Effective Date: June 12, 2019
“Personal Data” means any data that relates to an identified or identifiable natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2 .Responsibility for Your Personal Data
• ZENB US, Inc., 950 W Fulton Market, Chicago, IL, 60607, USA
ZENB’s designated representative under GDPR is Ashurst LLP, which can be contacted at ZENB.EURepresentative@ashurst.com, or as specified in the “How to Contact Us” section below.
Categories of Individuals About Whom We Process Personal Data
We process Personal Data from or about the following categories of individuals:
• Customers and prospective customers of ZENB products and services (“Customer Data”)
• Users of the Site (“Site Data”);
• Individuals who are, or are associated with, ZENB vendors, service providers, business partners or other business contacts with whom we interact or seek to establish a relationship with (“Vendor Contact Data”);
• ZENB employees, and individual contractors and consultants (“HR Data”); and
3. Categories and Sources of Personal Data Processed
We may collect and store various types of Personal Data about you, depending on the category or categories in which you fall and the reason for which the Personal Data is processed. The following is a general summary of the Personal Data about you that we may process in each category, the sources of such Personal Data, and the purposes of processing:
3.1. Customer Data
As any business, we collect and process Personal Data regarding our customers and potential customers with whom we may interact from time to time. When you purchase products or services from us, or express an interest in doing so, we may collect Customer Data from you. Further, if you purchase products or services from us via our Site, we may collect Site Data from you as outlined below.
Categories of Customer Data: The Customer Data that we collect and process typically consists of information such as name, address, email address, phone number, other contact data (e.g., business card data), and similar relationship type data, as well as credit card number, order information and history, and shipping tracking numbers.
Sources of Customer Data: We obtain Customer Data about you (i) directly from you, such as when you order products from us or sign up for an account, to receive newsletters, emails, or other information from us, (ii) from others (e.g., referrals), and (iii) from publicly available sources, such as Web sites (e.g., LinkedIn, Facebook, etc.).
Purposes and Legal Basis for the Processing: We process Customer Data for a variety of purposes, including to: (1) facilitate your online shopping and provide the products and services you request from us, or which are part of a program you have joined or a purchase you have made, including processing purchases and e-mailing purchase receipts; (2) provide you with information about marketing and promotions; (3) improve ZENB’s products and services to provide you with the expected level of products and services; (4) ensure our Site, products, and services are of interest to you; (5) process account activations and; (6) facilitate collections; and (7) provide or offer you newsletters, promotions and featured specials, other marketing communications, product or service awareness marketing, to conduct surveys, sweepstakes, prize draws, and other contests. We may also provide some of these communications online, via email, telephone, mobile/text messaging (including SMS and MMS) and postal mail. Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by ZENB as a provider of products and services. It may also be done to comply with our legal obligations (such as record-keeping obligations).
3.2. Site Data
We may collect Personal Data when you use the ZENB Site at www.zenb.com or www.zenb.co.uk, including when you use any of the interactive features, widgets, plug-ins, applications, content, downloads and other services that we may own and control and make available through our Site, mobile application or online platform (collectively, the “Site” or the “Service”).
Categories of Site Data: When you interact with the Service, ZENB collects Site Data about you both actively and passively. We may collect two types of Site Data: (1) Personal Data about you that you voluntarily choose to provide to us, and (2) information related to your activities on the Site that we automatically collect as you interact with it (“Automatically Collected Information”).
Information You Voluntarily Provide: We collect Personal Data that you voluntarily provide in response to requests we may make at various places and through various mechanisms on the ZENB Site. The Personal Data we collect is usually limited to contact information necessary for the relationship, such as your name, e-mail address, physical address, phone, product preferences, etc.
For example, we may ask you to actively submit such Personal Data when you establish an account with us, order products or services from us, register to receive a newsletter or email communications, submit an inquiry or request to us using a form or e-mail address link on our Site, send an email to a ZENB addressor ZENB mail list that is listed on the ZENB Site, or participate in a ZENB membership or loyalty program or in one of our marketing programs. In such case, we will collect whatever Personal Data you voluntarily provide in response to our request.
