Privacy Policy

Purpose

ZenBee, registered at 275 Grove St #2-400, Auburndale, MA 02466, United States, (“we”, “us”, or “our”) refers to ZenBee. This ZenBee Privacy Policy and Statement (“Privacy Statement”) describes our privacy policies and practices, how we collect, use, provide, and otherwise process Personal Data (as defined in the GDPR), and informs you of your rights and choices regarding your Personal Data.

For the purposes of this Policy, ZenBee is the controller of your Personal Data. Our affiliates, service providers, and/or other business partners may process your Personal Data as data processors on our behalf and in accordance with our instructions to assist us in meeting business operation needs and performing certain services and functions, such as engineering, sales, and marketing.

This Privacy Policy is effective as of the date first approved. We may update this Privacy Policy from time to time. We will inform you of any changes to this Privacy Policy that may significantly affect how we use or disclose your Personal Data before such changes take effect, by posting a notice on this website, unless other notice is required by applicable law. Your continued use of the Website and our Services after we have posted changes to this Privacy Policy or notified you, if applicable, constitutes your acceptance of those changes.

Covered processing activities

This Privacy Statement applies to the processing of Personal Data collected by us when you:

visit our Websites that display a link to this Privacy Statement;
visit our company pages in social networks;
visit our offices;
receive communications from us, including emails, phone calls, text messages or faxes;
use our Services as an authorized user (for example, as an employee of one of our clients who has provided you access to our Services), where we act as a controller of your Personal Data. This policy applies solely to data concerning you as a user of our Services, rather than any data we may process on your behalf (in the event that you are a data controller);
register for, attend, or participate in our events, webinars, or contests;
participate in the community and open-source development.

Our Websites and Services may contain links to other websites, applications, and services not operated by us. The information practices of these third-party sites, including the social media platforms that host our company pages, are governed by their respective privacy statements, which you should review to better understand their privacy practices.

We are not responsible for the privacy practices or the content of other such websites. Our Websites may also incorporate social media features such as Facebook, Twitter, Google+, LinkedIn, Xing, etc., buttons. These features may collect your IP address, capture the page that you are visiting on our site, and may set a cookie to enable the feature to function properly. Your interaction with these features is governed by the privacy policy of the company providing it.

Definitions

‘Authorized personnel’ means (a) ZenBee employees who need to know or otherwise need access to Personal Data for the purposes stated in this Privacy Policy on behalf of ZenBee; and (b) ZenBee contractors, agents, and auditors who need to know or otherwise need access to ZenBee Personal Information in accordance with this Privacy Policy.

‘Content’ means any information or data that you upload, submit, post, create, transmit, store, or display.

‘Device’ is any computer used to access the services, including without limitation a desktop computer, laptop, mobile phone, tablet, or other consumer electronic device.

‘Downloadable products (Chrome Extension)’ are ZenBee’s downloadable software products and mobile applications that are installed by customers on an infrastructure of their choice.

‘European Data Protection Law or GDPR’ means the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national legislation implementing the GDPR, and, if applicable, the UK Data Protection Act 2018 and the UK GDPR.

‘Personal data’ is information that can be used to readily identify or contact you as an individual, such as: name, address, email address, phone number, or other information relating to you as an identified natural person. Personal Data does not include information that has been anonymized in a way that does not allow for ready identification of specific individuals.

‘SaaS Products’ are ZenBee’s “cloud” solutions that display a link to this Privacy Policy for the avoidance of doubt.

‘Services’ refers to our SaaS products made available via our Websites and other Services provided to you by ZenBee. Unless otherwise stated, our SaaS products and our Downloadable products are treated the same and are services for the purposes of this document.

‘Usage data’ is aggregate data about a group or category of services, features, or users that does not contain Personal Data.

‘Websites’ refers to ZenBee Websites, including but not limited to ZenBee.io, and any related websites, sub-domains and pages.

