Please note that the present Policy only applies to the data processing relationship between Zendoc and you either as a natural person, or as a legal entity’s representative. In relation to users as natural person located within the European Union (“EU”) member countries, according to the provisions of the GDPR, Zendoc shall be deemed as data processor.
By using the Services of Zendoc, you or a legal entity you represent as our user shall be deemed as a data controller and Zendoc shall be considered as a data processor. The rights and obligations regarding to that relationship between you as data controller and Zendoc as data processor is governed by the Addendum.
Zendoc may from time to time handle personal data collected from individuals located within the European Union member countries. Consistent with the regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”) Zendoc grants the enhanced data protection for the individuals located within the EU. Our adherence to the GDPR regarding the personal data collected from individuals located within the EU is detailed in this Policy.
Please note that as of July 16, 2020 the European Court of Justice invalidated the Decision 2016/1250 on the adequacy of the protection provided by the EU-US Privacy Shield, which means that participants of the Privacy Shield Framework are no longer deemed to provide appropriate safeguards for the personal data of European citizens. In line with this judgement the EU and the US is working together to achieve a complete and effective framework guaranteeing that the level of protection granted to personal data in the US is essentially equivalent to that guaranteed within the EU. In the meantime, our Zendoc stays committed to protecting our customers personal data and uses good faith and commercially reasonable efforts to fully comply with the regulations of the GDPR (effective on July 16, 2020).
This Policy covers Zendoc’s treatment of information that Zendoc gathers when you are accessing Zendoc’s Platform as a user and when you use Zendoc’s Services. Also, this Policy covers Zendoc’s treatment of your information that Zendoc shares with Zendoc’s business partners. This Policy does not apply to the practices of third parties that Zendoc does not own or control (such as third-party Platforms that you may access from the Platform), or to individuals that Zendoc does not employ or manage.
2. What information does Zendoc collect?
The information we gather from users enables Zendoc to personalize and improve our Services and to allow our users to set up accounts on the Platform. We collect the following types of information from our users and their customers:
2.1 Information You Provide to Us:
We receive and store any information you as our user enter on our Platform or provide to us in any other way. The types of information collected include, without limitation, your full name, email address, mailing address phone number of billing party, password, contact information and content consumed on the Platform. Some of this information is not mandatory but may be necessary to use all of our functions.
In addition, we may collect the following financial data: account holder name, bank name, account number, currency of account. For taxation reasons, we need to collect Tax ID (US: tin: SSIN/EIN), citizenship, country of residence. In some cases, we’ll need to ask for a government ID, Green Card, or other proof of address or proof of residency status as regulated by taxation law.
2.2 Information Collected Automatically:
We receive and store certain types of information whenever you as our user interact with our Platform or Services. Zendoc automatically receives and records information on our server logs from your browser including your IP address, unique device identifier, browser characteristics, domain and other system settings, search queries, device characteristics, operating system type, language preferences, referring URLs, actions taken on our Platform, page requested, content consumed (e.g., viewed, uploaded, and shared), dates and times of Platform visits, and other information associated with other files stored on your device.
2.3 Information we receive from you regarding your users and from third parties:
By providing our Services we receive and collect certain personal data on the customers of our users that is provided to us by third parties (e.g. Helpdesks, CRMs, Surveys, Email) and we also receive personal data for the purpose of processing directly from our users including, but not limited to the uploaded or shared personal data of our user’s customers, like name, e-mail, phone number, address, gender, age or IP address.
If the provisions of the GDPR shall apply, in that relationship regarding to the personal data of your customers you shall be deemed as data controller, and therefore you as our user are also responsible to comply with the provisions of the GDPR. Please note, that in such case the data processing relationship between the data controller and the data processor shall be governed by a written contract, and such written contract shall satisfy the requirements of Article 28 of the GDPR. In order to facilitate your compliance with the provisions of the GDPR, Zendoc provides you a written contract on data processing, therefore, the data processing relationship between you, as a data controller and Zendoc, as a data processor shall be governed by the Addendum.
3. What About Cookies?
4. How Does Zendoc Use My Information?
We may use your information, including your personal information, as follows:
- We process the following personal data for the purpose and on the legal basis of the performance of the contract, product and service fulfillment:
- Full name
- Email address
- Mailing address
- Financial data: account holder name, bank name, credit card, account number, currency of account
The information you provide is used for purposes such as responding to your requests for certain products and services, customizing the content you see, communicating with you about specials, sales offers, and new features, and responding to problems with our Services. It is also used to fulfill and manage payments or requests for information, or to otherwise serve you, provide any requested services and administer contests.
