This online service (app) is operated by ZS Associates, Inc. and its affiliates, who may be the data controller or processor depending on the conditions as set out below. Our contact details are available at www.zs.com and the end of this Privacy Policy. Where ZS is the data processor, our client (in many cases, your employer) is the data controller.

 

ZS is committed to protecting the privacy of our clients’ confidential information and the personal data of our clients’ personnel when our apps are used. This Privacy Policy describes our current policies and practices regarding personal data that we collect either from you directly or from our client that has engaged us to provide services, including the provision of this app. The term “personal data” refers to information such as your name, e-mail address, or mailing address.

 

This Privacy Policy applies when you use our apps that display or link to this Privacy Policy. We may have different Privacy Policies that apply to other sites or services that we offer.

Your access to this app is based on a license between us and our client (in many cases, your employer). Accordingly, any personal data you or our client provides to us will be used for the purpose our client requested, as well as for managing our client relationships, providing you with important information, and/or facilitating our internal business operations and analytics. We will not ask for more personal data than is necessary for these purposes.

 

We will also maintain logs of your access and use of our services, and these logs will be attributable to you. We are the data controllers of this information, which is collected solely to provide the services and to support them appropriately under our legitimate interests.

We do not intentionally collect any sensitive personal data through our apps. “Sensitive personal data” means the various categories of personal data identified by applicable data privacy laws as requiring special treatment. These categories can include data relating to ethnic origin or race, marital status, political opinions or affiliations, ideological views or activities, trade union membership, religious beliefs, physical or mental health, biometric or genetic data, sexual orientation, information on social security measures, or administrative or criminal proceedings or records. We therefore suggest that you do not provide sensitive personal data of this type to us.

We use technologies that collect anonymous information about the use of our apps. This technology does not identify you personally. We use this information to compile statistics about our users and their use of our apps. For example, we log which screens users access and which Web browsers and operating systems they use.

 

If you access our apps via the Web, we may also determine which domain you are coming from to more accurately gauge our users' demographics.

Your access to and use of our apps, whether through an identification code or login information provided by our client, is logged by us, and the data provided by you is ascribed to you. This is part of the services for which our client has engaged us.

 

We will also collect your device’s IP address. This data is collected automatically when you access our online services in order to provide the services to you and allow us to assist you with technical issues you encounter.

 

Some of our apps may also provide location-based services that use your device’s GPS feature. We do not collect or store this data or use it to track your location. Your location information is only used to provide the geolocation services you request, and we do not share this information with unrelated third parties. You can opt out of this feature by disabling your device’s location services or adjusting the app permissions. Doing so, however, may cause the location-based features of the app to function incorrectly.

 

Additionally, some of our apps may track your usage at an identifiable level in order to personalize your experience. You may be able to adjust the app’s permission settings to limit these features; however, this may likewise cause the app not to work as intended.

Our apps use cookies. A cookie is a small piece of information that is sent to your device or browser and stored in your device’s memory.

 

We use cookies to deliver services requested by you, as well as to improve the quality of our apps by storing user preferences and monitoring user trends. We use several types of cookies:

  • Authentication and authorization cookies allow access to secure areas and specific functionality of the apps. These are strictly necessary for the proper operation of our online services that we provide to you.
  • Personalization cookies allow our apps to remember choices you make and provide personalized features. They may also be used to provide services in the way you have specified, such as collating data in a report.
  • Tracking cookies collect information about how you use our apps, what pages you visit, and how often. We use this information to improve our online services.

You can control how your browser or device handles cookies received from Web sites in general. You can choose to refuse all cookies or to be prompted before a cookie is saved to your device. You may also set your browser to only accept cookies from certain Web sites that you designate. Information on deleting or controlling cookies is available at www.allaboutcookies.org. By refusing to accept cookies from us, you may not be able to use our apps.

We may use your data to notify you about our products or services or keep you informed about changes to our apps, where permissible or if you have opted in to receiving such notifications.

 

We will send you information and materials you request.

 

If we are processing your information on behalf of our client, we will follow the processing instructions that our client provided to us.

 

We will use your information to administer and improve our services.

 

We may use your information to carry out contracts or comply with applicable laws or regulations.

We process your personal data in order to operate, maintain, and provide you with our services. This means the legal basis for us processing your personal information will typically be one or more of the following:

  • it is necessary to fulfil a contract that we have in place with our client;
  • the processing is necessary for our legitimate interests, to ensure that our services are properly provided, and to promote our services; or
  • the processing is necessary for compliance with our legal obligations.

