you to verify your identity and/or provide further details about your request.
Where we hold personal information about you on behalf of our customers in our role as a data processor, we can only update or correct the information we hold in accordance with the instructions or authorization from our customers. As such, you should make any request to update or correct such personal information directly to the customer who is the data controller. Upon receipt of a request from one of our customers for us to remove the personal information, we will respond to their request within thirty (30) days. We will retain personal information that we process and store on behalf of our customers for as long as needed to provide the Application Services to our customers.
YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION
If you are based in certain jurisdictions, you may also, in some circumstances, have the following rights in relation to the personal information we hold about you in our capacity as a data controller. You can request to:
- access a copy of the personal information held about you
- rectify any incorrect or incomplete personal information we hold about you
- delete, restrict or remove the personal information we hold about you
- transfer the personal information we hold about you to another party
- object to any further processing of your personal information, if we are processing your personal information on the basis of our legitimate interests (see above), or for
- direct marketing; or
- object to the sale of your personal information (Zapproved does not sell your personal information).
We will attempt to respond to your requests within one month and free of charge. Please note that with regard to all these rights, we reserve the right to:
- refuse your request based on the exemptions set out in the applicable data protection laws;
- refuse your request where we process your data on behalf of our customers in our role as a data processor (in such instances you must make the request directly to the
- customer / data controller);
- request for proof of your ID to process the request or request further information;
- charge you a reasonable administrative fee for any repetitive, manifestly unfounded, or excessive requests.
If we refuse your request to exercise these rights, we will give reasons for our refusal and allow you to challenge our decision. If we have shared your personal information with others, we will tell them about your request to rectify, erase, restrict or object to the processing where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your personal information so that you can contact them directly. If you wish to exercise any other data protection rights that are available to you under your local data protection laws (such as the right to data portability or to data restriction) then please send your request to email@example.com and we will act upon your request in accordance with applicable data protection laws.
If you have any concerns about how we handle your personal information, please contact us. If you are not satisfied after we’ve tried to resolve your issue, and as permitted by applicable data protection laws, you’ll be entitled to lodge a complaint with the data protection regulator for your country of residence. Contact details for data protection authorities in the European Economic Area are available here.
Your California Privacy Rights
Please note that Zapproved does not sell or disclose personal information to third parties for their direct marketing purposes. Notwithstanding the above, if you are a California resident, you have the right to request information from us regarding the manner in which we share certain categories of your personal information with third-parties. Specifically, California law provides you the right to submit a request to us at the designated address in the “Contact Us” section below to receive the following information:
- the categories of information we disclosed to third-parties for the third-parties’ direct marketing purposes during the preceding calendar year;
- the names and addresses of third-parties that received such information; and
- if the nature of a third-parties’ business cannot be reasonably determined from the third-parties’ name, examples of the products or services marketed.
You are entitled to receive a copy of this information in a standardized format and the information will not be specific to you individually.
RETENTION OF PERSONAL INFORMATION
We may retain all personal information and Automatically Collected Information in our databases for as long as necessary to meet the relevant purposes for which we’ve collected it, including for the purposes of performing our duties in our role as a data processor for our customers, as well as satisfying any applicable legal, accounting, or regulatory requirements. When we have no ongoing legitimate business need to process your personal information, we will either delete or aggregate it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
To determine the appropriate length of time for holding your personal information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements. As described above, you may also be able to ask us to remove your information from our databases, unless applicable laws require otherwise.
Note that even where you ask us to remove your information from our databases, it may be impossible to remove some information, such as information tracked in our web server log files and information that may reside in backup files. We may also retain Automatically Collected Information even after you request that we remove your information from our databases, for use in the aggregate and to analyze and improve the Websites, our products, and our services.
Further, even after you request that we remove your information from our databases, we may retain personal information and Automatically Collected Information for a limited time to comply with any applicable law, rule, regulation, or guideline, to prevent fraudulent activity, to protect ourselves against liability, and to allow us to enforce our contractual or other rights and to pursue available remedies and limit any damages we might sustain.
If your personal information is processed as part of our Application Services we provide to our customers, we will process the personal information for as long as we are instructed to do so by the relevant customer that is the data controller of the Application Services data.
Effective Date and Modifications
This Privacy Statement is effective as of the date listed at the top of this page. Please note that we may modify this Privacy Statement at any time, at our sole discretion, by posting the modified version on our Websites. You can determine if this Privacy Statement has been revised since your last visit to the Websites by referring to the effective date. Zapproved will also provide notification of significant changes to this Privacy Statement through a link on the home page of the Websites. In addition, if changes are significant and if you have set up an account through one of the Websites, we will also notify you of such changes via the email address you have provided to us. You are responsible for providing us an up-to-date and active e-mail address, and for periodically reviewing this Privacy Statement to check for any changes. The modifications will be effective upon posting, unless some other date is specified. All personal information held by us will be governed by the most recent Privacy Statement posted on the Website. We will keep prior versions in an archive for your review upon your request.
If you have any comments or questions about this Privacy Statement or the use of your personal information or Automatically Collected Information, please contact us by email at firstname.lastname@example.org, or at:
2175 NW Raleigh St, Suite 400
Portland, OR 97210