Except for instances in which our client is the controller of your personal data that we are processing on their behalf, ZS Associates, Inc., ZS Associates International, Inc., or one of these affiliates is the controller of your personal data.
If you choose to subscribe to one of our blogs or to receive access to some of our thought-leadership materials, you will be asked to provide us with some personal data, including your name and e-mail address. We will use this data to provide you with the subscriptions and materials you request. Where permissible and/or with your permission, we may also use this data to provide you with details about our products and services that may be of interest to you.
If you have been directed here from a disclosure form because you are participating in a market research study, we will collect and process your personal data as explained in the disclosure. Additional details about transfers of your data and how to exercise your data rights are available below. We may also have surveys available through our Web site that you can voluntarily participate in. We may compile the results of these surveys or market research studies to create reports available through our Web site or to provide to our clients or third parties. Data we collect from you through these surveys or studies will be aggregated so that the final reports will not include any data that can identify you. Please be aware that any data that you provide to us in survey or study responses will belong to us.
We will also collect your device’s IP address. This data is collected automatically when you access our Web site in order to provide the services to you. This information also helps us to diagnose problems with our server and to improve the services we offer to you.
We use technologies that collect data about the use of our Web site which do not identify you directly. We use this data to compile statistics about our visitors and the ways they use our Web site. For example, we log which pages users access and which Web browsers and operating systems they use. We may also determine which Web page you are coming from before visiting our Web site and whether you are accessing our site from a corporate network to more accurately gauge our users' demographics.
We do not intentionally collect any sensitive personal data through our Web site. Sensitive personal data means the various categories of personal data identified by applicable data privacy laws as requiring special treatment. These categories can include data relating to ethnic origin or race, marital status, political opinions or affiliations, ideological views or activities, trade union membership, religious beliefs, physical or mental health, genetic or biometric information, sexual orientation, information on social security measures, or administrative or criminal proceedings or records. We therefore suggest that you do not provide sensitive personal data of this type to us through our Web site.
Consistent with our client obligations, it has always been our policy to exercise the utmost discretion regarding the information our clients entrust to us. We accept and process confidential client information, including data we collect in the course of providing services to our clients, such as for market research purposes, subject to our client’s direction and control, and we maintain reasonable and appropriate security precautions. Because we operate globally, our systems may make data related to your matters accessible from our various offices around the world, and we often transfer client data between our offices. This data is transferred in accordance with the requirements of our intergroup data transfer agreement based on the Standard Contractual Clauses defined in Regulation (EU) 2016/679.
We never rent, trade, sell, or share your information with any unrelated parties except as necessary or appropriate to conduct our business activities, subject to appropriate confidentiality, privacy, and information security commitments provided by the receiving party; or to further your interests; or as permitted or required by law; or as authorized or directed by you. Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your data to the ZS Principal who is handling your matter or to email@example.com.
We may use your data to notify you about our products or services or keep you updated on issues that we think are of interest to you, where permissible or if you have opted in to receiving such notifications.
We will send you information and materials you request.
We may use your data for market research purposes.
If we are processing your data on behalf of a third party (such as our client), we will follow the processing instructions that the third party provided us.
We will use your data to administer and improve our Web site and to better understand our site users.
We may use your data to carry out contracts or comply with applicable laws or regulations.
We process your personal data in order to operate, maintain, and provide you with our services. ZS’s legal basis for processing your personal data will typically be one of the following:
- It is necessary to fulfill a contract that we have in place with you;
- The processing is necessary for our legitimate interests, to ensure that our services are properly provided, and to promote our services;
- We have your consent to use your personal data; or
- The processing is necessary to comply with our legal obligations.
We do not rent, sell, share, or otherwise distribute your personal data to third parties outside of the ZS group of companies except as required by law and in these circumstances:
- Your personal data may be shared with our clients on whose behalf we are processing your data per their instructions.
- We may share, transfer, or disclose the information in our databases and server logs in the event of our sale, merger, reorganization, dissolution, or similar event, as well as to comply with a contractual obligation with our clients, protect your vital interests, and/or protect the security or integrity of our databases or services. We will inform you of any such transfer or disclosure as required by law.