‘You’ and ‘your’ refer to the individual to whom the Personal Data covered by this Privacy Policy relates.

The terms ‘controller’, ‘processor’, and consequential verbs used in this Privacy Policy have the meanings stated in the GDPR.

Personal Data we collect directly from you

Business profiles

The ZenBee platform processes and combines this information using complex Algorithms to create profiles of professionals and businesses. This information is made available to our customers and partners. This information includes, but is not limited to, name, company’s email address, job title, department, phone number, company name, company’s postal address, and employment history. Business profiles also include links to publications available in the public domain, and links to social media profiles.

ZenBee obtains data for its Business Profiles in the following ways:

Licensing of information from third-parties;

Customer information

ZenBee may collect the following information about our customers:

Personal contact information of users of our platform;
Information uploaded by a customer onto our platform;
Logs of a customer’s usage of the platform to provide a more personalized user experience, e.g., timestamps, IP address, and actions taken.

In a company that has multiple users using a company-level account, one user may have a higher level of access, which grants them access to the personal information of other users with a lower level of access. If there are any concerns about the privacy of a user’s account information at the company level, the relevant company should be contacted.

ZenBee may use customer information in the following ways:

Reaching out to users to respond to any inquires and address any concerns;
Completing transactions;
Sending administrative information;
Personalizing user experience with the platform;
Testing, developing, and improving our platform;
Reaching out to users to promote new services, promotions, and opportunities;
Investigating and prosecuting any potential breaches of ZenBee’s Terms and Conditions.

Information about Site Users

Visitors to our site may submit their name, email address, phone number, and other similar information to receive information and updates about our Services. By submitting any information through the site, the user agrees to all terms and conditions of this policy. If you do not agree to these terms, you should not use the site and delete the cookies stored in your browser.

Purchasers of our online services are required to provide credit card information. ZenBee will only use this information to fulfill your purchase request. ZenBee will store only the first four digits of the 16-digit card number for identification purposes (We are not storing credit card information even in encrypted form. It is getting stored in Stripe, a third party payment gateway trusted worldwide. We only store the first four digits of the 16 digit card number for identification purposes.).

Information received from Third Parties

ZenBee may collect personal information from our current or future affiliates, subsidiaries, or parent companies. ZenBee may use this information to enrich existing customer information and improve the accuracy of our data.

We may also receive information from third parties, such as:

Our affiliates, when it is necessary to properly provide services and/or conduct business. We may also receive system performance information from our affiliates for processing purposes.
Our authorized intermediaries, distributors, and partners, if there is a lawful basis to do so. For example, if you purchase access to the services through one of these partners.
Other third parties, such as through email campaigns, marketing partners, and publicly available sources. We may use this information to improve the information that we already maintain about you and to enhance the accuracy of our records, in addition to other purposes described in this Privacy Policy.
Social media and authentication services. We may have access to certain information from a third-party social media or authentication service if you log into our services through the service or otherwise provide us with access to information from the service. Any access that we may have to such information from a third-party social or authentication service is conducted in accordance with the authorization procedures determined by that service. By allowing us to connect to a third-party service, you permit us to access and store your name, email address(es), current city, profile picture URL, and other information that the third-party service makes available to us, and to use and disclose it in accordance with this Privacy Policy. You should check your privacy settings on these third-party services to understand and change the information sent to us through these services.

Information collected automatically

Web logs

As is true with most Websites and Services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and SaaS Products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of landing/exit pages, operating system, date/time stamp, information you search for, language settings, identification numbers associated with your devices, your mobile carrier, and system configuration information. In the case of our SaaS Product, the URLs you accessed (and therefore included in our log files) may include usernames as well as elements of content as necessary for the SaaS Product to perform the requested operations. Occasionally, we link Personal Data to information gathered in our log files as necessary to improve our Services for individual customers. In such a case, we treat the combined information in accordance with this Privacy Policy.

