Last Revision: Jun 2021
ZL Technologies, Inc., (ZLTI) is an Enterprise software developer, with its flagship product ZL Unified Archive (ZLUA), which offers an on premise and/or cloud hosted or SaaS model to its customers. ZLTI takes confidentiality & data privacy very seriously for both on premise and our cloud hosted environments. We are committed to protecting personal data whether required by law, agreement or simply good business policies.
- Must be processed lawfully, fairly, and transparently.
- Can only be collected for specified, explicit and legitimate purposes.
- Must be adequate, relevant, and limited to what is necessary for processing.
- Must be accurate and kept up to date.
- Must be kept in a form such that the data subject can be identified, and only for the duration necessary for the defined processing.
- Must be processed in a manner that ensures its security.
ZLTI may operate as data controller in certain scenarios. ZLTI likewise may operate as a data processor when under contract with a ZLTI customer and will operate in such capacity as is outlined in such agreement.
Adherence to EU-US and Swiss-US Privacy Shield Principles
ZLTI is a multi-national organization, which provides large enterprises with an on premise or cloud hosted solution. As a result, ZLTI may be regulated under the EU-US and Swiss-US Privacy Shield Principles.
When conducting those activities on behalf of its EEA (European Economic Area) or Swiss customers, ZLTI holds and/or processes personal information provided by the EEA or Swiss customer at the direction of the customer. ZLTI will then be responsible for ensuring that third parties acting as an agent on our behalf do the same. In cases of onward transfer to third parties of data of EU or Swiss residents received pursuant to the EU-US or Swiss-US Privacy Shield Principles, ZL Technologies, Inc. is liable if such third-party agents act in a manner that is inconsistent with the appropriate Privacy Shield Principles, unless ZLTI can prove its non-responsibility for the event giving rise to such damages (if any).
To view our certification, please visit www.privacyshield.gov/list.
An individual may seek resources from ZLTI for its adherence to such policies as follows:
- General consumer data -as a processor: ZL Technologies, Inc. has committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel, https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint or you may seek further recourse through the US Federal Trade Commission at: https://ftccomplaintassistant.gov/#crnt&panel1-12.
- As an employee or former employee who was, during their employment, a resident of the EU: ZL Technologies, Inc. has committed to refer unresolved data related privacy complaints under the EU-US Privacy Shield Principles. ZLTI has selected Ireland’s Data Protection Commission as its EU-DPA (Data Protection Authority). They may be contacted at www.dataprotection.ie.
ZLTI commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities regarding human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Information we host on behalf of a ZLTI Customer
As a software provider and cloud hosted or SaaS model, ZLTI comes into possession of various types of data. To the extent that ZLTI hosts data of its customers, via SaaS or other hosted offering, such data is provided by the customer and as such ZLTI does not directly collect or gather information from individuals. Any data received on behalf of a customer is used strictly for the business purposes defined in the agreement between the customer and ZLTI. Any data so hosted is done in full compliance as is agreed upon between ZLTI and the customer. Any EU or Swiss individuals, whose data is so maintained by ZLTI, who seeks access to or wishes to correct, amend, or delete inaccurate data may make such request of the individual noted below in the Questions and Contact section herein.
Information we receive from Employees
ZLTI has current and past employees that reside and work in our EU offices. As a result, ZLTI may have transferred data from past and present employees, in personal data, to the ZLTI facilities in support of their employment relationship. Any such individual wishing to limit the use and/or disclosure of such information should contact the ZLTI (as noted in “Questions and Contact” Section), directly, to express their request to limit the use of such information.
This Policy sets forth the principles under which ZLTI manages the processing of Personal Data that it receives from its employees in the EU in support of its human resources operations. In connection with ZLTI human resources operations, ZLTI may now and/or in the future transfer or provide access to Personal Data regarding employees of the EU to the United States.
