ZL Privacy Policy

Introduction

ZL Technologies, Inc. (ZLTI) is an Enterprise software developer whose primary product, ZL Unified Archive (ZLUA), offers on-premises, cloud-hosted, and SaaS deployment options to customers. Data privacy and confidentiality are taken seriously by ZLTI. We are committed to safeguarding personal information regardless of whether it is required by law, contract, or good business practices.

This Privacy Policy describes the collection, use, and disclosure (collectively referred to as “processing” or “process”) of personal information by ZLTI in connection with your use of ZLTI websites, mobile applications, and social media pages that link to this Privacy Statement, your interactions with ZLTI during in-person meetings or ZLTI events, and the context of other online sales and marketing activities. In addition, this Privacy Statement describes the privacy rights applicable to these processing activities.

This Privacy Statement was most recently revised in November 2023. However, the Privacy Policy is subject to change over time, for example, to comply with legal requirements or to meet evolving business requirements. The most up-to-date version can be found on this page. If there is a significant change that we want to highlight to you, we will also inform you in another appropriate way (for example, via a pop-up notice or statement of changes on our website).

As this Privacy Statement uses, “personal information” or “personal data” refers to information about an identifiable individual. This may include, among other things, your name, address, email address, business contact information, and information collected through your interactions with us via our websites or at events. Also known as ‘information about you,’ personal data is called ‘information about you.’

Scope

This privacy policy is intended to cover the combined operations of ZLTI in the USA, EU, Switzerland, and Asia. It further covers facilities that ZLTI may have under contract within the US or otherwise as sub-processors under the EU and Swiss data transfer provisions, including but not limited to Microsoft Azure and Amazon Web Services. The relationship between ZLTI and such sub-processors is to provide a hosting solution for customers of ZLTI’s data. Such sub-processors shall not undergo any further transfers of such data without the express written consent of ZLTI. ZLTI shall confirm compliance with and contractually obligate such sub-processors to provide the same level of protection as ZLTI and, where appropriate, conformance with the EU-US, Swiss-US Data Privacy Framework Principles (Overview) and any applicable standard contractual clauses. ZLTI shall provide timely notice should it learn that any such sub-processor can no longer meet this obligation.

Data Privacy Framework (DPF) Program Overview

The EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) were respectively developed in furtherance of transatlantic commerce by the U.S. Department of Commerce and the European Commission, the UK Government, and the Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.

The Data Privacy Framework (DPF) Program, which is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce, enables eligible U.S.-based organizations to self-certify their compliance under the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. To participate in the DPF Program, a U.S.-based organization must self-certify to the ITA via the Department’s DPF Program website and publicly commit to comply with the DPF Principles. To rely on the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF for transfers of personal data from the European Union and, as appropriate, the United Kingdom (and Gibraltar), and Switzerland, an organization must not only self-certify its adherence to the DPF Principles to the ITA but also both be placed and remain on the Data Privacy Framework List. The ITA will update the Data Privacy Framework List based on annual re-certification submissions made by participating organizations and by removing organizations when they voluntarily withdraw, fail to complete the yearly re-certification by the ITA’s procedures, or are found to fail to comply persistently.

While the decision by an eligible U.S.-based organization to self-certify its compliance under and participate in the relevant part(s) of the DPF Program is voluntary, effective compliance upon self-certification is compulsory. Once such an organization self-certifies to the ITA and publicly declares its commitment to adhere to the DPF Principles, it is enforceable under U.S. law.

All organizations interested in self-certifying their compliance under the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should review the requirements. To assist in that effort, the ITA’s DPF team has compiled relevant resources, including those describing the scope of the DPF Program, relevant implementation dates, and answers to frequently asked questions, and made these resources available on the DPF Program website.

EU-GDPR Principals

To take effect on May 25, 2018, ZLTI’s privacy policy as to EU data under GDPR requirements adopts the following principles that shall be applied to any activity that involves the collection or processing of EU or Swiss residents’ personally identifiable data.

