Changes to This Policy
We may change this Policy from time to time. If we make any changes, we will notify you by revising the “Last Updated” date at the top of this Policy. If there are material changes to this Policy, we will notify you more directly by email or means of a notice on the home page prior to the change becoming effective. We encourage you to review our Policy whenever you access the Website or the Zscaler Services to stay informed about our information practices and the ways you can help protect your privacy. Your use of the Website or any Zscaler Services after the posting of such changes shall constitute your consent to such changes.
What Is Covered in this Policy?
This Policy contains information on how we process certain categories of data relating to individual persons.
If you are a visitor to the Website, please see the section "Website Privacy" below for a comprehensive description of our data processing practices with respect to data about you.
If you are an end user of the Zscaler Services (“End User”), please see the section "End User Privacy" below for information on our data processing practices with respect to data about you.
- If you are a resident of any European Union Member State, please also see the section "EU Safe Harbor Policy" below for a comprehensive description of our data processing practices with respect to data about you in reference to the EU Safe Harbor Principles. We refer to data relating to you as an identifiable individual as "EU Personal Data."
The paragraphs in this section describe how we use and disseminate information collected about visitors of the Website. It does not cover any other data processing activities.
Your Use of the Website Implies Consent
Your use of the Website signifies your acceptance of this Policy. If you do not agree or are not comfortable with anything described in this Policy, your remedies are to discontinue your use of the Website.
If You Don't Volunteer Any Personal Data, We Won't Collect Any through the Website
Agents and Service Providers
We may engage data processing agents and service providers that assist us in the processing of personally identifiable information that visitors of the Website may volunteer through the Website, as well as electronic messages and traffic data that is linked to IP addresses. Such third parties process data only on our behalf and are contractually obligated to refrain from using such data for their own purposes. Each time a visitor visits our Website after they have submitted a web form to us or clicked on a particular link in a marketing email from us, we maintain a record of certain information about their visit including the pages viewed on our Website, the time of the visit, the order of pages accessed and the amount of time such visitors spend at each page. We use this information to better tailor our services to our visitors.
Volunteered Information Collected on the Website
Visitors of the Website may contact us in a variety of ways, including, without limitation, by completing the web forms described in the table below. Contact information, such as name, address, email addresses and/or phone number, is typically provided when using these methods. This information is used to provide the services that are requested by the visitor of the Website (e.g. to respond to your request for further information about us or our services, to send you a newsletter or white paper if you request them, etc.). We do not sell your name to an independent third party.
Visitors of the Website may sign up to receive various information or services from us, including the following: (i) free trials of our services, (ii) white papers, (iii) product demonstrations, and/or (iv) our webinars or those of other third parties. We may send promotional emails to visitors of the Website who have sent us such web forms. We may provide your information from these web forms to certain authorized resellers to communicate information to you about our services.
We also allow visitors of the Website to contact us by email with questions, comments or requests. The information collected from these emails is used to reply to such questions, comments, or requests. Sometimes we file a visitor's comments, so that we can improve the Website in the future.
Disclosure to Third Parties
In the course of our normal business activities, we do not share personally identifiable data about visitors of the Website with any independent third parties, other than with our agents, service providers and authorized resellers as described in the preceding paragraphs "Agents and Service Providers" and "Volunteered Information Collected on the Website." In particular, we are not in the business of selling, renting or loaning personally identifiable information to independent third parties.
Nevertheless, we may have to disclose information to third parties when required by law or under the good-faith belief that such disclosure is necessary in order to (i) conform to applicable law, (ii) comply with a legal process served on us, or (iii) to protect the property, interests, or personal safety of our agents, employees or the public. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of the disclosure, and we reserve the right to not provide such notice in our sole discretion.
Links to Other Websites
The Website may contain links to other websites. We are not responsible for the privacy practices of any websites other than our own. This section on "Website Privacy" applies only to information collected by us on the Website.
End User Privacy
The paragraphs in this section provide information on how we use and disseminates information collected about End Users of the Zscaler Services. It does not cover any other data processing activities.
Zscaler is a data processor which processes web traffic on behalf of its customer who is the data controller. Customers contract with Zscaler to deliver web traffic security services. The term data controller is defined in US Safe Harbor and EU privacy legislation as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. The data controller retains full responsibility for the data with regards to the individual(s) concerned. The term data processor means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.
EU Safe Harbor and Swiss Safe Harbor Policy
Zscaler complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Zscaler has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Zscaler’s certification, please visit http://www.export.gov/safeharbor/
All legislation referred to herein requires that the relationship between a data controller and a data processor is covered by a contract before outsourcing related to the processing of personal data takes place. The purpose of the contract is to protect the interests of the data controller, i.e. the person or body who determines the purposes and means of processing, and who retains full responsibility for the data with regards to the individuals concerned. The contract thus specifies the processing to be carried out and any measures necessary to ensure that the data is kept secure.
Zscaler’s obligations may vary according to the jurisdiction of our customer and their area of business. The typical obligations to ensure compliance with the most common privacy legislation are as follows: to comply with the U.S. Safe Harbor principles, EU data protection legislation or other similar national legislation as a data processor, to ensure that the data is only used for the purpose of providing our web security service and any other purposes that are authorized and/or requested by our customer, and to keep the personal data confidential.
Zscaler May Transfer Personal Data When Legally Required To Do So
Zscaler will not transfer personal data to other entities without authorization or request from our customer unless Zscaler is legally required to do so, for example, by a court order or subpoena.
Who Should End Users Contact Regarding Privacy?
Access By Zscaler Employees
We intend to protect individual personal information and to maintain its privacy. Zscaler implements reasonable physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. For example, we encrypt certain sensitive personal information when we transmit such information over the Internet. We also limit access to private and confidential data on our systems to only those employees with a specific need to retrieve this information.
Children’s Personal Information
Zscaler does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Website or Zscaler Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through our Website or Zscaler Services without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through our Website or Zscaler Services, please contact us, and we will use commercially reasonable efforts to delete that information. Subscribers are responsible for establishing policies for and compliance with applicable laws for the collection of personal information in connection with the use of our Website or Zscaler Services.
How Can You Contact Us?
If you have questions or concerns regarding this Policy, please feel free to contact us by email at firstname.lastname@example.org or write to us at:
Attn: Legal Department
110 Rose Orchard Way
San Jose, CA 95134, USA