Australian and New Zealand Data Privacy

Zscaler is committed to our customers’ success, including compliance with applicable privacy laws. Compliance requires a partnership between Zscaler and our customers in their use of our services and products. The following is a brief summary of how Zscaler complies with data privacy laws in Australia and New Zealand. For purposes of both Australian and New Zealand data privacy laws, Zscaler acts as the processor, not collector, of its customers’ data.

Australian Privacy Laws

In Australia, the key privacy legislation applying to Zscaler is the Privacy Act 1988 (Cth). The Privacy Act applies to most private sector organizations operating in Australia and sets a national standard for the collection, use and disclosure, quality and security of "Personal Information".

"Personal Information" is defined as any information or an opinion about an identified individual, or an individual who is reasonably identifiable: (i) whether the information or opinion is true or not; and (ii) whether the information or opinion is recorded in a material form or not. This information can include customer name and contact information including postal address, email address and telephone number, billing information, credit or debit card information, and transaction information for any products or services that may have been purchased.

In particular, the Privacy Act establishes the Australian Privacy Principles (APPs) that set out these key obligations.

The APPs regulate the collection, use and disclosure of Personal Information, and also allows individuals to access their personal information and have it corrected if it is incorrect. Further information regarding the APPs is set out on the Australian Government website at www.oaic.gov.au.

Of the 13 APPs, the following are most noteworthy:
 

  • APP 1 (open and transparent management of Personal Information) provides that entities must take reasonable steps to implement practices, procedures and systems that ensure compliance with the APPs and publish their privacy policy;
  • APP 5 (notification of collecting Personal Information) requires entities to ensure that before, at the time of, or as soon as practicable after, an entity collects Personal Information from an individual the entity must take such steps as are reasonable in the circumstances to notify the individual of the collection of Personal Information;
  • APP 7 (direct marketing) restricts the use or disclosure of Personal Information for direct marketing unless an exception applies; and
  • APP 8 (cross-border disclosure of personal information) requires that before an entity discloses Personal Information about an individual to a person or entity overseas, the entity must take reasonable steps to ensure that the overseas recipient does not breach the APPs.

Zscaler adheres to the APPs for all Personal Information that we collect from our customers and from any other individuals that we may receive or collect Personal Information from. For example:
 

  • We only collect Personal Information of individuals who have registered or signed up for our services or products (collectively “Products”) or who have signed up to receive information regarding our Products on our website or through other means; and
  • We only use Personal Information for the purposes set out in our contract with the customer and our Privacy Policy and we only disclose such Personal Information to third party agents as outlined in our Privacy Policy.

New Zealand Privacy Laws

In New Zealand, the Privacy Act 1993 (the Act) provides the parameters for information privacy and dealing with the collection and disclosure of personal information. Part 2 of the Act sets forth 12 information privacy principles (NZ IPPs) that stipulate how information can be collected and used, the manner for doing so, and individual rights for access to the information and how it can be corrected. These NZ IPPs can be found at https://privacy.org.nz/the-privacy-act-and-codes/privacy-principles/.

Of the 12 principles, the following are most noteworthy:
 

  • Collection of personal information, including reasons personal information may be collected, from where it may be collected, and how it is collected (Principles 1-4); and
  • Restrictions on personal information use or disclosure, including ensuring information is accurate and up-to-date, and that it isn't improperly disclosed (Principles 10 and 11).

Zscaler’s handling of Personal Information under our contract with our customers and our Privacy Policy is aligned with the 12 NZ IPPs, including those directing that Personal Information be collected for lawful purposes (e.g., for providing the Products or responding to customer support issues), that data should be collected directly from individuals (e.g., customer end users using our Products), that notice of collection of data and purpose of the data collection is provided, and/or that data be collected in a legal manner.

Complaints

If you wish to make a complaint about the way Zscaler has handled your Personal Information (including if you think we have breached any applicable privacy laws), you may contact us at privacy@zscaler.com. Please include your full name, contact details and a detailed description of your complaint. We will acknowledge receipt of your complaint and respond to you within a reasonable period of time. If you believe that we have failed to resolve the complaint satisfactorily, we will provide you with information about further steps you can take.