1. Must be processed lawfully, fairly, and transparently.
2. Can only be collected for specified, explicit and legitimate purposes.
3. Must be adequate, relevant, and limited to what is necessary for processing.
4. Must be accurate and kept up to date.
5. Must be kept in a form such that the data subject can be identified, and only for the duration necessary for the defined processing.
6. Must be processed in a manner that ensures its security.

ZLTI may operate as a data controller in specific scenarios. ZLTI likewise may act as a data processor when under contract with a ZLTI customer and will work in such capacity as is outlined in such agreement.

Adherence to EU-U.S., the UK Extension to the EU-U.S., and the Swiss-U.S. DPF Principles

ZLTI is a multinational company that offers on-premises and cloud-hosted solutions to large enterprises. Consequently, ZLTI could be governed by the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles.

ZLTI holds and/or processes personal information provided by EEA, the UK extension of to the EU, or Swiss customers on their behalf when carrying out the activities. Then, ZLTI will be accountable for ensuring that third parties acting as our agents do the same. In cases of onward transfer to third parties of data of EU, the UK extension of the EU, or Swiss residents received under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles, ZL Technologies, Inc. is liable if such third-party agents act inconsistently with the applicable Data Privacy Framework Principles unless ZLTI can demonstrate that it is not responsible for the event giving rise to such damages (if any).

ZL Technologies, inc., complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. ZL Technologies, inc., has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. ZL Technologies, inc., has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/list

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles, ZL Technologies, Inc. commits to resolving complaints about your privacy and our collection or use of your personal information. EU, the UK extension of the EU, and Swiss individuals with inquiries or complaints regarding this privacy policy should contact ZL Technologies, Inc. using the contact information in the Questions and Contact Information section below.

An individual may seek resources from ZLTI for its adherence to such policies as follows:

1. General consumer data -as a processor: ZL Technologies, Inc. has committed to refer unresolved privacy complaints under the EU-US, the UK extension to the EU-US, and Swiss-US Data Privacy Framework Principles to JAMS, an alternative dispute resolution provider in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Data Privacy Framework Panel or you may seek further recourse through the US Federal Trade Commission.
2. As an employee or former employee who was, during their employment, a resident of the EU, ZL Technologies, Inc. has committed to refer unresolved data-related privacy complaints under the EU-US Data Privacy Framework Principles. ZLTI has selected Ireland’s Data Protection Commission as its EU-DPA (Data Protection Authority). They may be contacted at www.dataprotection.ie.

ZLTI commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and follow their advice regarding human resources data transferred from the EU and Switzerland in an employment relationship.

Information we host on behalf of a ZLTI Customer

As a software provider and cloud-hosted or SaaS model, ZLTI acquires various data types. Insofar as ZLTI hosts customer data via SaaS or other hosted offerings, such data is provided by the customer; ZLTI does not collect or gather information directly from individuals. Any data received on behalf of a client is used solely for the business purposes outlined in the client’s contract with ZLTI. Any data is hosted per the terms ZLTI, and the customer agreed upon. Any EU or Swiss individual whose data is maintained in this manner by ZLTI and who seeks access to or wishes to correct, amend, or delete inaccurate data may make such a request to the individual listed below in the Questions and Contact section of this document.

Information we receive from Employees

ZLTI has current and past employees who reside and work in our EU offices. As a result, ZLTI may have transferred data from past and present employees, in personal data, to the ZLTI facilities in support of their employment relationship. Any such individual wishing to limit the use and/or disclosure of such information should contact the ZLTI (as noted in the “Questions and Contact” Section) directly to express their request to limit the use of such information.

This Policy sets forth the principles under which ZLTI manages the processing of Personal Data that it receives from its employees in the EU in support of its human resources operations. In connection with ZLTI human resources operations, ZLTI may now and/or in the future transfer or provide access to Personal Data regarding employees of the EU to the United States.

