Last updated on March 27, 2020
PLEASE READ AND MAKE SURE YOU UNDERSTAND THIS PRIVACY NOTICE (THE “NOTICE”). BY ACCESSING AND INTERACTING WITH THE SERVICE, YOU CONSENT TO THIS NOTICE. IF YOU DO NOT WISH TO BE BOUND BY THIS NOTICE, PLEASE DISCONTINUE YOUR USE OF THE SERVICE IMMEDIATELY.
ZEPL services, including (without limitation) our website, data analytics platform, and other interactive properties through which the services are delivered (collectively, the “Service”) are owned, operated, and distributed by Zepl Inc. (the “Company”, “ZEPL,” “we,” “our” or “us”). This Privacy Notice outlines how ZEPL collects, stores, uses, and discloses personal information from and about our users (“you” or “your”) in connection with the Service. Any reference to “you” or “your” in this Notice also includes the organization on whose behalf you are accessing the Service (the “Organization”).
ZEPL encourages our customers, visitors, business associates, and other interested parties to read this Privacy Notice, which applies to all users. As previously stated, by using our Service or submitting personal information to ZEPL by any other means, you acknowledge that you understand and agree to be bound by this Privacy Notice, and agree that ZEPL may collect, process, transfer, use, and disclose your personal information as described in this Notice. Further, by accessing any part of the Service, you are agreeing to OUR TERMS AND CONDITIONS. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY NOTICE OR OUR TERMS AND CONDITIONS, PLEASE DO NOT USE ANY OF THE SERVICES.
What personal information does ZEPL collect about you?
Personal information (also commonly known as personally identifiable information (PII) or personal data) is information that can be used to identify you, or any other individual to whom the information may relate. The personal information that we collect directly from those registering for the Service, may include the following categories:
- Name, contact, and background information (e.g. address; phone number; email, fax, photo, brief personal description);
- Billing Information (e.g. credit card, bank account, billing contact information);
- Order/service Information (e.g. current account/service information, purchase history);
- Information about your company/employer and co-workers interested in the Service;
- Information contained in posts you make on the public forums and interactive features of the Service (“User Generated Content” as described in the next section);
- Usage data as described in the below section on cookies and device data.
- Other information that may be exchanged in the course of engaging with the Service. You will be aware of any subsequently collected information because it will come directly from you.
In addition to the above information collected directly from you, while using the Service or registering for a ZEPL account, you may choose to share personal information with us that permits ZEPL to obtain additional personal information from third parties, including the following:
- If you sign up for a ZEPL account with a third-party service such as Google, that third party service may share personal information with us as described by that service.
- As part of the functionality of the Service, you may choose to connect or upload from a third-party service your data, data sources, data process and other information to the Service to create charts, graphs and reports.
- You may grant us access to your Amazon Web Services Virtual Private Cloud.
- If another user from your Organization invites you to the Service, we will collect the personal information that such user shares with us for the purpose of inviting you to the Service.
Please note that you should not submit to ZEPL any sensitive personal information relating to your (i) racial or ethnic origin (ii) political beliefs (iii) philosophical or religious beliefs (iv) membership of a trade union or political party (v) physical or mental health or genetic makeup (vi) addictions, sexual life or (vii) the commission of criminal offences or proceedings and associated penalties or fines, unless you have previously sent to us your written consent that we may process such personal information, if ZEPL determines consent to be a requirement of applicable law. If you provide such sensitive personal information to ZEPL, that personal information will be promptly deleted.
Collection of User Generated Content
We may invite you to post content on the Service, including your comments and any other information that you would like to be available on the Service, which may become public (“User Generated Content”). For example, you may choose to share one or more of your “notebooks” with other users. If you post User Generated Content, all of the information you post will be available to authorized personnel of ZEPL and may also be publicly available on the Service. As such, you should exercise caution when deciding which personal information to disclose. Further, you expressly acknowledge and agree that we may access in real-time, record, and store archives of any User Generated Content on our servers to make use of them in connection with the Service. If you submit a review, recommendation, endorsement, or other User Generated Content through the Service, or through other websites including Facebook, Instagram, Google, Yelp, and other similar channels, we may share that review, recommendation, endorsement or content publicly on the Service.