- We process the following personal information based on your consent (as the legal basis of this processing) for marketing purposes, newsletters, receipt messages, e-mails, and mobile messages. We also send marketing communications and other information regarding services and promotions based on your consent and administer promotions:
- Full name
- Email address
- Mailing address
You shall always have the right to withdraw your consent at any time.
- We process personal data for the purpose and on the legal basis of compliance with legal obligations to prevent fraudulent transactions, monitor against theft and otherwise protect our customers and our business. We also process personal data for the purpose and on the legal basis of legal compliance and to assist law enforcement and respond to subpoenas.
This means that in some cases the data processing is stipulated by the applicable laws and we have an obligation to process and keep this data for the required time. This includes employment data, billing data, data which is necessary to assist law enforcement etc.
- We process the following personal data for the purpose and on the legal basis of the legitimate interests of Zendoc, to improve the effectiveness of the Platform, our Services, and marketing efforts, to conduct research and analysis, including focus groups and surveys and to perform other business activities as needed, or as described elsewhere in this Policy:
- IP address
- Browser information
- Contact information
- Content consumed on the Platform
- Content contributed to the Platform
- Unique device identifier
- Browser characteristics
- Domain and other system settings
- Search queries
- Device characteristics
- Operating system type
- Language preferences
- Referring urls
- Actions taken on our Platform
- Page requested
- Content consumed (e.g., viewed, uploaded, and shared)
- Dates and times of Platform visits
- Other information associated with other files stored on your device
Where it is feasible, we anonymize personal data or use non-identifiable statistical data. We do not collect personal data in advance and store it for potential future purposes unless required or permitted by the applicable laws.
For collecting anonymously the above-mentioned data and making statistics and analysis we may use software and programs found here https://zendoc.com/third-party-and-sub-processors:
- Data integrity and purpose limitation: Zendoc will only collect and retain personal data which is relevant to the purposes for which the data is collected, and we will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorized by you. We will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete and current. We may occasionally contact you to determine that your data is still accurate and current.
5. How Long We Retain Your Personal Data?
We will retain your personal data for so long as it is needed to fulfill the purposes outlined in this Policy or until you withdraw your consent, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no longer or no legal basis to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
6. Will Zendoc share any of the information it receives?
Information about our users is an integral part of our business, and we may share such information with our affiliated entities. Except as expressly described below, we neither rent nor sell your information to other people or nonaffiliated companies unless we have your permission.
6.1 Third Party Service Providers:
We may share certain personal information with third party vendors who supply software applications, web hosting and other technologies for the Platform and the Services. We will only provide these third parties with access to information that is reasonably necessary to perform their work or comply with the law. Those third parties will never use such information for any other purpose except to provide services in connection with the Platform and the Services. We may also share aggregated or de-identified information, which cannot reasonably be used to identify you. We may also request data process service for processing the personal data. During the service of data process, the data processor shall abide under the present Policy, relevant legislations in force, furthermore the provisions of the existing contracts of Zendoc.
6.2 List of Third-Party Service Providers can be found here.
6.3 Transfer of Personal Data collected from individuals located within the EU:
Our service providers have their registered seat in the United States and they comply with the EU-US and the EU-Swiss Privacy Shield Frameworks, therefore transfer of your personal data to the aforementioned service providers was deemed safe until July 16, 2020. Please note that according to the judgement no. C-311/18 of the Court of Justice of the European Union, these companies no longer considered to provide appropriate safeguards for the personal data of European citizens. For more information, you can read the judgement here.
If we transfer personal data collected from individuals located within the EU to a third-party acting as a data processor, and such third-party agent processes your personal information in a manner inconsistent with the GDPR, we may be responsible under the rules of the GDPR.
We only transfer personal data collected from individuals located within the EU only with the consent of the individuals to a third-party having a registered seat outside the EU or the United States of America acting as a data processor without the appropriate safeguards set out in the GDPR, or when it is necessary for the performance of the contract. Zendoc will make every effort to ensure that the personal data transferred is safe and secure and that the personal data is processed in a manner consistent with the GDPR.
6.4 Zendoc may release your information:
(a) in response to subpoenas, court orders or legal process, to the extent permitted and as restricted by law;
(b) when disclosure is required to maintain the security and integrity of the Platform, or to protect any user’s security or the security of other persons, consistent with applicable laws;
(c) when disclosure is directed or consented to by the user who has input the personal information; or
(d) in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.