By the Data Privacy Framework, this Policy contains provisions relating to the following data privacy principles, all of which are described in greater detail in this Policy, and which are from now on referred to as the “Principles“:

• Notice
• Choice
• Accountability for Onward Transfer
• Security
• Data Integrity and Purpose Limitation
• Access
• Recourse, Enforcement, and Liability

This Policy outlines ZLTI’s general position and its practices regarding its commitment to implement the Principles, including the types of Personal Data it collects, the purpose and use of the Personal Data, and the notice and choice affected Data Subjects have regarding ZLTI’s use of their Personal Data, their ability to correct that information, and the internal contact mechanism to update information as well as to make inquiries and lodge a complaint about adherence to the Principles. This Policy applies to all Personal Data processed by ZLTI related to employees of ZLTI residents in the EEA, whether in electronic or tangible format.

a. Notice. ZLTI shall inform Data Subjects that it participates and subjects itself to the Principles of the Data Privacy Framework program, the purpose for which it collects and uses Personal Data and the types (or identity) of Third-Party Agents to whom the Company discloses or may disclose that Personal Data. ZLTI will provide notice in clear and conspicuous language when Data Subjects are first asked to provide Personal Data to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Personal Data for a purpose other than that for which it was originally collected.

b. Choice. ZLTI collects Personal Data about its employees for human resources or compliance-related functions, including, without limitation, recruiting, onboarding, performance appraisals, and payroll or benefit distribution.

c. Accountability for Onward Transfers. Before disclosing Personal Data to a Third Party, ZLTI shall notify the Data Subject of such disclosure and allow the Data Subject to opt out unless the disclosure meets an employment requirement or is made to an Agent. ZLTI shall enter contracts to ensure that any Third Party to whom Personal Data may be disclosed is aware of and adheres to the principles or is subject to law providing the same level of privacy protection as is required by the principles and agrees to provide an adequate level of privacy protection. The Company shall also, upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing by Third Party Agents and agrees to provide a summary or a representative copy of the relevant privacy provisions of its contracts with agents to the DOC upon request.

The storage by the Company of Personal Data on servers and software made available or hosted by Third Party vendors shall not be considered disclosures of Personal Data to a Third Party so long as the Third-Party vendor does not have direct access to the Personal Data stored or hosted. In all events, ZLTI shall ensure by contract that any such Third-Party vendor (a) is aware of the principles or (b) is subject to laws providing the same level of privacy protection as is required by the principles or (c) has contractual safeguards in place to protect the Personal Data.

ZLTI is not required to identify the sources of Personal Data when such identification is not possible through reasonable efforts or where the rights of persons other than the affected Data Subject would be violated. Suppose there are compelling grounds to question the legitimacy of a Data Subject’s request for rectification, amendment, or deletion of their Data. In that case, ZLTI may require further justifications before performing the Data Subject’s request.

d. Security. Refer to section “Information Security”.

e. Data Integrity and Purpose Limitation. ZLTI limits the collection, use, and retention of Personal Data to that which is germane for the intended purposes for which it was collected or authorized by the Data Subject and takes reasonable steps to ensure that all Personal Data is reliable, accurate, complete, and current. ZLTI depends on its employees to keep Personal Data reliable, accurate, complete, and current. It will rely on its employees to maintain the integrity of all Personal Data they provide to the Company. The Company shall also adhere to the principles for as long as it retains such Personal Data.

f. Access. ZLTI allows Data Subjects to access their Personal Data and to correct, amend, or delete inaccurate information or information that is processed against the principles, except (i) where the burden or expense of providing access would be disproportionate to the risks to the privacy of the Data Subject in the case in question, (ii) for manifestly abusive requests, based on unreasonable intervals or their number or repetitive or systematic nature. Such Data Subject may request access to, correction, amendment of, or deletion of such inaccurate information by contacting DPO@zlti.com or privacy@zlti.com