In accordance with the Privacy Shield framework, this Policy contains provisions relating to the following data privacy principles, all of which are described in greater detail in this Policy, and which are hereinafter referred to as the “Principles”:
- Accountability for Onward Transfer
- Data Integrity and Purpose Limitation
- Recourse, Enforcement, and Liability
This Policy outlines ZLTI’s general position and its practices about its commitment to implement the Principles, including the types of Personal Data it collects, the purpose and use of the Personal Data and the notice and choice affected Data Subjects have regarding ZLTI’s use of their Personal Data, their ability to correct that information, and the internal contact mechanism to correct information as well as to make inquiries and/or lodge a complaint about adherence to the Principles. This Policy applies to all Personal Data processed by ZLTI related to employees of ZLTI resident in the EEA whether in electronic or tangible format.
a. Notice. ZLTI shall inform Data Subjects that it participates and subjects itself to the Principles of the Privacy Shield program, the purpose for which it collects and uses Personal Data and the types (or identity) of Third-Party Agents to whom the Company discloses or may disclose that Personal Data. ZLTI will provide notice in clear and conspicuous language when Data Subjects are first asked to provide Personal Data to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Personal Data for a purpose other than that for which it was originally collected.
b. Choice. ZLTI collects Personal Data about its employees for human resources or compliance related functions, including, without limitation, recruiting, onboarding, performance appraisals and payroll or benefit distribution.
c. Accountability for Onward Transfers. Prior to disclosing Personal Data to a Third Party, ZLTI shall notify the Data Subject of such disclosure and allow the Data Subject the choice to opt-out of such disclosure unless the disclosure meets an employment requirement or is made to an Agent. ZLTI shall enter into contracts to ensure that any Third Party to whom Personal Data may be disclosed is aware of and adheres to the Principles or is subject to law providing the same level of privacy protection as is required by the Principles and agrees to provide an adequate level of privacy protection. The Company shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by Third Party Agents and agrees to provide a summary or a representative copy of the relevant privacy provisions of its contracts with agents to the DOC upon request.
The storage by Company of Personal Data on servers and/or on software made available or hosted by Third Party vendors shall not be considered disclosures of Personal Data to a Third Party so long as the Third-Party vendor does not have direct access to the Personal Data stored or hosted. In all events, ZLTI shall ensure by contract that any such Third-Party vendor (a) is aware of the Principles or (b) is subject to laws providing the same level of privacy protection as is required by the Principles or (c) has contractual safeguards in place to protect the Personal Data.
ZLTI is not required to identify the sources of Personal Data when such identification is not possible through reasonable efforts, or where the rights of persons other than the affected Data Subject would be violated. If there are compelling grounds to doubt the legitimacy of a Data Subject’s request for rectification, amendment, or deletion of his or her Personal Data, ZLTI may require further justifications before performing the Data Subject’s request.
d. Security. refer to section “Information Security” below.
e. Data Integrity and Purpose Limitation. ZLTI limits the collection, use and retention of Personal Data to that which is germane for the intended purposes for which it was collected or authorized by the Data Subject and takes reasonable steps to ensure that all Personal Data is reliable, accurate, complete and current. ZLTI depends on its employees to keep Personal Data reliable, accurate, complete, and current and will rely on its employees to maintain the integrity of all Personal Data they provide to the Company. The Company shall also adhere to the Principles for as long as it retains such Personal Data.
f. Access. ZLTI allows Data Subjects to access their Personal Data and to correct, amend or delete inaccurate information or information that is processed against the Principles, except (i) where the burden or expense of providing access would be disproportionate to the risks to the privacy of the Data Subject in the case in question, (ii) for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature. Such Data Subject may request access to, correction or amendment of or deletion of such inaccurate information by contacting: DPO@zlti.com or email@example.com
g. Recourse, Enforcement, and Liability. ZLTI uses a self-assessment approach or outside compliance review to assure compliance with this Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, is disseminated to its employees, is completely implemented and accessible and is in conformity with the Principles set forth in this Policy. ZLTI encourages interested persons to raise any concerns using the contact information provided below and will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles. In addition, ZLTI has agreed to cooperate with the European Data Protection Authorities (http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm) however, more specifically, with the Ireland Data Protection Commission (https://www.dataprotection.ie/docs/Law-On-Data-Protection/m/795.htm) for the purpose of handling any unresolved complaints regarding HR Personal Data concerns of EU resident employees or former employees. Data Subjects (employees) may engage their local Data Protection and/or Labor Authority concerning adherence to the Principles and the Company shall respond directly to such authorities regarding investigations and resolution of complaints and comply with advice given by them.