- We may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Governmental and regulatory bodies must follow the applicable legal process to obtain valid and binding orders. All requests must be specific and are reviewed by the ZS Legal team to ensure that the requests are valid and so that ZS can object to overly broad or otherwise inappropriate requests. ZS does not provide any government with direct and unfettered access to your personal data, and we do not provide any government with our encryption keys.
We are a global company, and your data may be transferred throughout our offices worldwide. We are headquartered in the United States and subject to the jurisdiction of the Federal Trade Commission; your data will be stored and processed according to U.S. privacy standards. Data is transferred in accordance with the requirements of our intergroup data transfer agreement based on the Standard Contractual Clauses defined in Regulation (EU) 2016/679 and which also satisfies the requirements for cross-border data transfers from Japan under Act No. 57 of 2003, as amended. Although no longer a valid basis that ZS relies on for lawful data transfers in light of the judgment of the Court of Justice of the European Union in Case C-311/18, ZS Associates, Inc. and ZS Associates International, Inc. continue their commitment to adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Principles with respect to personal data received from the EU, United Kingdom, and Switzerland. These Principles are:
- Accountability for onward transfer
- Data integrity and purpose limitation
- Recourse, enforcement, and liability
Further information about Privacy Shield as well as our certification can be found at www.privacyshield.gov/list.
If you have any inquiries or complaints about how we handle your personal data please contact us at firstname.lastname@example.org
ZS has registered with JAMS as our independent recourse mechanism to investigate unresolved complaints. JAMS ADR services are available at no cost to individuals in the EU, United Kingdom, and Switzerland. More information about JAMS and access to its claim form are available here: www.jamsadr.com/eu-us-privacy-shield.
In the event of any unresolved issues regarding human resources data, individuals in the European Union (EU) may work with their local Data Protection Authority (DPA); in the United Kingdom, individuals may work with the Information Commissioner’s Office (UK ICO); in Switzerland, individuals may work with the Swiss Federal Data Protection and Information Commissioner. ZS commits to cooperating with the competent EU, UK, and Swiss authorities to resolve individual complaints. The services of EU DPAs, UK ICO, and Swiss Federal Data Protection and Information Commissioner are provided at no cost to you. Please visit http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm for more information.
Individuals in the EU, UK, and Switzerland have the right to invoke binding arbitration if certain conditions are met. More information about when this is applicable is available at www.privacyshield.gov and from your local EU DPA, UK ICO, or Swiss Federal Data Protection and Information Commissioner.
As mentioned above, we may disclose personal data to third-party service providers that we use to support our business. We remain responsible under the Privacy Shield Principles if these third parties process your personal data in a manner inconsistent with the Privacy Shield Principles (unless we are not responsible for the event giving rise to the damage).
If you send us a request to access, correct, delete, limit, or object to the use and disclosure of the personal data we hold about you, we will respond to your request in accordance with applicable law and our commitments under the Privacy Shield. These requests should be sent to us at email@example.com or the mailing address listed below. When ZS is processing your data on behalf of our client, ZS will assist with your request in accordance with applicable law and our obligations to our client.
We take steps to ensure that the personal data that you provide is retained for only as long as it is necessary for the purpose for which it was collected and as required by applicable law. After this period, it will be deleted, or in some cases, deidentified.
If you no longer wish to receive information you subscribed to or other information that you have previously opted in to receive, you may opt out by clicking the unsubscribe link in any automated e-mail you receive from us or by e-mailing us at firstname.lastname@example.org. You may also submit a request here.
We provide reasonable and appropriate physical, technical, and organizational safeguards intended to maintain the confidentiality, integrity, and availability of the personal data we collect. Please be aware that, although we endeavor to provide reasonable security for data we process and maintain, no security system can prevent all potential security breaches.
We do not knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without his or her consent, he or she should contact us at email@example.com. We will delete such information from our files within a reasonable time.
ZS Associates, Inc.
Attn. Data Protection Officer
One Rotary Center
1560 Sherman Ave. Ste. 800
Evanston, IL 60201
© 2007-2022 ZS