g. Recourse, Enforcement, and Liability. ZLTI uses a self-assessment approach or outside compliance review to assure compliance with this Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, is disseminated to its employees, is completely implemented and accessible, and is in conformity with the principles outlined in this Policy. ZLTI encourages interested people to raise any concerns using the contact information provided below and will investigate and attempt to resolve any complaints and disputes regarding using and disclosing Personal Data by the principles. In addition, ZLTI has agreed to cooperate with the European Data Protection Authorities (http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm) however, more specifically, with the Ireland Data Protection Commission (https://www.dataprotection.ie/docs/Law-On-Data-Protection/m/795.htm) to handle any unresolved complaints regarding HR Personal Data concerns of EU resident employees or former employees. Data Subjects (employees) may engage their local Data Protection and/or Labor Authority concerning adherence to the Principles, and the Company shall respond directly to such authorities regarding investigations and resolution of complaints and comply with their advice.

Information about Visitors to our Website

ZLTI gathers limited information from visitors who access our website, such as which areas users visit most frequently, and which services users access the most.

We track the following types of information:

• Physical location
• Browser and its version in use
• Pages visited on zlti.com and subdomains, and duration
• Duration on our sites
• Resources downloaded from our sites
• Referral websites like search engines, online media, etc.
• The name of the corporation associated with the IP address connected from

This data assists us in determining what is most beneficial to our users and how we can continuously improve their online experience. In addition, visitors to the ZLTI website can receive company newsletters, download a white paper, or request a product demonstration. If visitors wish to receive only the requested information, they must select the “opt-out” option from this Privacy Statement. All ZLTI’s traditional e-marketing efforts shall include an “opt-out” box at the bottom, allowing recipients to request cessation of future marketing efforts.

How we use your Personal Information

You can browse our website without revealing any personal information. This includes, but is not limited to, your first and last name, physical address, email address, and other contact information. Choose to provide us with your personal information via an online registration form. We may use it to provide you with the requested information or services via email, telephone, direct mail, or other means of communication. See the preceding paragraph for information on “opt-out” if you do not wish to receive further communications.

Disclosing & retaining information

As a rule, ZLTI does not share personal information with companies other than those providing marketing resources to ZLTI. However, we may, in the future, share personal information with our affiliated or related entities in connection with delivering services to you and to companies who provide services to us, including, but not limited to, order fulfillment and e-commerce providers.

Other than as indicated above, we will not disclose the personal information you provide or details of your visits to this website to any outside third parties except as you have requested, with your consent, or when we believe it is required by law. However, as described above, we may, in the future, record general information about the use of our website and share it with our business partners.

ZLTI may also be required to disclose an individual’s personal or confidential information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Data Retention

We retain your information according to applicable laws and store it securely. We will retain the personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfill the purposes outlined in this Privacy Policy unless a more extended retention period is required or permitted by law (such as tax, legal, accounting, or other purposes). You can request the deletion of your personal information at any time (see “Your Privacy Rights and Choices” section for further information), and we will consider our request by applicable laws.

When we have no justifiable business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Information Security

ZLTI is committed to protecting the security of the information we receive. We take reasonable measures to ensure your data is safe. We use a variety of measures to ensure that personal information is protected from:

• Unauthorized access
• Improper use or disclosure
• Unauthorized modification or alteration
• Unlawful destruction or accidental loss

In some areas of our platforms, we may use encryption technologies to enhance data privacy and help prevent loss, misuse, or alteration of the information under ZLTI’s control.

All our employees and agents who have access to or are involved in processing personal information respect the confidentiality of personal information.

The Internet, nevertheless, is an open system. While we use industry-standard efforts and security practices to safeguard your personal information, we cannot warrant the security of any personal information you elect to provide to us or is supplied by a customer of ZLTI. We encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your credentials from third-party access.

You should also be aware that our website may include links to external websites operated by other organizations. They may, like us, collect personal information from visitors to their site. We cannot guarantee any external websites’ content or privacy practices and do not accept responsibility for those websites.