6.5 Opt-In for Promotions:
We do not share personally identifiable information with other third-party organizations for their marketing or promotional use without your consent or except as part of a specific program or feature for which you will have the ability to opt-in.
6.6 With Your Consent:
Except as set forth above, you will be notified when your information may be shared with third parties and will have the option of preventing the sharing of this information.
6.7 Data retention and aggregated data processing
Please note that we may retain certain personal information after your account has been terminated. We reserve the right to use your information in any aggregated data collection after you have terminated your account, however we will ensure that the use of such information will not identify you personally.
6.8 Accountability for onward transfer:
Zendoc will not transfer personal data originating in the EU or Switzerland to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your personal data as required by the GDPR. We acknowledge our liability for such data transfers to third parties.
7. Is information about me secure?
We take commercially reasonable measures to protect all collected information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Please understand that you can help keep your information secure by choosing and protecting your password appropriately, not sharing your password and preventing others from using your computer. Please understand that no security system is perfect and, as such, we cannot guarantee the security of the Platform, or that your information won’t be intercepted while being transmitted to us. If we learn of a security systems breach, then we may either post a notice, or attempt to notify you by email and will take reasonable steps to remedy the breach.
8. Children’s Privacy
Our Platform is not directed to children under 16 and we do not knowingly collect personal information from children under 16. If we learn that we have collected personal information of a child under 16 we will take steps to delete such information from our files as soon as possible. If you are aware of anyone under 16 using the Platform, please contact us at email@example.com.
9. Links to Third Party Sites and Services
10. Your Privacy Rights
10.1 Access and Retention:
If you have a Platform account, you can log in to view and update your account information. You have the right to obtain confirmation of whether or not we are processing personal data relating to you, have communicated to you such data so that you could verify its accuracy and the lawfulness of the processing and have the data corrected, amended or deleted where it is inaccurate or processed in violation of the GDPR.
We encourage you to contact us at firstname.lastname@example.org with your questions or concerns, or to request edits to your personal information, or to have it removed from our database. Requests to access, change or remove your personal data will be handled within 30 days.
10.2 Additional Rights for EU Territory:
If you are from the territory of the EU, you may have the right to exercise additional rights available to you under applicable laws, including:
(a) Right of Erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
(b) Right to Object to Processing: You may have the right to request Zendoc to stop processing your personal information and/or to stop sending you marketing communications.
(c) Right to Restrict Processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information, we hold about you is inaccurate or unlawfully held).
(d) Right to Data Portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
If you would like to exercise such rights, please contact us at email@example.com. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to complain to the EU Data Protection Authority about our collection and use of your personal data. For more information, please contact your local EU Data Protection Authority.
11. Recourse, Enforcement and Liability
11.1 Zendoc is committed to protecting your personal data as set forth in this Policy. If you think we are not in compliance with our Policy, or if you have any question or if you wish to take any other action concerning this Policy, contact us at firstname.lastname@example.org. You can also contact us at our contact office (address: 600 1st Ave, Seattle, WA 98104, United States). We will investigate your complaint, take the appropriate action and report back to you within 30 days.
In addition, if you are from the territory of the EU, you also have the right to complain to the EU Data Protection Authority about our collection and use of your personal data. For more information, please contact your local EU Data Protection Authority.
11.2 If your personal data in question was transferred from the EU or Switzerland to the United States and you are not satisfied with our response, we have further committed to refer unresolved complaints to the dispute resolution procedures of the EU Data Protection Authorities. Zendoc will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints concerning personal data that is transferred from the EU to the United States. For complaints involving personal data transferred from Switzerland, we commit to cooperate with the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) and comply with the advice given by the FDPIC. Complaints regarding processing of personal data pertaining to data subjects located in the EU and Switzerland may be reported by the individual to the relevant Data Protection Authority.
These recourse mechanisms are available at no cost to you. Damages may be awarded in the accordance with the applicable law.
12. Modifications to this Policy
We will modify this Policy if our privacy practices change. We will notify you of such changes by posting the modified version on our Platform and indicating the date it was last modified, and, if the changes are significant, we will provide a more prominent notice (including by email in certain instances). The date this Policy was last modified is at the top of this page. Please periodically review this Policy so that you are familiar with the current Policy and aware of any changes.
If you have any questions concerning this Policy or the Services, please contact us at email@example.com. You can also contact us at our contact office (address: 600 1st ) Ave, Seattle, WA 98104, United States.