Your access to this app is based on a license between us and our client (in many cases, your employer). Accordingly, any personal data you or our client provides to us will be used for the purpose our client requested, as well as for managing our client relationships, providing you with important information, or facilitating our internal business operations and analytics. We will not ask for more personal data than is necessary for these purposes.
We will also maintain logs of your access and use of our services, and these logs will be attributable to you. We are the data controllers of this information, which is collected solely to provide the services and to support them appropriately under our legitimate interests.
We do not intentionally collect any sensitive personal data through our apps. “Sensitive personal data” means the various categories of personal data identified by applicable data privacy laws as requiring special treatment. These categories can include data relating to ethnic origin or race, marital status, political opinions or affiliations, ideological views or activities, trade union membership, religious beliefs, physical or mental health, biometric or genetic data, sexual orientation, information on social security measures, or administrative or criminal proceedings or records. We therefore suggest that you do not provide sensitive personal data of this type to us.
We use technologies that collect anonymous information about the use of our apps. This technology does not identify you personally. We use this information to compile statistics about our users and their use of our apps. For example, we log which screens users access and which Web browsers and operating systems they use.
Your access to and use of our apps, whether through an identification code or login information provided by our client, is logged by us, and the data provided by you is ascribed to you. This is part of the services for which our client has engaged us.
We may also collect your device’s IP address. This data is collected automatically when you access our online services in order to provide the services to you and allow us to assist you with technical issues you encounter.
Some of our apps may also provide location-based services that use your device’s GPS feature. We do not collect or store this data or use it to track your location. Your location information is only used to provide the geolocation services you request, and we do not share this information with unrelated third parties. You can opt out of this feature by disabling your device’s location services or adjusting the app permissions. Doing so, however, may cause the location-based features of the app to function incorrectly.
Additionally, some of our apps may track your usage at an identifiable level in order to personalize your experience. You may be able to adjust the app’s permission settings to limit these features; however, this may likewise cause the app not to work as intended.
- Authentication and authorization cookies allow access to secure areas and specific functionality of the apps. These are strictly necessary for the proper operation of our online services that we provide to you.
- Personalization cookies allow our apps to remember choices you make and provide personalized features. They may also be used to provide services in the way you have specified, such as collating data in a report.
- Tracking cookies collect information about how you use our apps, what pages you visit, and how often. We use this information to improve our online services.
You can control how your browser or device handles cookies received from Web sites in general. You can choose to refuse all cookies or to be prompted before a cookie is saved to your device. You may also set your browser to only accept cookies from certain Web sites that you designate. Information on deleting or controlling cookies is available at www.allaboutcookies.org. By refusing to accept cookies from us, you may not be able to use our apps.
We may use your data to notify you about our products or services or keep you informed about changes to our apps, where permissible or if you have opted in to receiving such notifications.
We will send you information and materials you request.
If we are processing your information on behalf of our client, we will follow the processing instructions that our client provided to us.
We will use your information to administer and improve our services.
We may use your information to carry out contracts or comply with applicable laws or regulations.
We process your personal data in order to operate, maintain, and provide you with our services. This means the legal basis for us processing your personal information will typically be one or more of the following:
- it is necessary to fulfil a contract that we have in place with our client;
- the processing is necessary for our legitimate interests, to ensure that our services are properly provided, and to promote our services; or
- the processing is necessary for compliance with our legal obligations.
We do not rent, sell, share, or otherwise distribute your personal data to third parties outside of the ZS group of companies except as required by law and in these circumstances:
- Your personal data may be shared with our clients for which we are processing your data on their behalf per their instructions.
- We may share, transfer, or disclose the information in our databases and server logs in the event of our sale, merger, reorganization, dissolution, or similar event, as well as to comply with a contractual obligation with our clients, protect your vital interests, and/or protect the security or integrity of our databases or services. We will inform you of any such transfer or disclosure as required by law.
- We may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Governmental and regulatory bodies must follow the applicable legal process to obtain valid and binding orders. All requests must be specific and are reviewed by the ZS Legal team to ensure that the requests are valid and so that ZS can object to overly broad or otherwise inappropriate requests. ZS does not provide any government with direct and unfettered access to your personal data, and we do not provide any government with our encryption keys.
We are a global company, and your data may be transferred throughout our offices worldwide. We are headquartered in the United States, and subject to the jurisdiction of the Federal Trade Commission; your data will be stored and processed according to U.S. privacy standards. Data is transferred in accordance with the requirements of our intergroup data transfer agreement based on the Standard Contractual Clauses defined in Regulation (EU) 2016/679 and which also satisfies the requirements for cross-border data transfers from Japan under Act No. 57 of 2003, as amended. Although no longer a valid basis that ZS relies on for lawful data transfers in light of the judgment of the Court of Justice of the European Union in Case C-311/18, ZS Associates, Inc. and ZS Associates International, Inc. continue their commitment to adhere to the EU-U.S. and Swiss-U.S. Privacy Shield Principles with respect to personal data received from the EU, United Kingdom, and Switzerland. These Principles are:
- Accountability for onward transfer
- Data integrity and purpose limitation
- Recourse, enforcement, and liability
Further information about Privacy Shield as well as our certification can be found at www.privacyshield.gov/list.
If you have any inquiries or complaints about how we handle your personal data, please contact us at firstname.lastname@example.org.
ZS has registered with JAMS as our independent recourse mechanism to investigate unresolved complaints. JAMS ADR services are available at no cost to individuals in the EU, United Kingdom, and Switzerland. More information about JAMS and access to its claim form are available here: www.jamsadr.com/eu-us-privacy-shield.
In the event of any unresolved issues regarding human resources data, individuals in the European Union (EU) may work with their local Data Protection Authority (DPA); in the United Kingdom, individuals may work with the UK Information Commissioner’s Office (UK ICO); in Switzerland, individuals may work with the Swiss Federal Data Protection and Information Commissioner. ZS commits to cooperating with the competent EU, UK, or Swiss authorities to resolve individual complaints. The services of EU DPAs, UK ICO, and Swiss Federal Data Protection and Information Commissioner are provided at no cost to you. Please visit http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm for more information.
Individuals in the EU, UK, and Switzerland have the right to invoke binding arbitration if certain conditions are met. More information about when this is applicable is available at www.privacyshield.gov and from your local EU DPA, UK ICO, or Swiss Federal Data Protection and Information Commissioner.
As mentioned above, we may disclose personal information to third-party service providers that we use to support our business. We remain responsible under the Privacy Shield Principles if these third parties process your personal information in a manner inconsistent with the Privacy Shield Principles (unless we are not responsible for the event giving rise to the damage).
If you send us a request to access, correct, delete, or object to or limit the use and disclosure of the personal data we hold about you, we will respond to your request in accordance with applicable law and our commitments under the Privacy Shield. These requests should be sent to us at email@example.com or the mailing address listed below. When ZS is processing your data on behalf of our client, ZS will assist facilitate your request in accordance with applicable law and our obligations to our client.
Your personal data is kept for as long as required by our contract with our client and their license for our services.
We provide reasonable and appropriate physical, electronic and procedural safeguards intended to maintain the confidentiality of the personal data we collect. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
Our apps are not intended for users under the age of 13. Additionally, we do not knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that their child has provided us with information without their consent, he or she should contact us at firstname.lastname@example.org. We will delete such information from our files within a reasonable time.
ZS Associates, Inc.
Attn. Data Protection Officer
One Rotary Center
1560 Sherman Ave. Ste. 800
Evanston, IL 60201 USA
© 2009-2021 ZS