Effective Date: January 1, 2020
Zscaler recognizes that California has expanded its existing privacy protections by giving consumers additional rights with respect to Personal Data, including without limitation the right to know the categories and specific pieces of Personal Data collected by us; our business or commercial purpose for collecting Personal Data; the categories of sources we’ve used to collect Personal Data; the categories of third parties we may share Personal Data with; the right to access Personal Data; and the right to opt out to the sale of Personal Data. This Notice contains terms that reflect Zscaler’s commitment to comply with the California Consumer Privacy Act of 2018, Civil Code sections 1798.100 et seq. (the “CCPA”)
Data Collection and Use
|Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||
|Internet or Other Similar Network Activity||
In addition to the above categories and specific pieces of Personal Data, we may obtain or process other data provided by a customer, vendor, or partner pursuant to a written agreement to facilitate Zscaler’s provision of the Products, to help Zscaler maintain the safety, security, and integrity of the Products, or to allow Zscaler to receive services.
We also may obtain or process certain types of data or information in addition to the above, which are not included in your Personal Data or which do not fall within the scope of the CCPA. These types of data or information may include deidentified or aggregated information about you or any information that is publicly available from government records.
We process Personal Data only for the purpose of providing services to our customers and for any other purpose contractually authorized by the consumer or business for whom we perform services. Zscaler will only process Personal Data in ways that are compatible with the purpose for which Zscaler collected the Personal Data, or for purposes that the individual or entity providing the Personal Data later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. Zscaler maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use.
Human Resources Data
Zscaler also receives human resources data from its employees in California to manage various aspects of the employment relationship and the provision of services to its customers. This human resources data includes current or past job history and informal performance evaluations. handling of this data is subject to internal corporate policies which are consistent with this Notice and the CCPA. Zscaler commits to cooperate with the California Attorney General as well as the California Department of Justice and comply with the advice given by such authorities with regard to human resources data collected, processed, or disclosed pursuant to the CCPA.
Data Transfers to Third Parties
Disclosures for National Security or Law Enforcement
Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
We do not sell personal information of any individual, including personal information of minors under 16 years of age.
We do partner with third parties to manage our advertising on other sites. Our third-party partners may also use technologies such as cookies or other technologies to gather information about your activity on our website and other sites in order to suggest advertisements based upon your browsing activities and interests. For more information, please visit our Cookies Policy.
We have not disclosed any personal information for valuable consideration in the twelve (12) months prior to the Effective Date of this Notice.
Security and Data Retention
Zscaler maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with industry standards and the CCPA.
Right to Know
Under the CCPA, you have the right to know what Personal Data we have collected, sold, or otherwise disclosed to third parties, including the categories and specific pieces of your Personal Data that we have collected, sold, or otherwise disclosed to third parties; the purposes for which we collected, sold, or otherwise disclosed your Personal Data to such third parties; and the categories of third parties with whom we share your Personal Data.
If you would like us to disclose such information, you can submit a written request using the contact information in the "Contact Us" section below.
In accordance with the CCPA, in complying with your request, we will only provide information regarding the Personal Data that we have collected, sold, or otherwise disclosed to third parties over the previous twelve (12) months.
Right to Access
You have the right to access specific pieces of your Personal Data that we hold about you free of charge in the manner in which you choose and, if such manner is provided electronically by you or on your behalf, in a portable and, to the extent technically feasible, readily useable format. This access right may not apply in some cases, including where providing access is manifestly unfounded or excessive (for instance, because of the requests’ repetitive character or because it would violate the rights of someone other than the individual requesting such access). If you would like to request access to your Personal Data, you can submit a written request using the contact information in the "Contact Us" section below.
In order to maintain operational efficiency, we will comply with such requests from the same California resident no more than two (2) times in a rolling twelve (12) month period.
Right to Delete
You have the right to request we delete any of the Personal Data that we have collected and retained about you. This deletion right may not apply in some cases, including in the following instances:
- To complete the transaction for which we collected the Personal Data, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- To debug the Products to identify and repair errors that impair existing intended functionality;
- To enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- To comply with a legal obligation; or
- To make other internal and lawful uses of that information that are compatible with the context in which you provided it.
If you would like to request we delete your Personal Data, you can submit a written request using the contact information in the "Contact Us" section below.
Right to Non-Discrimination
You have the right to not be discriminated against by us for exercising your rights under the CCPA. This means that we cannot deny you our services, charge you different prices or rates, or provide different levels of service to you except to the extent permitted by the CCPA. If you feel that we have discriminated against you for exercising your rights under this Notice, you can submit a written request using the contact information in the "Contact Us" section below.
Questions or Complaints
For purposes of enforcing compliance with the CCPA, Zscaler is subject to the investigatory and enforcement authority of the California Attorney General and the California Department of Justice. For more information about the CCPA, see California Attorney General’s website on the CCPA located at https://oag.ca.gov/privacy/ccpa.
If you have any questions about this Notice or would like to exercise any of your rights under this Notice and the CCPA with respect to your Personal Data, please contact us as follows:
Attn: Privacy Department
120 Holger Way
San Jose, CA 95134, USA
Email: [email protected]
We will try to respond to verified requests within forty-five (45) days of our receipt of the verified request; however, if we need more time we will let you know in writing why we need more time and how much more time we need (which may be an additional forty-five (45) days).
Note that only you, or someone legally authorized to act on your behalf, may exercise your rights under this Notice and the CCPA with respect to your Personal Data. As such, as required under the CCPA, we may request specific information from you to confirm your identity or the authority of another party making the request. If any request for additional information include additional Personal Data, we will only use such additional Personal Data to verify the identity of the requester or the authority to make the request. In limited circumstances, if the scope of your request is excessive, repetitive, or manifestly unfounded then we may charge you a reasonable fee to the extent permitted under the CCPA. If we determine that your request warrants a fee, we will tell you in advance and why we made that decision.
Changes To This Notice
We reserve the right to amend this Notice from time to time consistent with the requirements of the CCPA.