Your choices and privacy rights

You have choices in how we communicate with you. Listed below are the choices we provide you with regarding processing your personal information. Individuals located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland at the time they access our Services, please see the section “Notice for Individuals Located in Europe” for more information about your choices and rights.

Marketing communications and subscriptions

Suppose you receive commercial electronic communications from us. In that case, you can unsubscribe from receiving future commercial electronic communications from us by clicking on the “unsubscribe link” provided in such communications. Please note that even though you have opt-out of receiving marketing-related communications from us, we may still send you important administrative messages, and you cannot opt-out from receiving these messages.

Access and Correction

You have the right to review and correct the personal information we collected from you. You may exercise this right by contacting us as indicated in the “Questions and Contact Us.” In your request, please clarify what information you would like changed. We may need to verify your identity before implementing your request for your protection. We will try to implement your request as soon as reasonably practicable. We reserve the right to refuse to act on a request manifestly unfounded or excessive (for example, because it is repetitive) and/or to charge a fee that considers the administrative costs for providing the information or taking the action requested.

Choices

We provide multiple choices concerning the information we process about you:

• Opt-out of our use or sharing of your personal information: You may withdraw consent you have previously provided to process information about you, including for email marketing by ZL Tech.
• Delete personal information: You can ask us to erase or delete all or some of the information about you.
• Change or correct personal information: You can edit some of the information about you. You can also ask us to change and update information about you sometimes, mainly if it is inaccurate.
• Object to, or limit or restrict the use of personal information: You can ask us to stop using all or some of the information about you (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if the information about you is inaccurate).
• Right to access and have your information provided to you: You can also ask us for a copy of the information about you and a copy of the information about you provided in machine-readable form if you reside in the EU, California, or another jurisdiction that gives you this right as a matter of law.

Notice to California Residents

This section applies only to California residents.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Services who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes, to the extent applicable.

Suppose you are a California resident under 18 and a registered visitor of our site. In that case, you may request that we remove content or information that you posted on the site or stored on our servers by submitting a request in writing as indicated in the “Questions and Contact” section below and identifying the content or information that you wish to have removed and providing sufficient information to allow us to locate the content or information to be cleared.

Your browser may allow you to adjust your browser settings so that “do not track” requests are sent to the websites that you visit. However, we do not respond to “Do Not Track” (DNT) signals. Please read their privacy policies to determine whether any third-party services it uses honor the “Do Not Track” requests.

Request Your Data

Under Section 1798.110 of the CCPA, a California resident may request personal information from ZLTI regarding collecting and using the California resident’s personal information. A California resident may request the following types of information about themselves from ZLTI. Please be aware that ZLTI may ask to verify a California consumer’s identity to prevent unauthorized parties from accessing your information.

• Categories of personal information collected about you
• Categories of sources from which personal information about you is collected
• Business or commercial purpose of collecting or selling, if applicable, personal information
• Categories of third parties with whom ZLTI shares personal information
• Categories of personal information shared with vendors for a business purpose
• Personal information collected about you
• Categories of personal information that ZLTI sold about you, if applicable
• Categories of third parties who were sold personal information by ZLTI, if applicable

Under the CCPA, ZLTI may not treat you differently than other customers where you have exercised your right to request data under the CCPA.

If you are a California resident, you may obtain information about exercising your rights, as described above, by contacting us at 1-888-325-0505.

Notice for Individuals Located in Europe

If you are in the European Economic Area, United Kingdom, and Switzerland, the policies in this section are specific to you. They describe how we market to you, our legal bases for processing your information, and your rights.

This section only applies to individuals who access or use our Services in the European Economic Area, United Kingdom, and Switzerland (collectively “Europe”). We may ask you to identify which country you are in when you use some of the Services, or we may rely on your IP address to determine your location. When we rely on your IP address, we cannot apply the terms of this section to any individual who masks or otherwise hides their location information from us so as not to appear located in Europe. If any terms in this section conflict with other terms contained in this Policy, the terms in this section shall apply to European users.

