Zscaler Privacy Policy

Last Updated: SEPTEMBER 1, 2015

This Privacy Policy (“Policy”) explains how information is collected, used and disclosed by Zscaler, Inc. (“Zscaler” or “We”), and applies to information we collect when you use or access our online website at www.zscaler.com (the “Website”), products or services (collectively, the “Zscaler Services”), or when you otherwise interact with us. We respect the privacy rights of users and recognize the importance of protecting information collected about you. If you use the Zscaler Services as part of an entity or organization that has a contract with Zscaler, the terms of that organization’s contract for the Zscaler Services may restrict our collection or use of your information more than what is described in this Policy.

Changes to This Policy

We may change this Policy from time to time. If we make any changes, we will notify you by revising the “Last Updated” date at the top of this Policy. If there are material changes to this Policy, we will notify you more directly by email or means of a notice on the home page prior to the change becoming effective. We encourage you to review our Policy whenever you access the Website or the Zscaler Services to stay informed about our information practices and the ways you can help protect your privacy. Your use of the Website or any Zscaler Services after the posting of such changes shall constitute your consent to such changes.

What Is Covered in this Policy? 

This Policy contains information on how we process certain categories of data relating to individual persons.

  • If you are a visitor to the Website, please see the section "Website Privacy" below for a comprehensive description of our data processing practices with respect to data about you.

  • If you are an end user of the Zscaler Services (“End User”), please see the section "End User Privacy" below for information on our data processing practices with respect to data about you.

  • If you are a resident of any European Union Member State, please also see the section "EU Safe Harbor Policy" below for a comprehensive description of our data processing practices with respect to data about you in reference to the EU Safe Harbor Principles. We refer to data relating to you as an identifiable individual as "EU Personal Data."

Website Privacy

The paragraphs in this section describe how we use and disseminate information collected about visitors of the Website. It does not cover any other data processing activities.

Your Use of the Website Implies Consent

Your use of the Website signifies your acceptance of this Policy. If you do not agree or are not comfortable with anything described in this Policy, your remedies are to discontinue your use of the Website.

If You Don't Volunteer Any Personal Data, We Won't Collect Any through the Website

We use cookies and various traffic tracking technologies to monitor the use of our Website. We collect such data related to IP addresses but do not link it to any personally identifiable information (such as names and email addresses) that you may voluntarily submit to us through other means (except as described below, in "Agents and Service Providers").

Agents and Service Providers

We may engage data processing agents and service providers that assist us in the processing of personally identifiable information that visitors of the Website may volunteer through the Website, as well as electronic messages and traffic data that is linked to IP addresses. Such third parties process data only on our behalf and are contractually obligated to refrain from using such data for their own purposes. Each time a visitor visits our Website after they have submitted a web form to us or clicked on a particular link in a marketing email from us, we maintain a record of certain information about their visit including the pages viewed on our Website, the time of the visit, the order of pages accessed and the amount of time such visitors spend at each page. We use this information to better tailor our services to our visitors.

Use of Cookies

A cookie is a small text file containing information that a web browser transfers to your computer's hard disk for record-keeping purposes. On the Website, we may use cookies to analyze our site traffic patterns, but, except as described above, we link cookies only to IP addresses and not any personally identifiable information (such as names or email addresses) about visitors of the Website. For example, we currently use third party service providers (e.g. Google Analytics) to analyze traffic to the Website. Other than as mentioned above, the software used by us does not have a database of individual profiles for each visitor connected to personally identifiable information. This third party software uses cookies to track non-personally identifiable information, and links cookies only to IP addresses and aggregate data about the traffic to the Website. Most web browsers automatically accept cookies. Please consult your browser's manual or online help if you want information on restricting or disabling the browser's handling of cookies. If you disable cookies, you can still view the Website, but some features may not be available and you may not be able to take advantage of offers or activities regarding online registration, which includes online sales.

Volunteered Information Collected on the Website

Visitors of the Website may contact us in a variety of ways, including, without limitation, by completing the web forms described in the table below. Contact information, such as name, address, email addresses and/or phone number, is typically provided when using these methods. This information is used to provide the services that are requested by the visitor of the Website (e.g. to respond to your request for further information about us or our services, to send you a newsletter or white paper if you request them, etc.). We do not sell your name to an independent third party.