How does ZEPL use personal information?
Subject to the terms of this Privacy Notice, ZEPL uses the above described categories of personal information in several ways. Unless otherwise stated specifically, the above information may be used for any of the following purposes:
- to administer the Service to you;
- to provide the functionality of the Service, such as allowing you to create charts, graphs and reports based on the data you upload to or share with the Service;
- to customize the content you see when you use the Service;
- to respond to your requests;
- to distribute communications relevant to your use of the Service, such as system updates or information about your use of the Service;
- as may be necessary to support the operation of the Service, such as for billing, account maintenance, and record-keeping purposes;
- to send to you ZEPL solicitations, product announcements, and the like that we feel may be of interest to you (you may “opt out” of receiving these marketing materials);
- to analyze, operate and improve the Service and services offered thereon;
- to enforce this Notice, our Terms and Conditions or another agreement you may have with ZEPL;
- in other manners after subsequent notice is provided to you and/or your consent is obtained, if necessary.
ZEPL does not sell, re-sell, or distribute for re-sale your personal information.
How does ZEPL share personal information with third parties?
We may provide any of the above described categories of personal information to ZEPL employees, consultants, affiliates or other businesses or persons for the purpose of processing such information on our behalf in order to provide the Service to you. For example, we may share certain personal information with third-party vendors who supply software applications, web hosting, payment processing, and other technologies for the functionality of the Service. We will only provide these third parties with access to personal information that is reasonably necessary to perform their work or comply with the law. We take reasonable measures to ensure those third parties are obligated to standards consistent with this Notice and not to use or disclose such personal information for any other purpose except to provide the functionality of the Service.
We will not share your personal information with other, third-party companies for their commercial or marketing use without your consent or except as part of a specific program or feature for which you have the ability to opt-in or opt-out.
In addition, we may share personal information (i) to the extent we have a good-faith belief that such action is necessary to comply with any applicable law, enforce any provision of the Terms and Conditions, protect ourselves against any liability, defend ourselves against any claims, protect the rights, property, and personal safety of any user, or protect the public welfare; (ii) when disclosure is required to maintain the security and integrity of the Service, or to protect any user’s security or the security of other persons, consistent with applicable laws (iii) to respond to a court order, subpoena, search warrant, or other legal processes, to the extent permitted and as restricted by law; or (iv) in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of our assets.
How does ZEPL store and retain personal information?
Please note that we generally retain personal information about our users as long as necessary to provide the functionality of the Service, as instructed by users or otherwise as required by law. This may require that we retain your personal information after your account has been terminated for the period of time needed for us to pursue legitimate business interests, conduct audits, comply with and demonstrate compliance with legal obligations, resolve disputes and enforce our rights. If you would like to access your information or would like us to delete or modify your information, you may contact us by email at firstname.lastname@example.org. However, we may also keep your personal information as otherwise required by law.
To continue to improve the Service, we may anonymize your personal information in a way that does not personally identify you and store such anonymized information perpetually. For example, ZEPL will retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Service, or we are legally obligated to retain this data for longer periods
We store and process certain personal information on servers in many countries around the world. We may store and process your personal information on a server located outside the country where you live. If you are a resident of a country other than the United states, in particular European Union (“EU”), United Kingdom (“UK”), or Switzerland, please see the section below about international data transfers.
Cookies, Device Data, and How it is Used
When you use our Service, we may record unique identifiers associated with your device (such as the device ID and IP address), your activity within the Service, and your network location. ZEPL uses aggregated information (such as anonymous user usage information, cookies, IP addresses, browser type, clickstream information, etc.) to improve the quality and design of the Service and to create new features, promotions, functionality, and services by storing, tracking, and analyzing user preferences and trends. Specifically, we may automatically collect the following information about your use of Service through cookies, web beacons, and other technologies:
- domain name
- browser type and operating system
- web pages you view
- links you click
- IP address and other unique device identifiers (including mobile device identifiers that may identify physical location of such devices)
- the length of time you visit the website, and/or Services
- the referring URL or the webpage that led you to the Services
We may also collect information regarding application-level events, such as crashes, and associate that temporarily with your account to provide customer service. In some circumstances, we may combine this information with personal information collected from you (and third-party service providers may do so on behalf of us).