We control any personal information collected from individuals accessing or using our Services. A “controller” is an entity that determines the purposes for which and how personal information is processed.

Marketing

We will only contact individuals in Europe by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or the individual’s consent. When we rely on legitimate interest, we will only send you information about our Services similar to those that were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your personal information this way or to disclose your personal information to third parties for marketing purposes, please click an unsubscribe link in your emails or submit an opt-out request. You can object to direct marketing at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services.

Legal Bases for Processing

Our legal bases for the processing activities identified in this Policy are:

• We rely on our contract with you as our legal basis for processing the following: to provide and maintain our services, to provide customer support or respond to you, to enforce compliance with our Terms, agreements, or policies, and to share your information with service providers.
• Depending on the specific circumstances, we rely on your consent or legitimate interest in the following processing activities: to send you marketing and promotional emails, to advise you of other services, and to share your information with business partners, sponsors, or within our corporate organization.

Your rights

We provide you with the rights described below when you use our Services. We may limit your individual rights requests in the following ways: (a) where denial of access is required or authorized by law; (b) when granting access would hurt other’s privacy; (c) to protect our rights and properties; and (d)where the request is frivolous or burdensome. When we fulfill your individual rights requests for correct (or rectification), erasure, or restriction of processing, we will notify third parties also handling the relevant personal information unless this proves impossible or involves a disproportionate effort. In certain circumstances, you have the following data protection rights:

• Right to withdraw consent. You have the right to withdraw your consent to processing your personal information collected based on your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
• Right of access to and rectification of your personal information. You have a right to request that we provide you with a copy of your personal information held by us. This information will be provided without undue delay, subject to some fee associated with the gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by us that is inaccurate.
• Right to erasure. You have the right to request the erasure of your personal information that (a) is no longer necessary about the purposes for which it was collected or otherwise processed; (b) was collected about processing that you previously consented to but later withdrew such consent; or (c) was collected about processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to erase the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the erasure of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws.
• Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used, and machine-readable format, and to have us transfer your personal information directly to another “controller,” where technically feasible unless the exercise of this right adversely affects the rights and freedoms of others.
• Right to the restriction of or processing. You have the right to restrict or object to us processing your personal information where one of the following applies:
  • You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information.
  • The processing is unlawful, and you oppose the erasure of your personal information and request the restriction of its use instead.
  • We no longer need your personal information for the processing, but it is required by you to establish exercise or defense of legal claims.
  • You have objected to processing, pending the verification of whether the legitimate grounds of our processing override your rights.
  • Restricted personal information shall only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of substantial public interest. We will inform you if the restriction is lifted.
• Right to object to processing. Where processing your personal information is based on consent and the contractor’s legitimate interests, you may restrict or object, at any time, to processing your personal information as permitted by applicable law. We can continue to process your personal information if necessary to defend legal claims or any other exceptions permitted by applicable law.
• Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws. We do not engage in this type of automated processing.

Transfers of European Personal Information to the U.S. (United States)

Our headquarters are in the United States, and we will transfer, store, and process the information that we collect from you in the United States. We will protect your personal information by this Privacy Policy wherever it is processed. We will take contractual or other appropriate action to protect your personal information by applicable laws. These measures include implementing the Standard Contractual Clauses of the European Commission for transfers of personal data to our service providers and business partners. ZLTI may, where applicable, rely on the derogations outlined in Article 49 of the GDPR for the transfer and onward transfer of personal information collected from individuals in Europe to the United States and other countries that the EU deems not to provide adequate data protection. With your explicit consent or in a manner that does not outweigh your rights and freedoms, we may transfer such information to a third party to fulfill a contract with you. Suppose this personal information is not processed and transferred. In that case, we cannot execute the contract with you, or you will be denied access to some or all the associated benefits and features.

Consent

By submitting your personal information, you consent to the use of your information as set out in this privacy policy.