Information about Visitors to our Website
ZLTI gathers limited information from visitors who access our website, such as which areas users visit most frequently and which services users access the most.
We track the following types of information:
- Physical location
- Browser and its version in use
- Pages visited on zlti.com and subdomains, and duration
- Duration on our sites
- Resources downloaded from our sites
- Referral websites like search engines, online media, etc.
- The name of the corporation associated with the IP address connected from
How we use your Personal Information
You can browse our website without disclosing personal information about yourself. By “personal information” we mean any information that may be used to identify you, or in combination with other data may identify you, including, but not limited to your first and last name, physical address, email address or other contact information. If you choose to provide us with your personal information on an online registration form, we may use it to contact you via email, telephone, direct mail, or other communication formats to provide you with information or services that you have requested. Should you wish to preclude further contact, see the above paragraph for an explanation of how to “opt out.”
Disclosing & Retaining Information
As a rule, ZLTI does not share personal information with other companies at this time other than those that may be providing marketing resources to ZLTI. However, we may in the future, share personal information with our affiliated or related entities in connection with delivering services to you and to companies who provide services to us including, but not limited to, order fulfillment and e-commerce providers.
Other than as indicated above, we will not disclose the personal information that you provide, or details of your individual visits to this website, to any outside third parties except as you have requested, with your consent, or when we believe it is so required by law. However, as described above, we may, in the future, record general information about the use of our website and share it with our business partners.
ZLTI may also be required to disclose an individual’s personal or confidential information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
When we have no justifiable business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
ZLTI is committed to protecting the security of information we receive. We take reasonable measures to ensure your data is safe. We use a variety of measures to ensure that personal information is protected from:
- Unauthorized access
- Improper use or disclosure
- Unauthorized modification or alteration
- Unlawful destruction or accidental loss
In some areas of our platforms, we may use encryption technologies to enhance data privacy and help prevent loss, misuse, or alteration of the information under ZLTI’s control.
All our employees and agents who have access to or are involved in the processing of personal information respect the confidentiality of personal information.
The Internet, nevertheless, is an open system. While we use industry-standard efforts and security practices to safeguard your personal information, we cannot warrant the security of any personal information you elect to provide to us or is provided by a customer of ZLTI. We encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your credentials from third-party access.
You should also be aware that our website may include links to external websites operated by other organizations. They may, like us, collect personal information from visitors to their site. We cannot guarantee the content or privacy practices of any external websites and do not accept responsibility for those websites.
Your Choices and Privacy Rights
You have choices on how we communicate with you. Listed below are choices we provide you in relation to the processing of your personal information. Individuals located in the European Economic Area (“EEA”), the United Kingdom or Switzerland at the time they access our Services, please see section “Notice for Individuals Located in Europe”, for more information about your choices and rights.
Marketing Communications and subscriptions
If you receive commercial electronic communications from us, you can unsubscribe from the receipt of future commercial electronic communications from us by clicking on the “unsubscribe link” provided in such communications. Please note that even though you have opt-out of receiving marketing-related communications from us, we may still send you important administrative messages, and you cannot opt out from receiving these messages.
Access and Correction
You have the right to review and correct personal information that we have collected from you. You may exercise this right by contacting us as indicated in the “Questions and Contact Us”. In your request, please make clear what information you would like to have changed. For your protection, we may need to verify your identity before implementing your request. We will try to implement your request as soon as reasonably practicable. We reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or to charge a fee that considers the administrative costs for providing the information or taking the action requested.
We provide multiple choices in respect of the information we process about you:
- Opt-out of our use or sharing of your personal information: You may withdraw consent you have previously provided for the processing of information about you, including for email marketing by ZL Tech.
- Delete personal information: You can ask us to erase or delete all or some of the information about you.
- Change or correct personal information: You can edit some of the information about you by. You can also ask us to change, update information about you in certain cases, particularly if it is inaccurate.