Further examples of features on our Service where you may provide us with your Personal Information include:
Membership and Rewards Programs: When you create a ZENB account or enroll in a membership or rewards program through our Service, we may ask you for certain Personal Information, including your name, e-mail address, mailing address phone number, and date of birth. You may also create and share with us login information that we will store in connection with your account, including a user ID and password. When you manage your profile online, you may have the opportunity to provide additional information about your payment information and email subscription preferences. In addition, when you use our Service while logged in to your account or rewards program, you may have the opportunity to share your product preferences with us by indicating which items are your “favorites.”
In addition, our Service may allow you to use your account from other online services, including social media providers (such as Facebook, Instagram and Twitter) to log in to the ZENB Service. If you use accounts from other services on our Service, those third parties may share information about you with us.
Surveys: If you choose to participate in a customer survey, we may request demographic data or other Personal Data.
Sweepstakes and Promotions: If you submit an online application for a sweepstakes or other promotion, we may ask you to provide Personal Data. Please be aware that such Sweepstakes and Promotions may carry their own additional terms, in which case those policies would govern your participation.
Social Media: If you choose to participate in our sponsored social media activities or offerings, you may choose to give us access to certain information from your social media account consistent with your settings within the social media service, such as your location, check-ins, activities, interests, demographics, photos, status updates and friends list. You should understand that you are subject to the terms and conditions and any privacy policies of the social media site when using and sharing information on that site, and ZENB is not responsible for the use and collection of your information on any third-party Web site.
Purposes and Legal Basis for the Processing: We process Site Data for the purposes of delivering products and services to purchasers, building relationships with existing and potential customers and other interested parties, communicating with such parties, and analyzing and improving the ZENB Site. This includes keeping such people informed about our products and services. If you are a customer or potential customer we also process Site Data for the same purposes as Customer Data noted above. Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by ZENB to market and deliver its products.
3.3. Vendor Contact Data
As any business, we collect, receive, and process Vendor Contact Data regarding our vendors, service providers, business partners or other business contacts and third parties with whom we may interact from time to time.
Categories of Vendor Contact Data: The Vendor Contact Data that we collect and process typically consists of information such as name, title, position, employer, email address, other business contact data (e.g., business card data), and similar relationship type data. Such Vendor Contact Data may also include details of your visits to our offices.
Sources of Contact Data: We obtain Vendor Contact Data about you (i) directly from you, such as when you or your organization offer to provide or provide services to us, (ii) from others (e.g., referrals), and (iii) from publicly available sources, such as Web sites (e.g., LinkedIn, your business’ Web site, etc.).
Purposes and Legal Basis for the Processing: We process Vendor Contact Data for the purposes of building and managing relationships with existing and potential vendors and other interested parties, communicating with such parties, and generally operating ZENB’s business. Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by ZENB as a provider of products and services. It may also be done to comply with our legal obligations (such as record-keeping obligations), compliance screening or recording obligations, and financial and credit check and crime prevention and detection purposes.
3.4. HR Data
When you apply for employment with ZENB (whether as an employee, or as an individual contractor or consultant), when we evaluate your employment application and related materials (e.g., the results of pre-employment screenings), and thereafter throughout the course of your employment, contract or consulting arrangement, we obtain and process HR Data about you.