Visitors of the Website may sign up to receive various information or services from us, including the following: (i) free trials of our services, (ii) white papers, (iii) product demonstrations, and/or (iv) our webinars or those of other third parties. We may send promotional emails to visitors of the Website who have sent us such web forms. We may provide your information from these web forms to certain authorized resellers to communicate information to you about our services.

We also allow visitors of the Website to contact us by email with questions, comments or requests. The information collected from these emails is used to reply to such questions, comments, or requests. Sometimes we file a visitor's comments, so that we can improve the Website in the future.

Disclosure to Third Parties

In the course of our normal business activities, we do not share personally identifiable data about visitors of the Website with any independent third parties, other than with our agents, service providers and authorized resellers as described in the preceding paragraphs "Agents and Service Providers" and "Volunteered Information Collected on the Website." In particular, we are not in the business of selling, renting or loaning personally identifiable information to independent third parties.

Nevertheless, we may have to disclose information to third parties when required by law or under the good-faith belief that such disclosure is necessary in order to (i) conform to applicable law, (ii) comply with a legal process served on us, or (iii) to protect the property, interests, or personal safety of our agents, employees or the public. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of the disclosure, and we reserve the right to not provide such notice in our sole discretion.

If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

Links to Other Websites

The Website may contain links to other websites. We are not responsible for the privacy practices of any websites other than our own. This section on "Website Privacy" applies only to information collected by us on the Website.

End User Privacy

The paragraphs in this section provide information on how we use and disseminates information collected about End Users of the Zscaler Services. It does not cover any other data processing activities.

Zscaler is a data processor which processes web traffic on behalf of its customer who is the data controller. Customers contract with Zscaler to deliver web traffic security services. The term data controller is defined in US Safe Harbor and EU privacy legislation as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. The data controller retains full responsibility for the data with regards to the individual(s) concerned. The term data processor means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.

EU Safe Harbor and Swiss Safe Harbor Policy

Zscaler historically has complied with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Zscaler historically has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.

All legislation referred to herein requires that the relationship between a data controller and a data processor is covered by a contract before outsourcing related to the processing of personal data takes place. The purpose of the contract is to protect the interests of the data controller, i.e. the person or body who determines the purposes and means of processing, and who retains full responsibility for the data with regards to the individuals concerned. The contract thus specifies the processing to be carried out and any measures necessary to ensure that the data is kept secure.

Zscaler Obligations 

Zscaler’s obligations may vary according to the jurisdiction of our customer and their area of business. The typical obligations to ensure compliance with the most common privacy legislation are as follows: to comply with the U.S. Safe Harbor principles, EU data protection legislation or other similar national legislation as a data processor, to ensure that the data is only used for the purpose of providing our web security service and any other purposes that are authorized and/or requested by our customer, and to keep the personal data confidential.

Customer Obligations

To ensure that we process personal data in accordance with relevant privacy regulations we will only offer our services pursuant to a contract which defines the obligations of Zscaler and our customer according to applicable privacy legislation. We will always require our customers to comply with relevant privacy legislation as the data controller. Zscaler does not control the sharing of personal information related to our service. This is governed by our customer, who is the data controller, in accordance with the customer’s privacy policy and applicable privacy legislation.

Zscaler May Transfer Personal Data When Legally Required To Do So

Zscaler will not transfer personal data to other entities without authorization or request from our customer unless Zscaler is legally required to do so, for example, by a court order or subpoena.

Who Should End Users Contact Regarding Privacy?

If you are an End User of the Zscaler Services, you should contact our customer (usually your employer) for any information related to information held about you and the privacy policy which governs the relationship between you and our customer.

Access By Zscaler Employees 

We intend to protect individual personal information and to maintain its privacy. Zscaler implements reasonable physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure. For example, we encrypt certain sensitive personal information when we transmit such information over the Internet. We also limit access to private and confidential data on our systems to only those employees with a specific need to retrieve this information.

Children’s Personal Information

Zscaler does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Website or Zscaler Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through our Website or Zscaler Services without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through our Website or Zscaler Services, please contact us, and we will use commercially reasonable efforts to delete that information. Subscribers are responsible for establishing policies for and compliance with applicable laws for the collection of personal information in connection with the use of our Website or Zscaler Services.

How Can You Contact Us? 

If you have questions or concerns regarding this Policy, please feel free to contact us by email at info@zscaler.com or write to us at:

Zscaler, Inc.
Attn: Legal Department
110 Rose Orchard Way

San Jose, CA 95134, USA