- Object to, or limit or restrict use of personal information: You can ask us to stop using all or some of the information about you (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if the information about you is inaccurate).
- Right to access and/or have your information provided to you: You can also ask us for a copy of information about you and can ask for a copy of information about you provided in machine readable form if you reside in the EU, California or other jurisdiction that provides you this right as a matter of law.
Notice to California Residents
This section applies only to California residents.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes, to the extent applicable.
If you are a California resident under the age of 18, and you are registered visitor of our site, you may request that we remove content or information that you posted on the site or stored on our servers, by submitting a request in writing as indicated in the “Questions and Contact” section below, and clearly identifying the content or information that you wish to have removed, and providing sufficient information to allow us to locate the content or information to be removed.
Your browser may allow you to adjust your browser settings so that “do not track” requests are sent to the websites that you visit. However, we do not respond to “Do Not Track” (DNT) signals. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Request Your Data
Pursuant to Section 1798.110 of the CCPA, a California resident may make personal information requests to ZLTI regarding collection and usage of the California resident’s personal information. A California resident may request the following types of information about themselves from ZLTI. Please be aware that to prevent unauthorized parties from accessing your information, ZLTI may ask for verification of a California consumer’s identity.
- Categories of personal information collected about you
- Categories of sources from which personal information about you is collected
- Business or commercial purpose of collecting or selling, if applicable, personal information
- Categories of third parties with whom ZLTI shares personal information
- Categories of personal information shared with vendors for a business purpose
- Personal information collected about you
- Categories of personal information that ZLTI sold about you, if applicable
- Categories of third parties who were sold personal information by ZLTI, if applicable
Under the CCPA (California Consumer Privacy Act), ZLTI may not treat you differently than other customers where you have exercised your right to request data under the CCPA.
If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-844-525-4289.
Notice for Individuals Located in Europe
If you are in the European Economic Area, United Kingdom and/or Switzerland, the policies in this section are specific to you. They describe how we market to you, our legal bases for processing your information and your rights.
This section only applies to individuals that access or use our Services while located in the European Economic Area, United Kingdom and/or Switzerland (collectively “Europe”). We may ask you to identify which country you are in when you use some of the Services or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in Europe. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to users in Europe.
We are a controller regarding any personal information collected from individuals accessing or using our Services. A “controller” is an entity that determines the purposes for which and the way any personal information is processed.
We will only contact individuals located in Europe by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or the individual’s consent. When we rely on legitimate interest, we will only send you information about our Services that are like those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your personal information in this way or to disclose your personal information to third parties for marketing purposes, please click an unsubscribe link in your emails or submit an opt-out request. You can object to direct marketing at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services.
Legal Bases for Processing
Our legal bases for the processing activities identified in this Policy are:
- We rely on our contract with you as our legal basis for processing in relation to the following: to provide and maintain our services, to provide customer support or respond to you, to enforce compliance with our Terms, agreements, or policies, and to share your information with service providers.
- Depending on the specific circumstances, we rely on your consent or legitimate interest in relation to the following processing activities: to send you marketing and promotional emails, to advise you of other services, and to share your information with business partners, sponsors, or within our corporate organization.
We provide you with the rights described below when you use our Services. We may limit your individual rights requests in the following ways: (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; and (d)where the request is frivolous or burdensome.
When we fulfill your individual rights requests for correct (or rectification), erasure or restriction of processing, we will notify third parties also handling the relevant personal information unless this proves impossible or involves disproportionate effort. In certain circumstances, you have the following data protection rights:
- Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal information collected based on your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
- Right of access to and rectification of your personal information. You have a right to request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to some fee associated with the gathering of the information (as permitted by law) unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by us that is inaccurate.
- Right to erasure. You have the right to request erasure of your personal information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing that you previously consented, but later withdraw such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to erase the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the erasure of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws.
- Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless the exercise of this right adversely affects the rights and freedoms of others.
- Right to the restriction of or processing. You have the right to restrict or object to us processing your personal information where one of the following applies:
- You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information.
- The processing is unlawful, and you oppose the erasure of your personal information and request the restriction of its use instead.
- We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or in defense of legal claims.
