Zscaler Privacy Policy

Last Updated: April 15, 2017

Introduction

This Privacy Policy (“Policy”) explains how information is collected, used and disclosed by Zscaler, Inc. and its subsidiaries (“Zscaler” or “We” or “Us"), and applies to information we collect when you use or access our online website at www.zscaler.com (the “Website”), products or services (collectively, the “Products”), or when you otherwise interact with us. We respect the privacy rights of users and recognize the importance of protecting your information. If you use the Products as part of an entity or organization that has a contract with Zscaler, the terms of that organization’s contract for the Products may restrict our collection or use of your information more than what is described in this Policy.

Zscaler has self-certified to and complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data transferred from the European Union and Switzerland, respectively, to the United States. Please click here to view our Privacy Shield Policy. References to “Policy” include the Privacy Shield Policy.

Changes to This Policy

We may change this Policy from time to time. If we make any changes, we will notify you by revising the “Last Updated” date at the top of this Policy. If there are material changes to this Policy, we will notify you more directly by email or posting a notice on our Website prior to the change(s) becoming effective. Your use of the Website or any Products after the posting of such change(s) constitutes your consent to such change(s). We encourage you to review our Policy whenever you use or access the Website or the Products to stay informed about our information privacy practices and the ways you can help protect your privacy. 

What Is Covered in this Policy? 

This Policy contains information on how we process certain categories of data relating to individual persons.

  • If you are a visitor to the Website, please see the section "Website Privacy" below for a comprehensive description of our data processing practices with respect to your data.
  • If you are an end user of the Products (“End User”), please see the section "End User Privacy" below for information on our data processing practices with respect to your data.
  • If you are a resident of any European Union Member State or Switzerland, please also see our Privacy Shield Policy for a comprehensive description of our data processing practices with respect to data about you in reference to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

Website Privacy

The paragraphs in this section describe how we use and disseminate information collected about visitors of the Website. It does not cover any other data processing activities.

If You Don't Volunteer Any Personal Data, We Won't Collect Any through the Website

We use cookies and various traffic tracking technologies to monitor the use of our Website. We collect such data related to IP addresses but do not link it to any personally identifiable information (such as names and email addresses) that you may voluntarily submit to us through other means (except as described below, in "Agents and Service Providers"). 

Your Use of the Website Implies Consent

Your use of the Website signifies your acceptance of this Policy. If you do not agree or are not comfortable with anything described in this Policy, your sole remedies are to either not access the Website or to discontinue your use of the Website.

Use of Information 

We generally use information collected on our Website for the following purposes: 

(a) to provide, operate, maintain, improve, and promote our Products; 

(b) to enable you to access and use our Products; 

(c) to process and complete transactions, and send you related information, including purchase confirmations and invoices; 

(d) to send transactional messages, including responses to your comments, questions, and requests; provide customer service and support; and send you technical notices, updates, security alerts, and support and administrative messages; 

(e) to send promotional communications, such as providing you with information about Products, features, surveys, newsletters, offers, promotions, contests, and events; and provide other news or information about us and our partners. You can opt-out of receiving marketing communications from us by contacting us at privacy@zscaler.com or following the unsubscribe instructions included in our marketing communications; 

(f) to process and deliver contest or sweepstakes entries and rewards; 

(g) to monitor and analyze trends, usage, and activities in connection with the Website and services and for marketing or advertising purposes; 

(h) to investigate and prevent fraudulent transactions, unauthorized access to our Products, and other illegal activities; 

(i) to personalize the Website and Products, including by providing features or advertisements that match your interests and preferences; and 

(j) for other purposes for which we obtain your consent.

Agents and Service Providers

We may engage data processing agents and/or service providers (collectively “Third Parties”) to assist us in processing information that visitors of the Website may volunteer through the Website, as well as electronic messages and traffic data that is linked to IP addresses. Such Third Parties process data only on our behalf and are contractually obligated to refrain from using such data for their own purposes. 

When a visitor visits our Website and submits a web form to us or clicks on a particular link in a marketing email from us, we maintain a record of certain information about their visit including the pages viewed on our Website, the time of the visit, the order of pages accessed and the amount of time such visitor spent at each page. We use this information to better tailor our Website and Products to our visitors.

Use of Cookies and Other Tracking Technologies

A cookie is a small text file containing information that a web browser transfers to its computer's hard disk for record-keeping purposes.