Analytics from the website and SaaS products

We collect analytical information when you use our Websites and SaaS Products to help us improve our Products and Services. In SaaS Products, this analytical information includes the features and functions of our Service being used, the associated license identifier (SEN), and the domain name, username, and IP address of the person using the feature (which will include Personal Data if the username includes Personal Data), the sizes and original filenames of attachments, as well as additional information necessary to detail how the feature works and what parts of our Services are affected.

Analytical information derived from content

Analytical information also consists of data we collect as a result of executing queries on Content within our user base to generate Usage Data.

Although we may encounter sensitive or Personal Data when collecting Usage Data from Content across various user instances, this is a byproduct of our efforts to understand broader patterns and trends.

Google analytics

Our Services use Google Analytics, a web analytics service provided by Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). The use includes the “Universal Analytics” operating mode. This mode facilitates the assignment of data, sessions, and interactions across multiple devices to a pseudonymous user ID, thus enabling the analysis of a user’s activities across devices. This analysis is governed by Google’s privacy statement, which you should read.

Cookie

A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We use session cookies to make it easier for you to navigate our site. The session ID cookie expires when you close your browser. Cookies enable us to track and target the interests of our users, thereby enhancing the experience on our site. Enabling these cookies is not strictly necessary for the website to function but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do so, some features of this site may not function as intended.

When you visit our Websites, we or an authorized third party may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies enable us to track usage, infer your browsing preferences, and enhance and customize your browsing experience.

Our Services and Websites utilize the following types of cookies:

Essential Cookies: These are necessary for the general functioning of our Services, such as enabling page navigation.
Preference Cookies: These cookies collect information that changes the way our Services behave or look, such as managing cache mismatches for the quality assurance toolset, saving data about pagination in tables, and recording information about sidebar state. Declining these cookies may affect your user experience.
Statistic Cookies: These cookies help us understand how you interact with our Services by collecting and reporting anonymized information, thereby improving the performance of our Services.

We may use other third-party cookies installed on our Services.

In many cases, you can opt out of the collection of non-essential device and usage data in your web browser by managing cookies at the browser or device level. However, please note that blocking or deleting cookies and similar technologies used on our Websites may prevent you from taking full advantage of the Websites.

Other tracking technologies

Cookies are not the only way to recognize or track website visitors. We may use other similar technologies from time to time, such as pixel tags (also known as web beacons or clear GIFs). These are tiny graphic files that contain a unique identifier, permitting us to recognize when someone has visited our Websites or to track the online movements of Website users. This information helps us better manage the Website by informing us what content is effective and improving the effectiveness of our marketing campaigns. Unlike cookies, which are stored on a user’s computer hard drive, pixels are embedded invisibly on Website pages. In many instances, these technologies are reliant on cookies to function properly; therefore, declining cookies will impair their functioning.

Functions of social networks

Our Websites may use social media features, such as the Facebook Like buttons, the Tweet button, and other sharing widgets (“Social Media Features”). Social Media Features may allow you to post information about your activities on our website to external platforms and social networks. They may also enable you to like or highlight information we have posted on our website or on our branded social media pages. Social Media Features are either hosted by the respective platforms or directly on our website. If Social Media Features are hosted on the platforms themselves and you access them from our Websites, the platform may receive information indicating that you have visited our Websites. If you are logged into your social media account, it is possible that the relevant social network may link your visit to our Websites with your social media profile.

We also allow you to log in to certain of our Websites using login services such as Facebook Connect. These services verify your identity and give you the option to share certain personal data with us, such as your name and email address, to pre-populate our registration forms.

Your interactions with Social Media Features and login services are governed by the privacy policies of the companies that provide them.

Connecting your ZenBee account to a third-party service provider

Certain ZenBee Services require access to the user’s email and calendar service providers. Depending on the use case, ZenBee may need to collect information related to an email account, including details from the email header, email subject, email body, and attachments. The information collected from the calendar will include meeting participants, meeting description, topic, date, and time of the meeting. Information collected from Google Accounts will comply with the Google API User Data Policy, including its limited use requirements.