We do not rent, sell, share, or otherwise distribute your personal data to third parties outside of the ZS group of companies except as required by law and in these circumstances:

  • In order to provide you the services that our client has engaged us for, your personal data may be shared with other companies within our group of companies or with contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them, per the purpose as set out in this Privacy Policy. Our current list of third party managed service providers is available here.
  • Your personal data may be shared with our clients for which we are processing your data on their behalf per their instructions.
  • We may share, transfer, or disclose the information in our databases and server logs in the event of our sale, merger, reorganization, dissolution, or similar event, as well as to comply with a contractual obligation with our clients, protect your vital interests, and/or protect the security or integrity of our databases or services. We will inform you of any such transfer or disclosure as required by law.
  • We may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We are a global company, and your data may be transferred throughout our offices worldwide. We are headquartered in the United States, and subject to the jurisdiction of the Federal Trade Commission; your data will be stored and processed according to U.S. privacy standards. Data is transferred in accordance with the requirements of our intergroup data transfer agreement based on the Standard Contractual Clauses defined in Regulation (EU) 2016/679 and which also satisfies the requirements for cross-border data transfers from Japan under Act No. 57 of 2003, as amended. ZS Associates, Inc. and ZS Associates International, Inc. additionally commit to adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Principles with respect to personal data received from the EU, United Kingdom, and Switzerland. These Principles are:

  • Notice
  • Choice
  • Accountability for onward transfer
  • Security
  • Data integrity and purpose limitation
  • Access
  • Recourse, enforcement, and liability

Further information about Privacy Shield as well as our certification can be found at www.privacyshield.gov/list.

 

If you have any inquiries or complaints about how we handle your personal data, please contact us at dataprivacy@zs.com.

 

ZS has registered with JAMS as our independent recourse mechanism to investigate unresolved complaints. JAMS ADR services are available at no cost to individuals in the EU, United Kingdom, and Switzerland. More information about JAMS and access to its claim form are available here: www.jamsadr.com/eu-us-privacy-shield.

 

In the event of any unresolved issues regarding human resources data, individuals in the European Union (EU) may work with their local Data Protection Authority (DPA); in the United Kingdom, individuals may work with the UK Information Commissioner’s Office (UK ICO); in Switzerland, individuals may work with the Swiss Federal Data Protection and Information Commissioner. ZS commits to cooperating with the competent EU, UK, or Swiss authorities to resolve individual complaints. The services of EU DPAs, UK ICO, and Swiss Federal Data Protection and Information Commissioner are provided at no cost to you. Please visit http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm for more information.

 

Individuals in the EU, UK, and Switzerland have the right to invoke binding arbitration if certain conditions are met. More information about when this is applicable is available at www.privacyshield.gov and from your local EU DPA, UK ICO, or Swiss Federal Data Protection and Information Commissioner.

 

As mentioned above, we may disclose personal information to third-party service providers that we use to support our business. We remain responsible under the Privacy Shield Principles if these third parties process your personal information in a manner inconsistent with the Privacy Shield Principles (unless we are not responsible for the event giving rise to the damage).

If you send us a request to access, correct, delete, or object to or limit the use and disclosure of the personal data we hold about you, we will respond to your request in accordance with applicable law and our commitments under the Privacy Shield. These requests should be sent to us at dataprivacy@zs.com or the mailing address listed below. When ZS is processing your data on behalf of our client, ZS will assist facilitate your request in accordance with applicable law and our obligations to our client.

Your personal data is kept for as long as required by our contract with our client and their license for our services.

We provide reasonable and appropriate physical, electronic and procedural safeguards intended to maintain the confidentiality of the personal data we collect. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

When you leave our apps via links to Web sites or services that we do not provide, this Privacy Policy no longer applies to those sites or services.

Our apps are not intended for users under the age of 13. Additionally, we do not knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that their child has provided us with information without their consent, he or she should contact us at dataprivacy@zs.com. We will delete such information from our files within a reasonable time.

This Privacy Statement forms part of our Terms of Use and is governed by the laws of the State of Illinois.

Any updates to this Privacy Policy will be posted here. The date at the top indicates the date of the last update.

If you have any questions regarding this Privacy Policy or our privacy practices generally, please contact us via e-mail at dataprivacy@zs.com. You may also mail us at:

 

ZS Associates, Inc.

Attn. Data Protection Officer

One Rotary Center

1560 Sherman Ave. Ste. 800

Evanston, IL 60201 USA

 

© 2009-2020 ZS