Categories of HR Data: The HR Data we collect and process varies by the roles and responsibilities that you undertake with ZENB, and our needs. Such Personal Data may include:
Individual Data: Your name, address, telephone and/or mobile telephone number, e-mail address, gender, marital status, date of birth/age, citizenship, relevant tax identification number(s), passport number, prior employers, education, prior employment history, results of criminal background screening, visa information, emergency contact information, name change information, CVs, etc.;
Job-Related Data: Your payroll and salary information, bank account information (to administer direct deposit and/or expense reimbursements), benefits and pension information, dependent and beneficiary information you provide, information about reimbursable expenses you incur on our behalf, information about ZENB-owned equipment assigned to you, tax and government reporting information, information about your performance on the job, including reviews, appraisals, warnings, individual and management development plans and reviews, and information relating to promotions and position changes (including requests), information regarding your compliance with company policies and certifications;
Special Categories of Personal Data: Your racial or ethnic origin, church affiliation (where necessary for deducting church taxes from your income), trade union membership, biometric data for the purpose of uniquely identifying you, data concerning health (e.g., leave information, information on pregnancy or disabilities in order to comply with legal requirements), Social Security number, or data that you voluntarily submit concerning your sexual orientation; and
Sources of HR Data: We obtain HR Data about you (i) directly from you, (ii) from our other employees (e.g., performance reviews by supervisors), and (iii) from third parties, such as government agencies, recruiters, employment agencies, screening companies, and references that you provide to us, as well as from publicly available sources, such as Web sites.
Purposes and Legal Basis for the Processing: Your HR Data is processed for the purpose of establishing and maintaining your employment relationship with us (whether as an employee or an individual contractor or consultant). The legal basis for such processing is that it is: (i) necessary for entering into and/or performing your employment relationship with ZENB, (ii) necessary for compliance with one or more legal obligations to which you or ZENB is subject (e.g., reporting to governmental or taxing authorities), and/or (iii) necessary for the purposes of the legitimate business interests pursued by ZENBin recruiting and employing personnel in order to provide its products and services.
4. How We Share Personal Data.
We may share selected Personal Data about you with the following parties or in the following circumstances.
4.1. Intra-ZENB. We may share Personal Data about you between or among ZENB entities, subsidiaries, affiliates, or agents as necessary for the conduct of our business.
4.2. Third Party Service Providers. We may share Personal Data about you with third parties who perform services for us or on our behalf, for the limited purpose of carrying out such services to assist us in our business operations. This includes, without limitation, third parties that assist in managing our organization, hosting or administering the Site or other systems, sending communications on our behalf, maintaining or analyzing our data, or providing marketing assistance.
4.3. Corporate Change. We reserve the right to disclose and transfer Personal Data about you in connection with a merger, consolidation, restructuring, financing, sale of substantially all assets, or other organizational change.
4.4. Legal Requirements and Law Enforcement. We may disclose Personal Data about you when we believe in good faith that the law requires it; at the request of governmental authorities conducting an audit or investigation; pursuant to a court order, subpoena, or discovery request in litigation; to verify or enforce compliance with our agreements or policies and applicable laws, rules, and regulations; or whenever we believe disclosure is necessary to limit our legal liability or to protect the service or enforce the rights, interests, or safety of the Site, its users, or other third parties. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.
4.5. Consent. We may also share Personal Data about you in accordance with any express consent you or your authorized agent give us which is specific to the purposes of the processing which you will be informed about at the time we request such consent. You do not have to give such consent. If you do give consent, you may withdraw it at any time by contacting us (see “How to Contact Us” section below), however please be aware that such withdrawal will not affect the lawfulness of Personal Data collected and processed prior to the date of your withdrawal of consent.
5. Cross-Border Transfers of Personal Data
ZENB may transfer Personal Data from one country to another from time to time. We will do so in compliance with applicable privacy and data protection law. Where we transfer Personal Data from the EU to any country outside the EU where there is no relevant adequacy decision, we will put in place EU Standard Contractual Clauses with such third party or otherwise ensure that a cross-border transfer condition required by GDPR is met.
Our data processing is currently done in the United States and Canada. If you are located outside of these countries, please be aware that the Personal Data we collect will be transferred to, and processed, stored, and used in the United States and/or Canada by us and/or by our third-party service providers.