On the Website, we may use cookies to analyze our site traffic patterns, but, except as otherwise described herein, we link cookies only to IP addresses and not any personally identifiable information (such as names or email addresses) about visitors of the Website. For example, we currently use Third Parties (e.g. Google Analytics) to analyze traffic to the Website. Other than as mentioned above, such Third Parties do not have a database of individual profiles for each visitor connected to personally identifiable information. The Third Parties use cookies to track non-personally identifiable information, and link cookies only to IP addresses and aggregate data about the traffic to the Website. 

Most web browsers automatically accept cookies. Please consult your web browser's manual or online help tool if you want information on restricting or disabling the web browser's handling of cookies. If you disable cookies, you can still view the Website, but some features may not be available (such as offers regarding Products).

Web beacons, tags and scripts may be used on our Website or in email or other electronic communications we send to you. These assist us in delivering cookies, counting visits to our Website, understanding usage and campaign effectiveness and determining whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our third-party service providers on an individual and aggregated basis.

We may use Local Storage Objects (“LSOs”) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSOs. Third parties with whom we partner to provide certain features on our Website or to display advertising based upon your Web browsing activity use LSOs such as HTML5 and Flash to collect and store information. 

Volunteered Information Collected on the Website

Visitors of the Website may contact us in a variety of ways, including, without limitation, by completing the web forms described below. Contact information, such as name, address, email addresses and/or phone number, is typically provided when using these methods. This information is used to provide information regarding the Products that are requested by the visitor of the Website (e.g. to respond to your questions regarding Products or to send you a newsletter or white paper about the Products). By voluntarily providing us with this information, you represent that you are the owner of such personal data or are otherwise authorized to provide it to us.

Visitors of the Website may sign up to receive various information or services from us, including the following: (i) free trials or evaluations of our Products, (ii) white papers, (iii) product demonstrations, and/or (iv) webinars regarding the Products.

We may send promotional emails to visitors of the Website who have sent us such web forms. We may provide your information from these web forms to certain authorized resellers of our Products to communicate information to you about our Products.

We ask for and collect personal information from you when you submit web forms on our Website or as you use interactive features of the Website, including, participation in surveys, contests, promotions, sweepstakes, requesting customer support, or communicating with us.

We ask for and collect personal information such as your name, address, phone number and email address when you register for or attend a sponsored event or other events at which any member of Zscaler participates.

We also allow visitors of the Website to contact us by email with questions, comments or requests. The information collected from these emails is used to reply to such questions, comments, or requests. At times, we file a visitor's comments, so that we can improve the Website in the future.

International Transfer of Information Collected

We primarily store personal information about Website visitors and subscribers within the European Economic Area (the “EEA”), the United States and in other countries and territories. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Zscaler has operations.

If you are visiting our Website from the EEA or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal information to the United States and other jurisdictions in which we operate. By providing your personal information, you consent to any transfer and processing in accordance with this Policy.

Disclosure to Third Parties

In the course of our normal business activities, we do not share personally identifiable information about visitors of the Website with any independent third parties, other than with our agents, service providers and authorized resellers as described in the preceding paragraphs "Agents and Service Providers" and "Volunteered Information Collected on the Website." In particular, we are not in the business of selling, renting or loaning personally identifiable information to independent third parties.

Nevertheless, we may have to disclose information to third parties when required by law or under the good-faith belief that such disclosure is necessary in order to (i) conform to applicable law, (ii) comply with a subpoena, court order, or legal process served on us, (iii) establish or exercise our legal rights or defend against legal claims or (iv) to protect the property, interests, or personal safety of our agents, employees, customers or the public. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of the disclosure, and we reserve the right to not provide such notice in our sole discretion. If we become involved in a merger, acquisition, or any form of sale of some or all of our assets, we will provide notice before your personal information is transferred to a third party and becomes subject to a different privacy policy.

Your Rights to Your Personal Information

In this Policy, personal information means information relating to an identified or identifiable natural person.  An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.

You may access and receive information about the personal information we maintain about you from the Website, update inaccuracies in your personal information, and have the information blocked or deleted, as appropriate.  You may also object to our processing of your personal information collected from the Website. Please note that you may not be able to benefit from all features of the Website if you request the deletion of your personal information or object or withdraw your consent to such processing. If you would like to verify the information we have received from you or make corrections to it, you may contact us directly at privacy@zscaler.com. Requests to access, change, or remove your information will be handled within thirty (30) days.