In addition, we may use “cookies,” clear gifs, and log file information that help us determine the type of content and pages to which you link, the length of time you spend at any particular area of the Service, and the portion of the Service you choose to use. A cookie is a small text file that is sent by a website to your computer or mobile device where it is stored by your web browser. A cookie contains limited information, usually a unique identifier and the name of the site. The cookies we utilize for the Service include:
- Essential cookies: We use essential cookies to provide the functionality of the Service. For example, these cookies enable you to log-in to your registered ZEPL account. Because such cookies are necessary to deliver the Service to you, you will not be able to use the Service without them.
- Analytics cookies: We also use third-party vendors, including, but not limited to, Google Analytics, Datadog, and Intercom, which allow us to collect data about our users through cookies. We do this to understand how you interact with the Service, and to better tailor the Service to you. Please note that your personal information may be shared with such third parties for the purpose of providing us with such analytics services. We encourage you to view the respective policies of such third parties to learn more about how they collect and retain your personal information.
Your browser has options to accept, reject or provide you with notice when a cookie is sent. Our cookies do not execute any code or virus; and they do not contain any personal information. Cookies allow ZEPL to serve you better and more efficiently, and to personalize your experience with the Service.
How does ZEPL secure personal information?
Personal information provided by you is protected by the login and password you create when registering to use the Service. Please understand that you can help prevent the unauthorized disclosure of personal information by choosing and protecting your password appropriately. You can also help prevent unauthorized disclosure by not sharing your password and preventing others from using your computer or mobile device.
We employ commercially reasonable security measures designed to protect the security of all information submitted through the Service. However, the security of information transmitted through the internet or via a mobile device can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Service are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password protected or secure areas of the Service. In order to protect you and your information, we may suspend your use of any of the Service, without notice, pending an investigation, if any breach of security is suspected.
International Data Transfer
If you are located in EEA, the General Data Protection Regulation (“GDPR”) grants you certain rights under the law. In particular, the right to access, correct, and delete the personal information we hold about you. ZEPL will retain your personal information for the length of time you engage with the Service as described in the retention section of this Notice, unless you request deletion of such personal information.
In certain circumstances, you have the following data protection rights:
- The right to access, update or delete the personal information we have on you.
- The right of rectification. You have the right to have your personal information rectified if that information is inaccurate or incomplete.
- The right to object. You have the right to object to our processing and onward transfer of your personal information.
- The right of restriction. You have the right to request that we restrict the processing of your personal information.
- The right to data portability. You have the right to be provided with a copy of the personal information we have on you in a structured, machine-readable and commonly used format.
- The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
In order make a request regarding your personal information, please contact email@example.com.
Privacy Shield Participation
ZEPL participates in, and complies with, the EU-US and the Swiss-US Privacy Shield Framework regarding the collection, use, sharing, and retention of personal information collected from users in the EU and Switzerland (“Privacy Shield”). Our participation in Privacy Shield applies to all personal information that is subject to this Notice and is received from the EU or Switzerland. If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern as they apply to such personal information. To learn more about Privacy Shield, please visit here. To view a list of companies that have certified that they adhere to the Privacy Shield Principles, please visit here. If you have a Privacy Shield-related question or complaint, please contact us at firstname.lastname@example.org.
As a part of our participation in Privacy Shield, if you have a dispute with us about our adherence to the Privacy Shield Principles that cannot be addressed by contacting email@example.com, we will seek to resolve it through JAMS, an independent alternative dispute resolution body based in the US. To make a claim with JAMS under the Privacy Shield Principles, please visit here. In addition, in certain circumstances, you may have the right to invoke binding arbitration under Privacy Shield, as described in Annex I to the Privacy Shield Principles, which can be found here.
As a Privacy Shield participant, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission and other authorized statutory bodies. Under certain circumstances, we may be liable for the transfer of personal information that we receive and subsequently transfer to a third party, as described in the Privacy Shield Principles.