6. Data Retention Period
7. Personal Data About Children
The Service is not directed to children younger than the age of majority in your jurisdiction. We do not knowingly collect Personal Data from or about children under the age of majority in your jurisdiction via the Site and we will delete any such information later determined to be from or about a person younger than the age of majority. As a parent or legal guardian, please do not to allow your children to submit Personal Data without your permission. In accordance with the Children’s Online Privacy Protection Act, in the event that we learn that we have collected Personal Data from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible.If you believe that we might have any Personal Data from or about a child, please contact us immediately at email@example.com.
8. Links to Third-Party Web Sites
We are not responsible for the privacy policies and practices of such third parties and, therefore, we encourage you to read the privacy policies of Web sites that you visit so that you understand how they collect and use your information before using such Web sites.
9. Protecting Personal Data
ZENB has implemented technical and organizational measures to ensure a level of security appropriate to the risks that are presented by ZENB’s processing of Personal Data (i) to protect your Personal Data from accidental or unauthorized access, disclosure, alteration or destruction, and (ii) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services for the Personal Data. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure, and we do not control the data security practices of any third-parties. For your own privacy protection, we encourage you not to include sensitive Personal Data in any emails you send to us. Additionally, please do not send credit card numbers or other payment information to us via email. We will not contact you by mobile/text messaging or email to ask for your confidential Personal Data or credit card details. If you receive this type of request, you should not respond to it. We also ask that you please notify us at firstname.lastname@example.org.
10. Your Rights as a Data Subject
To the extent provided by applicable law, you have the following rights:
• To request access to the Personal Data that we hold about you and to request that we rectify or erase it;
• To request a copy of the Personal Data that we hold about you;
• To request a transfer of your Personal Data from us to another data controller; and
• To request restriction of processing of your Personal Data or object to its processing.
We do not impose any charge for these requests (except further copies of data). For any such request, you can contact us by e-mail, postal mail, or phone as specified in the “How to Contact Us” section below. We will endeavor to respond to all requests in a timely manner, but in no event longer than thirty (30) days although where your request is complex it may takes us up to a further two months to provide a copy of your Personal Data.
Updating Personal Data About You: If any of the Personal Data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate Personal Data about you, please contact us as specified in the “How to Contact Us” section below. In addition, if you have an account on our Site you may access, review and update the information you provided to us at the time of registration any time by signing in to your account with our Service. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete Personal Data that you provide to us.
Withdrawing Consent: Where the lawful basis of our processing under the GDPR is that you have consented to it for a particular identified purpose, you have the right to withdraw that consent at any time. To do so, please contact us as specified in the “How to Contact Us” section below. If you do withdraw consent, this will not affect the lawfulness of any processing that was based on your consent before its withdrawal.
Filing a Complaint: In addition to the foregoing, you have the right to lodge a complaint in respect of your data protection rights with the applicable supervisory authority for data protection in your jurisdiction. If you are in the United Kingdom, that supervisory authority is the UK’s Information Commissioner’s Office: https://ico.org.uk/.
11. Third-Party Tracking and Do Not Track
12. California Privacy Rights
California Civil Code Section 1798.83 permits California residents who have supplied personal information, as defined in the statute, to us, under certain circumstances, to request and obtain certain information regarding our disclosure, if any, of personal information to third parties for their direct marketing purposes. If this applies, you may obtain the categories of personal information shared and the names and addresses of all third parties that received personal information for their direct marketing purposes during the immediately prior calendar year or to request to opt-out of such future sharing. To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request in writing at: Privacy Officer, ZENB US, INC., 950 W Fulton Market, Suite A, Chicago, IL 60607
14. Contact Us
By e-mail: email@example.com
By postal mail:
ZENB US, Inc.
Attn: Jim Behling, Privacy Officer
950 W. Fulton Market
Chicago, IL, 60607, USA
If you are an EU Individual, you can also contact ZENB’s designated representative under GDPR:
5 Appold Street
London, EC2A 2HA