ZS Online Privacy Policy for Hosted Applications

Last updated: 9/29/2022

This online service (app) is operated by ZS Associates, Inc. and its affiliates, who may be the data controller or processor depending on the conditions as set out below. Our contact details are available at www.zs.com and the end of this Privacy Policy. Where ZS is the data processor, our client (in many cases, your employer) is the data controller.


ZS is committed to protecting the privacy of our clients’ confidential information and the personal data of our clients’ personnel when our apps are used. This Privacy Policy describes our current policies and practices regarding personal data that we collect either from you directly or from our client that has engaged us to provide services, including the provision of this app. The term “personal data” refers to information relating to you such as your name, e-mail address, or mailing address.


This Privacy Policy applies when you use our apps that display or link to this Privacy Policy. We may have different Privacy Policies that apply to other sites or services that we offer.

Data we collect

Your access to this app is based on a license between us and our client (in many cases, your employer). Accordingly, any personal data you or our client provides to us will be used for the purpose our client requested, as well as for managing our client relationships, providing you with important information, or facilitating our internal business operations and analytics. We will not ask for more personal data than is necessary for these purposes.


We will also maintain logs of your access and use of our services, and these logs will be attributable to you. We are the data controllers of this information, which is collected solely to provide the services and to support them appropriately under our legitimate interests.

Sensitive personal data

We do not intentionally collect any sensitive personal data through our apps. “Sensitive personal data” means the various categories of personal data identified by applicable data privacy laws as requiring special treatment. These categories can include data relating to ethnic origin or race, marital status, political opinions or affiliations, ideological views or activities, trade union membership, religious beliefs, physical or mental health, biometric or genetic data, sexual orientation, information on social security measures, or administrative or criminal proceedings or records. We therefore suggest that you do not provide sensitive personal data of this type to us.

Anonymous data we collect

We use technologies that collect anonymous information about the use of our apps. This technology does not identify you personally. We use this information to compile statistics about our users and their use of our apps. For example, we log which screens users access and which Web browsers and operating systems they use.

Identifying data we collect

Your access to and use of our apps, whether through an identification code or login information provided by our client, is logged by us, and the data provided by you is ascribed to you. This is part of the services for which our client has engaged us.


We may also collect your device’s IP address. This data is collected automatically when you access our online services in order to provide the services to you and allow us to assist you with technical issues you encounter.


Some of our apps may also provide location-based services that use your device’s GPS feature. We do not collect or store this data or use it to track your location. Your location information is only used to provide the geolocation services you request, and we do not share this information with unrelated third parties. You can opt out of this feature by disabling your device’s location services or adjusting the app permissions. Doing so, however, may cause the location-based features of the app to function incorrectly.


Additionally, some of our apps may track your usage at an identifiable level in order to personalize your experience. You may be able to adjust the app’s permission settings to limit these features; however, this may likewise cause the app not to work as intended.

Tracking technologies we use

Our apps use cookies. A cookie is a small piece of information that is sent to your device or browser and stored in your device’s memory.


We use cookies to deliver services requested by you, as well as to improve the quality of our apps by storing user preferences and monitoring user trends. We use several types of cookies:

  • Authentication and authorization cookies allow access to secure areas and specific functionality of the apps. These are strictly necessary for the proper operation of our online services that we provide to you.
  • Personalization cookies allow our apps to remember choices you make and provide personalized features. They may also be used to provide services in the way you have specified, such as collating data in a report.
  • Tracking cookies collect information about how you use our apps, what pages you visit, and how often. We use this information to improve our online services.

You can control how your browser or device handles cookies received from Web sites in general. You can choose to refuse all cookies or to be prompted before a cookie is saved to your device. You may also set your browser to only accept cookies from certain Web sites that you designate. Information on deleting or controlling cookies is available at www.allaboutcookies.org. By refusing to accept cookies from us, you may not be able to use our apps.

