ZS is committed to protecting the privacy of our clients and anyone we engage with on their behalf, as well as any visitors to the zsmax.ai and zspersonalize.ai Web sites and users of the ZS Max.ai and ZS Personalize.ai tools. This Privacy Notice describes our current practices regarding the personal data that we collect from you when you visit and use our sites and services or that we otherwise collect in the course of providing services to our clients. Personal data is information that may identify you, such as your name, e-mail address, or mailing address.

This Privacy Notice applies to zsmaxi.ai and zspersonalize.ai or any service we offer that links to this Privacy Notice. Other sites and services we offer may have different privacy policies that apply to them.

If you choose to request a demo of ZS’s Max.ai or Personalize.ai, we will collect your name and contact information in order to follow up with you. 

If you choose to sign up for a free trial of ZS Max.ai, you will be asked to provide us with some personal data, including your name and e-mail address. We will use this data to provide you with the subscriptions and materials you request. Where permissible or with your permission, we may also use this data to provide you with details about our products and services that may be of interest to you.

We may also automatically collect details about your site visit such as for analytics purposes. More information about controlling automatic data collection is available below.

We use cookies to personalize your experience while navigating our site. Please take a look at our Cookie Policy to understand how these cookies operate and for more information about your choices to opt in or out.

We may also use Web beacons in the marketing e-mails we send as well as pixel tags on our Web pages. These non-intrusive tags help us know when you view our e-mails, what your IP address is, and which pages you view on our site. We use this data to understand what kinds of content are of interest to you so that we can conduct internal analysis on this information and improve our services. You may be able to disable such tracking by setting your e-mail client to display messages as text only or by turning off image display. We may also collect your IP address for advertising-related purposes. Additional information about how to adjust your browser settings to limit or block tracking technologies is available in our Cookie Policy.

Consistent with our client obligations, it has always been our policy to exercise the utmost discretion regarding the information our clients entrust to us. We accept and process confidential client information, including data we collect in the course of providing services to our clients, subject to our clients’ direction and control, and we maintain reasonable and appropriate security precautions. Because we operate globally, our systems may make data related to your matters accessible from our various offices around the world, and we often transfer client data between our offices. This data is transferred in accordance with the requirements of our intergroup data transfer agreement based on the Standard Contractual Clauses defined in Regulation (EU) 2016/679.

We never rent, trade, sell, or share your information with any unrelated parties except as necessary or appropriate to conduct our business activities, subject to appropriate confidentiality, privacy, and information security commitments provided by the receiving party; or to further your interests; or as permitted or required by law; or as authorized or directed by you. Please feel free to raise any questions, concerns or specific directions you may have regarding the privacy and security of your data to the ZS Principal who is handling your matter or to dataprivacy@zs.com. 

We may use your data to notify you about our products or services or keep you updated on issues that we think are of interest to you, where permissible or if you have opted in to receiving such notifications.

We will send you information and materials you request.

We may use your data to carry out contracts or comply with applicable laws or regulations.

We process your personal data in order to operate, maintain, and provide you with our services. ZS’s legal basis for processing your personal data will typically be one of the following:

• It is necessary to fulfill a contract that we have in place with you;
• The processing is necessary for our legitimate interests, to ensure that our services are properly provided, and to promote our services;
• We have your consent to use your personal data; or
• The processing is necessary to comply with our legal obligations. 

We do not rent, sell, share, or otherwise distribute your personal data to third parties outside of the ZS group of companies except as required by law and in these circumstances:

• Your personal data may be shared with other companies within our group of companies or with contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them, per the purpose and/or with your consent as set out in this Privacy Notice. Our current list of third party managed service providers is available here.
• Your personal data may be shared with our clients on whose behalf we are processing your data per their instructions.   
• We may share, transfer, or disclose the information in our databases and server logs in the event of our sale, merger, reorganization, dissolution, or similar event, as well as to comply with a contractual obligation with our clients, protect your vital interests, and/or protect the security or integrity of our databases or services. We will inform you of any such transfer or disclosure as required by law.
• We may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Governmental and regulatory bodies must follow the applicable legal process to obtain valid and binding orders. All requests must be specific and are reviewed by the ZS Legal team to ensure that the requests are valid and so that ZS can object to overly broad or otherwise inappropriate requests. ZS does not provide any government with direct and unfettered access to your personal data, and we do not provide any government with our encryption keys. 

We are a global company, and your data may be transferred throughout our offices worldwide. We are headquartered in the United States, and your data will be stored and processed according to U.S. privacy standards in alignment with the OECD Privacy Guidelines. Data is transferred in accordance with the requirements of our intergroup data transfer agreement based on the Standard Contractual Clauses defined in Regulation (EU) 2016/679 and which also satisfies the requirements for cross-border data transfers from Japan under Act No. 57 of 2003, as amended. ZS adheres to the essential data protection principles of lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

If you send us a request to access, correct, delete, limit, or object to the use and disclosure of the personal data we hold about you, we will respond to your request in accordance with applicable law. These requests should be sent to us via our Privacy Request Tool or at dataprivacy@zs.com or to the mailing address listed below. When ZS is processing your data on behalf of our client, ZS will assist with your request in accordance with applicable law and our obligations to our client.

We take steps to ensure that the personal data that you provide is retained for only as long as it is necessary for the purpose for which it was collected and as required by applicable law. After this period, it will be deleted, or in some cases, deidentified. 

If you no longer wish to receive information you subscribed to or other information that you have previously opted in to receive, you may opt out by clicking the unsubscribe link in any automated e-mail you receive from us or by e-mailing us at dataprivacy@zs.com. You may also submit a request here. 

We provide reasonable and appropriate physical, technical, and organizational safeguards intended to maintain the confidentiality, integrity, and availability of the personal data we collect. Please be aware that, although we endeavor to provide reasonable security for data we process and maintain, no security system can prevent all potential security breaches.

This Privacy Notice forms part of our Terms of Use and is governed by the laws of the State of Illinois.

We may change this Privacy Notice at any time. Any updates to this Privacy Notice will be posted here. The date at the top indicates the date of the last update.

When you leave our Web site via links to other sites or services that we do not provide, this Privacy Notice no longer applies to those sites or services.

We do not knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without his or her consent, he or she should contact us at dataprivacy@zs.com. We will delete such information from our files within a reasonable time.

If you have any questions regarding this Privacy Notice or our privacy practices generally, please contact us via e-mail at dataprivacy@zs.com. You may also mail us at:

ZS Associates, Inc.

Attn. Data Protection Officer

222 Merchandise Mart Plaza Ste. 200

Chicago, IL 60654