Purposes for which we process Personal Data and the legal bases we rely on.

We collect and process your Personal Data for the following purposes. If required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on other permitted legal bases, including but not limited to (a) performance of a contract or (b) legitimate interests, to collect and process your Personal Data.

Visit our Websites and Services (including the functions you need for both): we process your Personal Data to perform our contract with you regarding the use of our Websites and Services and to fulfill our obligations under the applicable terms of use and service. Unless we have entered into a contract with you, we base our processing of your Personal Data on our legitimate interest to operate and administer our Websites and provide you with content that you access and request (for example, to download content from our Websites).

Promoting the security of our Websites and Services: we process your Personal Data by tracking your use of our Websites and Services, creating aggregated non-personal data, monitoring accounts and activity, investigating suspicious activity, and enforcing our terms and policies as necessary. This is essential for our legitimate interests in promoting the safety and security of our services, systems, and applications, as well as in protecting our rights and the rights of others. We also investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.

User registration management: if you have registered an account with us, we process your Personal Data by managing your user account for the purpose of performing our contract with you in accordance with the applicable terms of service.

Handling user communications and support requests: if you fill in the ‘Contact Me’ web form, submit a user support request, or contact us by other means, including a telephone call, we process your Personal Data for the performance of our agreement with you and to the extent necessary for our legitimate interests in fulfilling your requests and communicating with you.

Event registration and attendance management: we process your Personal Data to plan and manage the events or webinars for which you register or attend. This includes sending you relevant communications to fulfill our contract with you. Additionally, we send administrative information regarding the Websites and the Services, as well as updates to our terms, conditions, and policies.

Management of promotions: if you register to participate in a promotion, we process your Personal Data to perform our contract with you. Some promotions have additional rules containing information about how we will process your Personal Data.

Payment management: if you have provided us with financial information, we process your Personal Data to verify that information and receive payments, to the extent necessary to complete the transaction and perform our contract with you.

Developing and improving our Websites and Services: we process your Personal Data to analyze trends and track the use and interaction with our Websites and Services, to the extent necessary for our legitimate interests in developing and improving our Websites and Services, and providing our users with more relevant content and service offerings. Alternatively, we process your Personal Data when we require your valid consent.

Evaluation and improvement of user interaction: we process device and usage data, which in some cases may be linked to your Personal Data, to analyze trends and to evaluate and improve the overall user experience, to the extent necessary for our legitimate interest in developing and improving our service offering, or when we require your valid consent.

Verification of compliance with the applicable terms of use: we process your Personal Data to verify compliance with the applicable terms of use outlined in our client’s contract, if it is in our legitimate interests to ensure adherence to the relevant terms.

Assessment of power requirements: we process your Personal Data to assess the capacity requirements of our Services, if it is in our legitimate interests to ensure compliance with the required capacity requirements of our Services.

Identification of customer opportunities: we process your Personal Data to evaluate potential new customer opportunities, if it is in our legitimate interests to ensure that our customers’ requirements and their user experience are met.

Registration of office visitors: we process your Personal Data for safety, health, and security reasons, to register visitors to our offices, and to administer non-disclosure agreements that visitors may be required to sign. Such processing is necessary for our legitimate interests in protecting our offices, staff, and visitors, as well as our confidential information from unauthorized access.

Recording phone calls: we may record telephone calls for training, quality assurance, and administrative purposes. If required by applicable law, we will obtain your prior consent or provide you with an opportunity to opt out of recording the call.

Display of personalized advertising and content: we process your Personal Data to conduct market research, serve advertisements, provide personalized information about us on and off our Websites, and deliver other personalized content based upon your activities and interests. This processing is carried out to the extent necessary for our legitimate interest in advertising our Websites, or where necessary, to the extent that you have given your prior consent.