As described in this Notice, we may share personal information with third parties and may be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Legal Basis for Processing under GDPR
If you are from the EEA, our legal basis for collecting and using the personal information described in this Notice depends on the personal information we collect and the specific context in which we collect it. We may process personal information because:
- We need to perform a contract with you;
- You have given us consent to do so;
- The processing is in our legitimate interest to offer the Service, when that legitimate interest is not overridden by your rights;
- To comply with the law.
Where personal information is processed based on consent, EU residents have the right to withdraw such consent at any time. To do so, please contact us as described in this Notice. If there is a different legal basis that would permit us to continue processing your personal information after withdrawing consent, we will notify you of that legal basis at the time of your request.
California Privacy Rights
If you are a California resident, California law may provide you with certain rights with regard to your personal information under the California Consumer Privacy Act (“CCPA”). Throughout this Privacy Notice you will find information required by CCPA regarding the categories of personal information collected from you; the purposes for which we use personal information, and the categories of third parties your data may be shared with. This information is current as of the date of the Notice and is applicable in the 12 months preceding the effective date of the Notice.
As a California resident, the CCPA provides you the ability to make inquiries regarding to your personal information. Specifically, the degree to which the information is not already provided in this Privacy Notice, you have the right to request disclosure about the collection and use of your personal information over the past 12 months, including:
- The categories of personal information collected about you.
- The categories of sources for the personal information collected about you.
- The business or commercial purpose for collecting your personal information.
- The categories of third parties with whom your personal information was shared.
- The specific pieces of personal information collected about you.
- If your personal information was disclosed for a business purpose, the personal information categories disclosed and the categories of third parties to which the information was disclosed.
- If your personal information was sold in the past 12 months, the personal information categories sold and the categories of third parties to which the information was sold (Note: ZEPL DOES NOT SELL YOU PERSONAL INFORMATION).
Please note that you may only make the above requests twice in a 12-month period. You also have the right to request that any of your personal information collected and retained be deleted, subject to certain exceptions. Finally, you have the right to not receive discriminatory treatment by ZEPL or any business for exercising any of the rights provided under CCPA.
If we receive a CCPA request from you, we will first make a determination regarding the applicability of the law, and we will then take steps to verify your identity prior to responding. The steps to verify your identity may vary based on our relationship with you, but, at a minimum, it will take the form of confirming and matching the information submitted in the request with information already held by ZEPL and/or contacting you through previously used channels to confirm that you submitted the request (i.e. confirming identity through contact information that we have on file, not the contact information submitted to make the request).
Your rights as stated here can also be exercised by an authorized agent on your behalf. ZEPL will follow the standards set by the Attorney General of California regarding designation of an authorized agent to exercise rights under CCPA. You may review information available through the Attorney General website (https://www.oag.ca.gov/privacy/ccpa) regarding how an individual can be designated as an authorized agent under CCPA.
In addition to CCPA, California Civil Code Section 1798.83 permits users of the Website who are California residents to request certain information regarding its disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us as described here.
Links to External Websites
The Service may contain links to other websites maintained by third parties. Please be aware that we exercise no control over linked sites and ZEPL is not responsible for the privacy practices or the content of such sites. Each linked site maintains its own independent privacy and data collection policies and procedures, and you are encouraged to view the privacy policies of these other sites before providing any personal information.
You hereby acknowledge and agree that ZEPL is not responsible for the privacy practices, data collection policies and procedures, or the content of such third-party sites, and you hereby release ZEPL from any and all claims arising out of or related to the privacy practices, data collection policies and procedures, and/or the content of such third-party sites.
Third Party Advertisers
The Service is not intended for children under the age of 13, and ZEPL does not knowingly collect the personal information of children under the age of 13.
Changes to This Notice
ZEPL reserves the right to modify this Privacy Notice from time to time in order that it accurately reflects the regulatory environment and our data collection principles. When material changes are made to this Privacy Notice, ZEPL will post the revised Notice on our website. The revisions will be effective upon our posting updates to this website, and if you access the Service after a revision is posted, your use will constitute acceptance of the revision. This Privacy Notice was last modified as of the date indicated at the top of the page.
If you have any questions concerning this Notice or the Service, please contact us at firstname.lastname@example.org.