How we use your data

We may use your data to notify you about our products or services or keep you informed about changes to our apps, where permissible or if you have opted in to receiving such notifications.


We will send you information and materials you request.


If we are processing your information on behalf of our client, we will follow the processing instructions that our client provided to us.


We will use your information to administer and improve our services.


We may use your information to carry out contracts or comply with applicable laws or regulations.

Legal bases for processing your data

We process your personal data in order to operate, maintain, and provide you with our services. This means the legal basis for us processing your personal information will typically be one or more of the following:

  • it is necessary to fulfil a contract that we have in place with our client;
  • the processing is necessary for our legitimate interests, to ensure that our services are properly provided, and to promote our services; or
  • the processing is necessary for compliance with our legal obligations.

Disclosure of your personal data to third parties, including Regulators

We do not rent, sell, share, or otherwise distribute your personal data to third parties outside of the ZS group of companies except as required by law and in these circumstances:

  • In order to provide you the services that our client has engaged us for, your personal data may be shared with other companies within our group of companies or with contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them, per the purpose as set out in this Privacy Policy. Our current list of third party managed service providers is available here.
  • Your personal data may be shared with our clients for which we are processing your data on their behalf per their instructions.
  • We may share, transfer, or disclose the information in our databases and server logs in the event of our sale, merger, reorganization, dissolution, or similar event, as well as to comply with a contractual obligation with our clients, protect your vital interests, and/or protect the security or integrity of our databases or services. We will inform you of any such transfer or disclosure as required by law.
  • We may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Governmental and regulatory bodies must follow the applicable legal process to obtain valid and binding orders. All requests must be specific and are reviewed by the ZS Legal team to ensure that the requests are valid and so that ZS can object to overly broad or otherwise inappropriate requests. ZS does not provide any government with direct and unfettered access to your personal data, and we do not provide any government with our encryption keys. 

Location of your data and transfers of your data abroad

We are a global company, and your data may be transferred throughout our offices worldwide. We are headquartered in the United States, and your data will be stored and processed according to U.S. privacy standards in alignment with the OECD Privacy Guidelines. Data is transferred in accordance with the requirements of our intergroup data transfer agreement based on the Standard Contractual Clauses defined in Regulation (EU) 2016/679 and which also satisfies the requirements for cross-border data transfers from Japan under Act No. 57 of 2003, as amended. ZS adheres to the essential data protection principles of lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

How to access, correct, or limit the use and disclosure of your personal data

If you send us a request to access, correct, delete, or object to or limit the use and disclosure of the personal data we hold about you, we will respond to your request in accordance with applicable law. These requests should be sent to us via our Privacy Request Tool or at dataprivacy@zs.com or to the mailing address listed below. When ZS is processing your data on behalf of our client, ZS will assist facilitate your request in accordance with applicable law and our obligations to our client.

How we keep your personal data

Your personal data is kept for as long as required by our contract with our client and their license for our services.


We provide reasonable and appropriate physical, electronic and procedural safeguards intended to maintain the confidentiality of the personal data we collect. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.


When you leave our apps via links to Web sites or services that we do not provide, this Privacy Policy no longer applies to those sites or services.


Our apps are not intended for users under the age of 13. Additionally, we do not knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that their child has provided us with information without their consent, he or she should contact us at dataprivacy@zs.com. We will delete such information from our files within a reasonable time.

Governing law

This Privacy Statement forms part of our Terms of Use and is governed by the laws of the State of Illinois.


Any updates to this Privacy Policy will be posted here. The date at the top indicates the date of the last update.

Contact us

If you have any questions regarding this Privacy Policy or our privacy practices generally, please contact us via e-mail at dataprivacy@zs.com. You may also mail us at:


ZS Associates, Inc.

Attn. Data Protection Officer

One Rotary Center

1560 Sherman Ave. Ste. 800

Evanston, IL 60201 USA


© 2009-2023 ZS