Sending marketing messages: we will process your Personal Data or device and usage data, which in some cases may be linked to your Personal Data, to send you marketing information, product recommendations and other non-transactional communications (e.g. marketing newsletters, telemarketing calls, SMS, or push notifications) about us and our Affiliates and partners. This includes information about our products, promotions, or events if necessary for our legitimate interests in conducting direct marketing, or to the extent that you have provided your prior consent.

Compliance with legal obligations: we process your Personal Data when cooperating with government authorities, courts, or regulatory authorities in accordance with our legal obligations under applicable law. This processing or disclosure of Personal Data is necessary to protect our rights and address legitimate interests in protection against misuse or abuse of our Websites, to protect personal property or safety, to exercise legal remedies available to us, to limit our damages, to comply with legal procedures, court orders, or legal processes, to respond to lawful requests, or for audit purposes.

ZenBee may use personal information to make inferences. ZenBee uses scoring models and algorithms to evaluate data and calculate scores that reflect buyer intent from professionals and companies, thereby facilitating customer acquisition for our clients.

If required by law, we will send you marketing information only if you have provided consent when supplying us with your Personal Data. You can opt out of receiving such emails by following the instructions in each promotional email we send you or by updating your user settings. Additionally, if at any time you no longer wish to receive future communications or want your name removed from our mailing lists, please contact us at legal@ZenBee.com. We will continue to contact you via email regarding the provision of our Services and to respond to your inquiries.

Who we share Personal Data with

We may share your Personal Data in the following ways:

Service Providers: with our contracted service providers who provide services such as IT system administration and hosting, credit card processing, research and analytics, marketing, customer support, and data enrichment. This is done for the purposes and in accordance with the legal bases described above. Such service providers include companies located in the countries in which we operate;
Affiliates: if you use our Websites to register for an event or webinar hosted by one of our Affiliates, we may provide your Personal Data to the affiliate to the extent required by the affiliate’s contract with you to process your registration and ensure your participation in the event. In such cases, our affiliate will process the relevant Personal Data as a separate controller and will provide you with additional information regarding the processing of your Personal Data as required;
Event Sponsors: if you attend an event or webinar hosted by us, or download or access a resource on our website, we may provide your personal information to event sponsors. If required by applicable law, you may consent to such distribution through the registration form or by allowing your participant badge to be scanned at a sponsor’s booth. In such circumstances, your information will be subject to the sponsors’ privacy statements. If you do not wish to have your information provided, you may opt out through event/webinar registration;
Sponsors of Promotions: with sponsors of contests or promotions in which you register;
Third-Party Networks and Websites: with third-party social media networks, advertising networks, and Websites so that ZenBee can market and advertise on third-party platforms and Websites;
Professional consultants: in certain cases, we may provide your Personal Data to professional consultants who act as service providers, processors, or joint controllers, including lawyers, bankers, auditors, and insurers based in the countries in which we operate. We share your Personal Data to the extent required by law or when we have a legitimate interest in doing so;
Third parties involved in a corporate transaction: if we are involved in a merger, reorganization, dissolution, or other fundamental corporate change, or if we sell a website or business unit, or if all or part of our business, assets, or stock is acquired by a third party, we may transfer your Personal Data as part of that transaction. In accordance with applicable law, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.

We may also share anonymous or de-identified usage data with our service providers to assist us in analysis and improvement. Additionally, ZenBee may share such anonymous or de-identified usage data on an aggregate basis in the normal course of our business; for example, we may share information publicly to show trends in the overall use of our Services.

Anyone who uses our communities, forums, blogs, or chat rooms on our Websites can read any Personal Data or other information you choose to submit and post.

For more information about the recipients of your Personal Data, please contact us at legal@ ZenBee.com.

Service providers and subcontractors

We work with third-party service providers to provide website, application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analytics, email communication, customer support services, marketing, advertising, investor relations, and other services for us. These service providers may access or process your information in order to provide these services to us.

