Privacy statement

EFFECTIVE MARCH 1, 2014

Overview

What Is Covered in this Privacy Statement? This Privacy Statement contains information on how Zscaler, Inc. (“we”), processes certain categories of data relating to individual persons.

  • If you are a visitor to our website, www.zscaler.com, please see the section "Website Privacy" below for a comprehensive description of our data processing practices with respect to data about you.
  • If you are an end user of Zscaler Services, please see the section "Service End User Privacy" below for information on our data processing practices with respect to data about you.
  • If you are a resident of any European Union Member State, please also see the section "EU Safe Harbor Privacy Statement" below for a comprehensive description of our data processing practices with respect to data about you in reference to the EU Safe Harbor Principles. We refer to data relating to you as an identifiable individual as "EU Personal Data."
  • Zscaler reserves the right to amend this policy at anytime and the revised policy will take effect on the date posted on the Zscaler website.

How Can You Contact Us? If you have questions or concerns regarding this Privacy Statement, please feel free to contact us by email at info@zscaler.com or write to us at:

Privacy Matters
c/o Zscaler, Inc.
San Jose, CA 94085, USA
Phone: 866-902-7811 or 408-826-8250

Website Privacy

What Is Covered by This Section? The paragraphs in this section describe how we use and disseminate information collected about Website Visitors through our Website. It does not cover any other data processing activities.

Your Use of the Public Website Implies Consent. Your use of the Website signifies your acceptance of this Privacy Statement. If you do not agree or are not comfortable with any policy described in this Privacy Statement, your remedies are to discontinue your use of the Website.

If You Don't Volunteer Any Personal Data, We Won't Collect Any Through the Website. We use cookies and various traffic tracking technologies to monitor the use of our Website. We collect such data related to IP addresses but do not link it to any personally identifiable information (such as names and email addresses) that you may voluntarily submit to us through other means (except as described below, in "Agents and Service Providers").

Agents and Service Providers. We may engage data processing agents and service providers that assist us in the processing of personally identifiable information that Website Visitors may volunteer through the Website, as well as electronic messages and traffic data that is linked to IP addresses. Such third parties process data only on our behalf and are contractually obligated to refrain from using such data for their own purposes. Each time visitors visit our Website after they have submitted a Web Form to us or clicked on a particular link in a marketing email from us, we maintain a record of certain information about their visit including the pages viewed on our Website, the time of the visit, the order of pages accessed and the amount of time such visitors spend at each page. We use this information to better tailor our services to our visitors.

Use of Cookies. A cookie is a small text file containing information that a web browser transfers to your computer's hard disk for record-keeping purposes. On the Website, we may use cookies to analyze our site traffic patterns, but, except as described above, we link cookies only to IP addresses and not any personally identifiable information about Website Visitors (such as names or email addresses). For example, we currently use third party service providers (e.g. Google Analytics) to analyze traffic to the Public Website. Other than as mentioned above, the software used by us does not have a database of individual profiles for each visitor connected to personally identifiable information. This third party software uses cookies to track non-personally identifiable information, and links cookies only to IP addresses and aggregate data about the traffic to the Website. Most web browsers automatically accept cookies. Please consult your browser's manual or online help if you want information on restricting or disabling the browser's handling of cookies. If you disable cookies, you can still view the Website, but some features may not be available and you may not be able to take advantage of offers or activities regarding online registration, which includes online sales.

Volunteered Information Collected on the Website. Website Visitors may contact us in a variety of ways, including, without limitation, by completing the Web Forms described in the table below. Contact information, such as name, address, email addresses and/or phone number, is typically provided when using these methods. This information is used to provide the services that are requested by the Website Visitor (e.g. to respond to your request for further information about us or our services, to send you a newsletter or White Paper if you request them, to send you free software, etc.). We do not sell your name to an independent third party.

