Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

California Privacy Policy

Effective Date: January 1, 2020

Introduction

This Privacy Notice for California residents ("Notice") describes how Zscaler, Inc. and its subsidiaries ("Zscaler" or "We" or "Us") collects, uses, and discloses certain information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a Californian resident or device (the "Personal Data"). This Notice supplements the Zscaler Privacy Policy located at www.zscaler.com/privacy-compliance/privacy-policy, and unless specifically defined in this Notice, the terms in this Notice have the same meaning as in the Zscaler Privacy Policy.

Zscaler recognizes that California has expanded its existing privacy protections by giving consumers additional rights with respect to Personal Data, including without limitation the right to know the categories and specific pieces of Personal Data collected by us; our business or commercial purpose for collecting Personal Data; the categories of sources we’ve used to collect Personal Data; the categories of third parties we may share Personal Data with; the right to access Personal Data; and the right to opt out to the sale of Personal Data. This Notice contains terms that reflect Zscaler’s commitment to comply with the California Consumer Privacy Act of 2018, Civil Code sections 1798.100 et seq. (the “CCPA”)

Data Collection and Use

In addition to the personal information described in the Zscaler Privacy Policy, Zscaler has received within the last twelve (12) months and may continue to receive in the future the following categories and specific pieces of Personal Data directly from you (for example, when you become a customer or when you complete of our forms at a marketing event or on our website) or indirectly from you (for example, when we receive your Personal Data from a customer or business for whom we perform services on behalf of):

Category

Specific Pieces

Identifiers

  • User IDs obtained from the customer’s corporate directory and identifying the user, group, and department within the customer’s organization
  • Public IP addresses in order to deduce the customer’s locations provisioned for use of the Products;
  • Certificates and keys in order to allow the customer to selectively intercept SSL communications; and
  • Customer employee authentication information, including user IDs such as user email addresses and organization group and department information, in order to allow the customer to create granular access control policies and log security incidents.

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

  • Billing and contact information (name, mailing address, phone number, email address, etc.) from partners and vendors.

Internet or Other Similar Network Activity

  • Transaction logs for all HTTP/HTTPS and non-HTTP/HTTPS transactions conducted by the customer; and
  • Certificates and keys in order to allow the customer to selectively intercept SSL communications.

In addition to the above categories and specific pieces of Personal Data, we may obtain or process other data provided by a customer, vendor, or partner pursuant to a written agreement to facilitate Zscaler’s provision of the Products, to help Zscaler maintain the safety, security, and integrity of the Products, or to allow Zscaler to receive services.

We also may obtain or process certain types of data or information in addition to the above, which are not included in your Personal Data or which do not fall within the scope of the CCPA. These types of data or information may include deidentified or aggregated information about you or any information that is publicly available from government records.

We process Personal Data only for the purpose of providing services to our customers and for any other purpose contractually authorized by the consumer or business for whom we perform services. Zscaler will only process Personal Data in ways that are compatible with the purpose for which Zscaler collected the Personal Data, or for purposes that the individual or entity providing the Personal Data later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. Zscaler maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use.

Human Resources Data

Zscaler also receives human resources data from its employees in California to manage various aspects of the employment relationship and the provision of services to its customers. This human resources data includes current or past job history and informal performance evaluations. handling of this data is subject to internal corporate policies which are consistent with this Notice and the CCPA. Zscaler commits to cooperate with the California Attorney General as well as the California Department of Justice and comply with the advice given by such authorities with regard to human resources data collected, processed, or disclosed pursuant to the CCPA.

Data Transfers to Third Parties

Service Providers

We have in the past twelve (12) months and may in the future transfer your Personal Data to our service providers that perform functions on our behalf as described in the Zscaler Privacy Policy. As required under the CCPA, we enter into written agreements with those service providers that contractually restrict them from retaining, using, or disclosing Personal Data they have received from us for purposes other than the specific purpose of performing the services specified in our contracts with them.

Disclosures for National Security or Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Third Parties

We do not sell personal information of any individual, including personal information of minors under 16 years of age.