Depending on your use of our Services and the nature of our processing activities, we may engage the following service providers who may be considered processors or sub-processors, based on the activities and the nature of the processing they perform:

Name	Services	Country	Privacy Statement and Data Processing Addendum (if applicable)
Amazon Web Services	Hosting and storage services	USA	https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf
Google	email	Global	https://policies.google.com/privacy?hl=en-US
LinkedIn Sales Navigator	Marketing activities	Global	https://www.linkedin.com/legal/privacy-policy

Social media widgets

Our Services may contain social media features, such as the Twitter “tweet” button or other. These features may collect your IP address, the page you are visiting on our Services, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the Privacy Policy of the company providing them. Additionally, where permissible according to applicable law and subject to your consent, we may share your Personal Data with social network websites, such as Facebook, LinkedIn, or Google, to generate leads, drive traffic to our Websites, or otherwise promote our Products or Services. The social network websites with which we may share your Personal Data are not controlled or supervised by us. Therefore, any questions regarding how your social network website service provider processes your Personal Data should be directed to such provider.

Disclosure by you

We may disclose your Personal Data to a third party if (a) we believe disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or government request, (b) to enforce our agreements, policies, and terms of service, (c) to protect the security or integrity of ZenBee’s Products and Services, (d) to protect us, our customers, or the public from harm or illegal activities, or (e) to respond to emergencies that we believe in good faith require us to disclose information to help prevent death or serious injury to anyone.

Disclosure of Business Profiles

ZenBee may disclose business information shared by our users in response to market research and telephone interviews conducted by our employees in our database.

Disclosure to Affiliates

ZenBee may disclose the business information of our current or future Affiliates, subsidiaries, or parent companies.

Disclosure to Service Providers

ZenBee may disclose business information to service providers solely for the purpose of providing Services. ZenBee may disclose information for the following purposes:

Processing credit card payments on our website;
Providers of cookie software installed on the site may receive information about user activities on our site.

Disclosure of legal information

ZenBee discloses collected information in good faith to a third party to fulfill lawful requests under the following circumstances:

To execute subpoenas, search warrants, or orders of government bodies;
To fulfill the requirements of national security or law enforcement agencies;
To eliminate violations of legislation;
To protect the rights and safety of ZenBee and its stakeholders;
To respond to a lawsuit.

Aggregated or anonymized data

We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.

Information we do not share

We do not share your Personal Data with third parties for their marketing purposes (including direct marketing purposes) without your permission. We will only share your Personal Data with third parties as described in this Privacy Policy. We do not sell your Personal Data or Content to third parties.

‘Do Not Track’ Requests

Our practices of gathering information will continue to operate as described in this policy, regardless of any “do not track” requests received from a user’s browser.

International transfer of Personal Data

Your Personal Data may be collected, transferred, and stored by us in the EU and by our Affiliates and third parties located elsewhere in their respective countries. Therefore, your Personal Data may be transferred outside the European Economic Area and/or Great Britain and/or Switzerland or other countries that provide an appropriate level of protection (hereinafter referred to as the Guarantee Area), subject to compliance with certain conditions set forth in current legislation. Your Personal Data will also be processed by Authorized Personnel working for us outside the Guarantee Area. This includes staff involved in, among other things, fulfilling your order and providing support Services.

Where possible, we are party to data transfer agreements/data processing addendums or equivalent legal instruments with each of our service providers and group members. We will (i) keep each document up-to-date in accordance with applicable law, and (ii) participate in transfers of personal information from the Guarantee Area to outside the Guarantee Area in accordance with such an agreement or by an alternative transfer method in accordance with data protection legislation.

If we transfer your Personal Data as described above, we will take steps to ensure that your Personal Data receives adequate security protection during processing and that your rights continue to be protected under applicable data protection laws, including the use of Standard Contractual Provisions approved by the European Commission.