Website Visitors may sign up to receive various information or services from us, including the following: (i) free trials of our services, (ii) White Papers, (iii) product demonstrations, (iv) our Webinars or those of other third parties. We may send promotional emails to Website Visitors who have sent us such Web Forms. We may provide your information from these Web Forms to certain of our authorized resellers to communicate information to you about our services.

We also allow Website Visitors to contact us by email with questions, comments or requests. The information collected from these emails is used to reply to such questions, comments, or requests. Sometimes we file visitor's comments, so that we can improve the Website in the future.

Disclosure to Third Parties. In the course of our normal business activities, we do not share personally identifiable data about Website Visitors with any independent third parties, other than with our agents, service providers and authorized resellers as described in the preceding paragraphs "Agents and Service Providers" and "Volunteered Information Collected on the Website." In particular, we are not in the business of selling, renting or loaning personally identifiable information to independent third parties.

Nevertheless, we may have to disclose information to third parties when required by law or under the good-faith belief that such disclosure is necessary in order to conform to applicable law, comply with legal process served on us, or to protect the property or interests, its agents and employees, or the personal safety of others, or the public. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of the disclosure, and we reserve the right to not provide such notice in its sole discretion.

If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

Links to Other Sites. The Website may contain links to other sites. We are not responsible for the privacy practices of any sites other than our own. This section on "Website Privacy" applies only to information collected by us on the public website. We may use service providers to collect certain information about those users who register for our webinars including the user's name, title, company name, physical address, email address, phone number, web address, job title, company size, and job function. Our service providers then provide us this information so that we may follow-up to provide our services to such users.

Service End User Privacy

What Is Covered by This Section? The paragraphs in this section provide information on how we use and disseminates information collected about End Users of our Zscaler services. It does not cover any other data processing activities.

Zscaler is a data processor which processes web traffic on behalf of its client who is the data controller. Clients contract with Zscaler to deliver such web traffic security services. The term data controller is defined in US Safe Harbor and EU privacy legislation as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. The data controller retains full responsibility for the data with regards to the individual(s) concerned. The term data processor means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

All legislation referred to herein requires that the relationship between a data controller and a data processor is covered by a contract before outsourcing related to the processing of personal data takes place. The purpose of the contract is to protect the interests of the data controller, i.e. the person or body who determines the purposes and means of processing, who retains full responsibility for the data with regards to the individuals concerned. The contract thus specifies the processing to be carried out and any measures necessary to ensure that the data are kept secure.

Zscaler obligations. Zscaler’s obligations may vary according to the jurisdiction of our client and their area of business. The typical obligations to ensure compliance with the most common privacy legislation are: to comply with the U.S. Safe Harbor principles, EU data protection legislation or other similar national legislation as a data processor; to ensure that the data is only used for the purpose of providing our web security service and purposes that are authorized and requested by our client; to keep the data confidential.

Client obligations. To ensure that we process personal data in accordance with relevant privacy regulations we will only offer our service under a contract which defines the obligations of Zscaler and our client according to applicable privacy legislation. We will always require our clients to comply with relevant privacy legislation as the data controller. Zscaler does not control the sharing of personal information related to our service. This is governed by our client, the data controller, in accordance with the client privacy policy and applicable privacy legislation.

Zscaler may transfer personal data when legally required to do so. Zscaler will not transfer personal data to other entities without authorization or request from our client unless Zscaler is legally required to do so, for example, by a court order or subpoena.
Who should End Users contact regarding privacy? If you are an end-user of our service you should contact our client for any information related to information held about you and the privacy policy which governs the relationship between you and our client. In many cases our client will be your employer.

Access by Zscaler employees. We intend to protect individual personal information and to maintain its privacy. Zscaler implements reasonable physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. For example, we encrypt certain sensitive personal information when we transmit such information over the Internet. We also limit access to private and confidential data on our systems to only those employees with a specific need to retrieve this information.

EU Safe Harbor and Swiss Safe Harbor Privacy Statement

Zscaler complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Zscaler has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Zscaler’s certification, please visit http://www.export.gov/safeharbor/

Ad Retargater