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at privacy@zscaler.com.

Testimonials

From time to time, we may post testimonials on our Website that may contain personal information. We obtain your consent to post your name along with your testimonial. If you wish to update or delete your testimonial, you can contact us at privacy@zscaler.com.

Logs

As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Website or use our Products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, your mobile carrier, and system configuration information. Occasionally, we connect personal information to information gathered in our log files as necessary to improve our Website and Products.  In such a case, we would treat the combined information in accordance with this Policy.

Analytics

We collect analytics information when you use the Website to help us improve them. We may also share anonymous data about your actions on our Website with third-party service providers of analytics services.

Opting Out

If you have provided personal information to Zscaler and later change your mind, you may contact us to opt out of receiving such communications and have your information removed from our distribution lists by contacting us at privacy@zscaler.com or following the unsubscribe instructions in our communications. 

Links to Other Websites

The Website may contain links to other websites. We are not responsible for the privacy practices of any websites other than our own. This Policy applies only to information collected by us on the Website, and not any other third party websites. We encourage you to review the privacy statements of any such other websites to understand their information practices.

Zscaler Sharing

We may share information, including personal information, with any member of Zscaler.


End User Privacy

The paragraphs in this section “End User Privacy” provide information on how we use and process information collected about End Users of the Products. It does not cover any other data processing activities.

Zscaler is a “data processor” which processes traffic on behalf of its customer which is the “data controller”. Customers contract with Zscaler to deliver internet security services.

The term “data controller” is defined in European Union (EU) privacy legislation as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. The term “data processor” is defined as a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.

The “data controller” retains full responsibility for the data with regards to the individual(s) concerned.

EU-U.S. and Swiss-U.S. Privacy Shield Frameworks

Zscaler is a participant in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Zscaler’s commitment to the Privacy Shield Principles is described in its Privacy Shield Policy. The Federal Trade Commission has investigation and enforcement authority over our compliance with the Privacy Shield.

All legislation referred to herein requires that the relationship between a data controller and a data processor is covered by a contract before outsourcing related to the processing of personal data takes place. The purpose of the contract is to protect the interests of the data controller, who is the entity that determines the purposes and means of processing, and who retains full responsibility for the data with regards to the individuals concerned. The contract thus specifies the processing to be carried out and any measures necessary to ensure that the data is kept secure.

Zscaler Obligations 

Zscaler’s obligations may vary according to the jurisdiction of our customer and their area of business. The typical obligations to ensure compliance with the most common data privacy legislation are as follows: 

  • to comply with current EU/US data transfer principles, EU and Swiss data protection legislation or other similar national legislation as a data processor; 
  • to ensure that the data is only used for the purpose of providing our internet security service and any other purposes that are authorized and/or requested by our customer; and 
  • to keep personal data confidential.

Customer Obligations

To ensure that we process personal data in accordance with relevant privacy regulations, we will only offer our services pursuant to a contract which defines the obligations of Zscaler and our customer according to applicable privacy legislation. Our customer should always comply with relevant privacy legislation as the data controller. Zscaler does not control the sharing of personal information related to our Products; rather, this is governed by our customer (i.e. the data controller), in accordance with the customer’s privacy policy and applicable privacy legislation.

Who Should End Users Contact Regarding Privacy?

If you are an End User of the Products, you should contact our customer (usually your employer) for any information related to information held about you and the privacy policy which governs the relationship between you and our customer.

Privacy Safeguards by Zscaler

Zscaler implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction. For example, we encrypt certain sensitive personal information when we transmit such information over the Internet. We also limit access to personal data and confidential information on our systems to only those employees with a specific need to access this information.


General

Children’s Personal Information

Zscaler does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Website or Products. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through our Website or Products without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us through our Website or Products, please contact us, and we will use commercially reasonable efforts to delete that information. Subscribers are responsible for establishing policies for and compliance with applicable laws for the collection of personal information in connection with the use of our Website or Products.

How Can You Contact Us? 

If you have questions or concerns regarding this Policy, please feel free to contact us by email at privacy@zscaler.com or write to us at:

Zscaler, Inc.

Attn: Legal Department
110 Rose Orchard Way
San Jose, CA 95134, USA