Data storage and security

We retain your Personal Data for as long as is reasonably necessary to provide the Services and complete the transactions you have requested, to comply with our legal obligations, or for other legitimate business purposes. These purposes include maintaining business and financial records, resolving disputes, maintaining security, detecting fraud and abuse, enforcing our agreements, and other activities. At the end of the relevant retention period, your Personal Data will be anonymized and/or deleted.

The security of your Personal Data and our clients’ information is important to us. We adhere to generally accepted industry standards to protect the Personal Data provided to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Although we make reasonable efforts to protect your Personal Data, no security system is impenetrable. Due to the inherent nature of the Internet as an open global communication medium, we cannot guarantee that information, during transmission over the Internet or while stored on our systems or otherwise in our care, will be completely secure from intrusion by others, such as hackers. Additionally, we cannot guarantee that any third-party Personal Data you choose to store on our Websites or SaaS Products will be maintained at levels of protection to meet specific needs or obligations you may have regarding that information. If you have any questions about security on our Websites or within our Products and Services, you can contact us at support@ZenBee.com.

When data is transmitted over the Internet as part of a website or SaaS product, it is encrypted using industry-standard SSL (HTTPS).

ZenBee implements an information security management system (hereinafter ISMS), which adopts a comprehensive approach to information protection. The ISMS provides the framework within which we conduct various tasks necessary to maintain and improve the program. It consists of a set of policies and procedures designed to help ZenBee manage our confidential information in a formal and systematic manner.

ISMS performs the main tasks:

Risk management
Verification of specialists before hiring
Protection of critical assets
Program protection
Cloud security
Security of end devices
Physical security
Data protection and encryption
Network and infrastructure security
Access management
System development life cycle and application security
Vulnerability management
Suspicious activity management
Incident management
Penetration testing
Tracking and monitoring of new vulnerabilities.

California Consumer Privacy Act Notice

Our Website and Services collect information that identifies, relates to, describes, refers to, or is capable of being associated with, or could reasonably be linked, directly or indirectly, to a specific consumer or household (“Personal Data”). In particular, over the past twelve (12) months, we have collected the following categories of personal information:

Category	Examples
A. Identifiers	Full name, Email address, ZenBee Account Password.
B. Categories of Personal Information Listed in the California Customer Enrollment Service Statute (California Civil Code, § 1798.80(e))	Full name, Telephone number, Company Name, Role (Job Title), Department, Company Domain Name, Company No. Employees, Work Number.
D. Commercial information	None
F. Internet or Network Activity	Information about the User’s interaction with the Website, application or advertisement.
G. Geolocation data	None
I. Professional or work-related information	None

We obtain the categories of Personal Information listed above from the following sources:

Directly from you, for example, from forms you complete or Products and Services you use and/or purchase.
From your activity on our website, capturing information provided directly by you.

We do not intentionally collect the following categories of Personal Data:

Category C: Protected classification characteristics under California or federal law, such as age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including sex, gender identity, gender expression), pregnancy or childbirth and related medical conditions, sexual orientation, veteran or military status, genetic information (including family genetic information).
Category E: Biometric Information, which includes genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
Category H: Sensory data, such as audio, electronic, visual, thermal, olfactory or similar information.
Category J: Non-public education information directly related to a student and maintained by an educational institution or party acting on its behalf, including grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
Category K: Inferences drawn from other personal information to create a profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Personal information does not include:

(i) publicly available information from government records;
(ii) de-identified or aggregated information about the Consumer;
(iii) information excluded from the scope of the CCPA, including:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), or clinical trial data;
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), the California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994 year.

We may use or disclose the Personal Information we collect for one or more of the legitimate business purposes.

California Privacy Rights.

To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the Personal Information we collect:

The right to know what Personal Information we have collected, and how we have used and disclosed that Personal Information;
The right to request deletion of your Personal Information;
The right to be free from discrimination relating to the exercise of any of your privacy rights.

Exercising Your Rights.

California residents can exercise the above privacy rights by contacting us at legal@ ZenBee.com.

To protect your Personal Information from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information for verification. If we cannot verify your identity, we will not provide or delete your Personal Information.

You may also submit a request to know or a request to delete your Personal Information through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us.

Without limiting our ability to disclose information for purposes of the California Consumer Privacy Act, we do not and will not sell your Personal Data.

Use of the ZenBee website outside of the United States

We may store customer personal information outside the United States, either within the United States or in another country where our service providers may operate. The laws regarding personal information in these countries may differ from those of the US.

This section applies to persons in the European Economic Area (EEA), the United Kingdom (UK), and/or Switzerland.

Legal basis for processing

Our legal basis for processing Personal Data includes: (i) consent; or (ii) any other applicable legal basis, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of our services, preventing fraud, ensuring information and network security, direct marketing and advertising, and compliance with industry practices.

Your Rights

As a data subject, you have:

Right of Access (Art 15 GDPR): If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of the Personal Data along with certain other details.
Right to Rectification (Art 16 GDPR): If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we have shared your Personal Data with others, we will inform them about the correction where possible.
Right to Erasure (Art 17 GDPR): You may ask us to erase your Personal Data in certain circumstances, such as where we no longer need it or you withdraw your consent. If we have shared your Personal Data with others, we will notify them of the need for erasure where possible.
Right to Restriction of Processing (Art 18 GDPR): You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will notify you before we lift any restriction on processing. If we have shared your Personal Data with others, we will inform them about the restriction where possible.
Right to Data Portability (Art 20 GDPR): You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that we processed with automated means. We will give you your Personal Data in a structured, commonly used, and machine-readable format. You may reuse it elsewhere.
Right to Object (Art 21 GDPR): You may ask us at any time to stop processing your Personal Data, and we will do so:
- if we are relying on a legitimate interest to process your Personal Data – unless we demonstrate compelling legitimate grounds for the processing, or your Personal Data is needed to establish, exercise, or defend legal claims;
- or in certain circumstances, if we are processing your Personal Data for direct marketing.
Right to Withdraw Consent (Art 7 (3) GDPR): If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time, but this will not affect any processing of your data that has already taken place.
Right to Make a Complaint with the Data Protection Authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.

You can contact us at legal@ZenBee.com to exercise your rights. ZenBee will be responsible for responding to your requests, in accordance with the GDPR.

Sensitive personal information

“Confidential Personal Information” refers to information about an individual that reveals his or her racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, health information, or information about an individual’s sexual life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information, protected health information (as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA)), or special categories of Personal Data as defined in Article 9 of the GDPR) from individuals through our Services. You must not provide us with sensitive personal information or any protected health information through our Services. However, if you accidentally or intentionally send or transmit sensitive personal information and/or protected health information to us, you are deemed to have given your express consent for us to process such information in the context of providing you with the Services, or, where applicable, for employment purposes.

Privacy of children

ZenBee is designed for users aged 18 and over. We also do not intend to collect information about persons under the age of 18. No personal information should be provided to ZenBee about persons under the age of 18. If we inadvertently collect personal information from persons under the age of 18, we will take the necessary steps to delete that information as soon as possible. If you have reason to believe that our website contains personal information of a person under the age of 18, you may notify us by emailing legal@ZenBee.com.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes to our information practices. We will provide notification of any material changes to this statement through the Company’s Websites or via email to our customers prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

You also have the right to lodge a complaint with a supervisory authority if you believe that your Personal Information has been mistreated.

Contact Us

You can contact us with any questions related to this Privacy Policy by emailing us at legal@ZenBee.com.

Effective Date

This policy became effective on February 1, 2024.

The policy was last revised on July 8, 2024.

Review History

Version	Author / Reviewer	Comments	Date	Approval	Approval date
v1.0	CISO	Revision	07/08/2024	CEO	07/08/2024