You have the following rights:

• A right to see the information we hold that is about you
• A right to have any mistakes corrected on information that is about you or (in certain circumstances) to have your personal information deleted

An individual wishing to exercise the above rights and limit the use or sharing of their data should contact ZL Technologies, Inc. using the means defined in the Questions and Information section below.

International transfers

We operate in the United States as a global organization.

Your personal information may be transferred to and maintained on computers outside your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there.

We will take all the steps reasonably necessary to ensure that your personal information is treated securely and by this Privacy Policy, and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place. If you do not want your information transferred to, processed, or maintained outside of the country or jurisdiction where you are located, you should not use our Services.

Cookies

We may use “cookies” on our website. A cookie is a small text file sent by a website and stored by the browser on your computer’s hard drive. The primary purpose of a cookie is to streamline your use of this website. By using cookies, we can keep track of your website usage and provide you with customized content. The following are the types of cookies that we may be using:

Tracks Cookies on ZL Website?	Usage	What data is collected and what we do with it	Tracker link
Yes	Analytics/Perf	The cookies from Google Analytics collect anonymous information about where visitors come from and how they use the site. We use the information to generate analytical reports to help improve the user experience of our site. Anonymous information collected through these cookies includes pages visited, duration of visits, number of visitors, etc.	support.google.com/analytics/answer/6004245
Yes	Analytics/Perf	The cookies from Google Tag Manager collect anonymous information about where visitors come from and how they use the site. We use the information to generate analytical reports to help improve the user experience of our site. Information collected through these cookies includes pages visited, duration of visits, number of visitors, etc.	google.com/analytics/tag-manager
Yes	Analytics/Perf/Prospecting	After signing up through the HubSpot forms on our website, visitors provide information, including their first and last names, email addresses, phone numbers, company names, job titles, and comments. Such information is stored in ZL Salesforce and HubSpot databases and is used for marketing campaigns (e.g., emails and physical campaigns) and sales activities (e.g., phone calls and sending gifts)	hubspot.com
Yes	Perf/Prospecting	Visitors can fill out their personal information through a custom HTML5 demo request form, including first and last name, email address, phone number, company name, job title, and comments. Such information is collected and stored in the zlti.com domain for thirty days. We use this cookie to autofill form, enhancing the user’s experience. This cookie will also be sent to our Pardot account and stored in our Salesforce database for future email and phone contacts with marketing campaigns and sales activities.	zlti.com

You can accept or reject cookies by modifying your browser preferences. You have the choice to receive all cookies, to be notified when a cookie is set, or to reject all cookies. If you opt out of our cookies, your end-user experience may be impacted. Please see the Questions and Contact Information Section below for options in opting out of the ZLTI website cookies.

Collection of sensitive information and children’s privacy

Sensitive personal information

We ask that you do not send us and do not share any sensitive personal information (for example, government-issued IDs, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background or trade union membership).

Children’s privacy

ZLTI is a company focused on serving the needs of businesses. ZL Tech’s sites are not directed to minors, and ZL Tech does not collect the personal information of a minor through our sites without appropriate consent. Please notify us through the choices provided under “Questions and Contact” so we may immediately delete the information from our servers and make any other necessary corrections. Additionally, please use this same approach to request the removal of content or information posted to our sites when the registered user is under 16. Please note that such requests may not ensure complete or comprehensive removal of the content or information, as, for example, some of the content may have been reposted by another user.

Changes to this Privacy Policy

If we decide to change our privacy commitment, we will post those changes on this website so that you will always know what information we gather, how we might use it, and whether we will disclose it to anyone.

Questions and contact

If you wish to request more information from ZLTI or inquire on exercising your rights, you can reach out to ZLTI by email at privacy@zlti.com.

You may also write to us at:

ZL Technologies, Inc.
Attn: Legal-Privacy
860 N. McCarthy Blvd., Suite 100
Milpitas, CA 95035, USA.

To update your preferences:

• Marketing and Contact opt out Link
• Custom Java Strict Cookies for Form Auto Fill
• Request that your email address be removed: unsubscribe@zlti.com