We do partner with third parties to manage our advertising on other sites. Our third-party partners may also use technologies such as cookies or other technologies to gather information about your activity on our website and other sites in order to suggest advertisements based upon your browsing activities and interests. For more information, please visit our Cookies Policy.

We have not disclosed any personal information for valuable consideration in the twelve (12) months prior to the Effective Date of this Notice.

Security and Data Retention

Zscaler maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with industry standards and the CCPA.

Your Rights

Right to Know

Under the CCPA, you have the right to know what Personal Data we have collected, sold, or otherwise disclosed to third parties, including the categories and specific pieces of your Personal Data that we have collected, sold, or otherwise disclosed to third parties; the purposes for which we collected, sold, or otherwise disclosed your Personal Data to such third parties; and the categories of third parties with whom we share your Personal Data.

If you would like us to disclose such information, you can submit a written request using the contact information in the "Contact Us" section below.

In accordance with the CCPA, in complying with your request, we will only provide information regarding the Personal Data that we have collected, sold, or otherwise disclosed to third parties over the previous twelve (12) months.

Right to Access

You have the right to access specific pieces of your Personal Data that we hold about you free of charge in the manner in which you choose and, if such manner is provided electronically by you or on your behalf, in a portable and, to the extent technically feasible, readily useable format. This access right may not apply in some cases, including where providing access is manifestly unfounded or excessive (for instance, because of the requests’ repetitive character or because it would violate the rights of someone other than the individual requesting such access). If you would like to request access to your Personal Data, you can submit a written request using the contact information in the "Contact Us" section below.

In order to maintain operational efficiency, we will comply with such requests from the same California resident no more than two (2) times in a rolling twelve (12) month period.

Right to Delete

You have the right to request we delete any of the Personal Data that we have collected and retained about you. This deletion right may not apply in some cases, including in the following instances:

  • To complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
  • To debug the Products to identify and repair errors that impair existing intended functionality;
  • To enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
  • To comply with a legal obligation; or
  • To make other internal and lawful uses of that information that are compatible with the context in which you provided it.

If you would like to request we delete your Personal Data, you can submit a written request using the contact information in the "Contact Us" section below

Right to Non-Discrimination

You have the right to not be discriminated against by us for exercising your rights under the CCPA. This means that we cannot deny you our services, charge you different prices or rates, or provide different levels of service to you except to the extent permitted by the CCPA. If you feel that we have discriminated against you for exercising your rights under this Notice, you can submit a written request using the contact information in the "Contact Us" section below.

Questions or Complaints

For purposes of enforcing compliance with the CCPA, Zscaler is subject to the investigatory and enforcement authority of the California Attorney General and the California Department of Justice. For more information about the CCPA, see California Attorney General’s website on the CCPA located at https://oag.ca.gov/privacy/ccpa.

Contact Us

If you have any questions about this Notice or would like to exercise any of your rights under this Notice and the CCPA with respect to your Personal Data, please contact us as follows:

Zscaler, Inc.
Attn: Privacy Department
120 Holger Way
San Jose, CA 95134, USA
Email: via Contact Form

We will try to respond to verified requests within forty-five (45) days of our receipt of the verified request; however, if we need more time we will let you know in writing why we need more time and how much more time we need (which may be an additional forty-five (45) days).

Note that only you, or someone legally authorized to act on your behalf, may exercise your rights under this Notice and the CCPA with respect to your Personal Data. As such, as required under the CCPA, we may request specific information from you to confirm your identity or the authority of another party making the request. If any request for additional information include additional Personal Data, we will only use such additional Personal Data to verify the identity of the requester or the authority to make the request. In limited circumstances, if the scope of your request is excessive, repetitive, or manifestly unfounded then we may charge you a reasonable fee to the extent permitted under the CCPA. If we determine that your request warrants a fee, we will tell you in advance and why we made that decision.

Changes To This Notice

We reserve the right to amend this Notice from time to time consistent with the requirements of the CCPA.