- You have objected to processing, pending the verification whether the legitimate grounds of our processing override your rights.
- Restricted personal information shall only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
- Right to object to processing. Where the processing of your personal information is based on consent, contractor legitimate interests, you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defense of legal claims or for any other exceptions permitted by applicable law.
- Automated individual decision-making, including proling. You have the right not to be subject to a decision based solely on automated processing of your personal information, including proling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws. We do not engage in this type of automated processing.
Transfers of European Personal Information to the U.S (United States)
You have the following rights:
- A right to see the information we hold that is about you
- A right to have any mistakes corrected on information that is about you or (in certain circumstances) to have your personal information deleted
An individual wishing to exercise the above rights and/or limit the use or sharing of their data should contact ZL Technologies, Inc. by using the means defined in the Questions and Information section below.
We operate in the United States as a global organization.
Your personal information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental authority where the data protection laws may differ from those of your authority. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.
We may use “cookies” on our website. A cookie is a small text file sent by a website and stored by the browser on your computer’s hard drive. The main purpose of a cookie is to streamline your use of this website. By using cookies, we can keep track of your usage of the website and provide you with customized content. The following are the types of cookies that we may be using:
|Tracks Cookies on ZL Website?||Usage||What data is collected and what do we do with it||Tracker link|
|Yes||Analytics/Perf||The cookies from Google Analytics are used to collect anonymous information about where visitors come from and how they use the site. We use the information to generate analytical reports to help improve user experience of our site. Anonymous information collected through these cookies include pages visited, duration of visits, number of visitors, etc.||support.google.com/analytics/answer/6004245|
|Yes||Analytics/Perf||The cookies from Google Tag Manager are used to collect anonymous information about where visitors come from and how they use the site. We use the information to generate analytical reports to help improve user experience of our site. Information collected through these cookies inlcude pages visited, duration of vists, number of visitors, etc.||google.com/analytics/tag-manager|
|Yes||Analytics/Perf/Prospecting||After signing up through the Pardot forms on our website, visitors provide information including their first and last names, email addresses, phone numbers, company names, job titles and comments. Such information is stored in ZL Salesforce and HubSpot database and is used for marketing campaigns (e.g. emails and physical campaigns) and sales activities (e.g. phone calls and sending gifts)||hubspot.com|
|Yes||Perf/Prospecting||Through custom HTML5 demo request form, visitors can fill out their personal information including first and last name, email address, phone number, company name, job title and comments. Such information is collected and stored in zlti.com domain for thirty days. We use this cookie to do form autofills in order to enhance the user’s experience. This cookie will also be sent to our Pardot account and stored in our Salesforce database for future email and phone contacts with marketing campaigns and sales activities.||zlti.com|
You have a choice to accept or reject cookies by modifying your browser preferences. You have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to opt out of use of our cookies your end user experience may be impacted. Please see the Questions and Contact Information Section below for options in opting out of the ZLTI website cookies.
Collection of Sensitive information and Children’s Privacy
Sensitive personal information
We ask that you do not send us, and do not share any sensitive personal information (for example, government-issued IDs, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background, or trade union membership).
ZLTI, as a company focused on serving the needs of businesses. ZL Tech’s sites are not directed to minors and ZL Tech does not collect personal information of a minor through our sites without appropriate consent. Please notify us through choices provided under “Questions and Contact” so that we may immediately delete the information from our servers and make any other necessary corrections. Additionally, please use this same approach to request removal of content or information that was posted to our sites when the registered user was under the age of 16. Please note that such requests may not ensure complete or comprehensive removal of the content or information, as, for example, some of the content may have been reposted by another user
If we decide to change our privacy commitment, we will post those changes on this website, so that you will always know what information we gather, how we might use that information and whether we will disclose it to anyone.
Questions and Contact
If you wish to request more information from ZLTI or inquire on exercising your rights, you can reach out to ZLTI by emailing ZLTI at firstname.lastname@example.org.
You may also write to us at:
ZL Technologies, Inc.
860 N. McCarthy Blvd., Suite 100
Milpitas, CA 95035, USA.
To update your preferences: