This Privacy Policy applies to the use of Zelo, Inc.’s website and employee communication platform (“Platform”), which enables a company (“Customer”) to communicate more effectively with you, other employees, or authorized individuals (“Recipients”) through your preferred channel of communication. This Privacy Policy describes how we collect, use, disclose, transfer and store personal data on our website and through our Platform.
(Last updated: October 1st, 2022
We collect different types of personal data through our Platform and website. Recipients and Customers may share personal data with the Platform during registration and communications or by uploading content to our Platform.
Account registration: Basic account information that you or Customer provide to us to initiate an account, include your name and email address, browser type, and IP address. This information is also collected for anyone visiting Zelo by logging in. Other information collected may include your language, subscription, or notification preferences, assigned privileges, your role or job title within Customer and dates, such as your work anniversary or birthday. Some of this information may be optional, collected or added at a later date, or not collected at all.
Other optional information: You may, optionally, choose to provide additional information.
Platform content: You can post, upload and share content through the Platform and provide other information such as when you fill out a form, respond to a survey, or use the Platform to send emails or other communications. In addition, Customer can create communications campaigns and share content with you through the Platform.
Metrics, maintenance and analytics: When you access or use the Platform, we may collect certain information automatically about your device and your use of the Platform. This will include IP addresses, browser types, log files, and other information regarding your system and connection. We collect information about how you access and use the Platform, such as what pages are viewed, when the profile was registered and what portions of the Platform are used. We also collect metrics related to comments, total posts that you viewed, shared, and submitted, and other activities you conduct through the Platform. This information is collected automatically through the use of various commonly used information-gathering technologies, including cookies and web beacons. Some of these cookies and web beacons can be turned off through your website browser; however, on a mobile device, including our mobile apps, you may not be able to turn them off.
Our Platform, by default, does not process sensitive data and you should not provide information regarding an individual’s financial, medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other legally protected sensitive or special categories of data. In specific situations the Customer may direct us to process sensitive data.
If a User uploads files, they are stored on servers handled by AWS in Frankfurt and are encrypted with Secure Sockets Layer (SSL) / Transport Layer Security (TLS) during transfer.
We use your personal data is to provide and improve the Service, and to develop new products and services. Some examples of these uses, as part of our legitimate interests to provide, operate and maintain the Platform, include:
In addition, Customer’s specific privacy policy (if one exists) will determine how information collected through the Platform may be used.
We will only share and disclose your information according to the Customer’s instructions or in furtherance of your request, for instance when you decide to share information within or outside the Platform. Examples include:
We will retain information collected according to the Customer’s instructions, and as required by applicable law. Upon termination of our contractual relationship with Customer, we will delete all personal data stored in our servers and backups within 90 days. If you stop working for or with the Customer, the Customer may suspend your User account and/or delete any information associated with your User account, in accordance with such Customer’s own data retention policy.
The California Consumer Privacy Act, (Cal. Civ. Code § 1789.100 et seq., “CCPA”) gives California residents certain data rights, with regard to how their personal information is collected and used. Zelo upholds the requirements of the CCPA for California residents including (and in addition to the descriptions of how we handle your data described elsewhere in this Policy) the following:
We are committed to collecting and processing personal data responsibly and in compliance with the applicable data protection laws in all countries in which we do business. Our goal is to apply data protection standards established on the basis of internationally accepted data protection principles supporting an effective protection of personal data we process. In addition to upholding your rights set forth under the GDPR and CCPA, we will consider other applicable data privacy laws and comply where necessary. We reserve the right to evaluate any request against the governing data privacy law.
Zelo contains links to other websites. We are not responsible for the privacy practices of other websites. We encourage Recipients to be attentive as they leave our pages and to read the privacy policy of all websites that collect personally identifiable information. This Privacy Policy applies only to information collected by Zelo.
Zelo operates according to industry standards with strict security measures to protect against loss, misuse, and alteration of the information stored with us. We conduct information risk assessments and work to ensure that our staff understands the importance of protecting personal data. We include both physical security and IT security in our overall data security procedures. We will provide support to Customers in their duty to notify Recipients and regulatory authorities, as required by law, when personal data has been stolen, disclosed, altered or infringed by an unauthorized person. Please be aware that email and instant messaging are not considered secure communications, we ask that you do not send sensitive personal information to us via email or through messaging services. If you have questions or concerns regarding this policy or if you are aware of a potential breach, please contact us at notice@zeloapp.com.
When using the platform your personal data may be stored and processed by us in the United States, if you are a Zelo Inc customer. To provide appropriate safeguards for personal data we receive from the European Economic Area (EEA), United Kingdom (UK), and Norway, we are certified under the Privacy Shield framework.
Currently our primary production data center is located in the European Economic Area. Our staff that oversee, manage, and support those data centers (including having access to the data) are located primarily in the European Economic Area.
For personal data we receive from the EEA, UK and/or Switzerland, Zelo stores the personal data within the European Economic Area and does not transfer the data out from that area.
Zelo acknowledges its commitment to comply with the EU – U.S. and Swiss – U.S. Privacy Shield Principles (“Principles”) for all Personal Data received from the EU, UK, or Switzerland in reliance on the Privacy Shield. Zelo will collect, use, and disclose Personal Data received from the EU, UK, or Switzerland only in accordance with this Privacy Policy and the Principles, or as required by law. For Purposes of Privacy Shield compliance enforcement, Zelo acknowledges that it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC). Zelo also complies with the Privacy Shield Principle regarding liability for onward transfers. To learn more about the Privacy Shield program, and to view Zelo’s certification, please visit https://www.privacyshield.gov.
If you are located in the EEA, UK, or EU you have certain privacy rights recognized under the General Data Protection Regulation (GDPR), for instance the right to request access to information, rectification, or erasure.
This section explains how Zelo assists Customer in fulfilling your privacy rights established under the General Data Protection Regulation (GDPR). We only complete the actions below when they are approved by Customer.
You have the right to demand access, rectification or deletion of the Personal Data we process about you. You also have the right to demand limited processing, object to the processing and demand the right to data portability. You may at any time withdraw your consent to the processing of Personal Data with us. You can read more about the content of these rights on the Norwegian Data Protection Authority´s website: https://www.datatilsynet.no/en/ Your consent to the processing of Personal Data is a prerequisite for the use of our services.
Customer controls the information collected when you interact with the Platform, and accordingly is the entity responsible for attending to your data privacy rights and defining the legal grounds for the processing. To that end Customer will provide you with its specific privacy policy defining what are your choices and how you can exercise your rights. Once Customer approves your request, we will support in completing the following actions:
Right to access and correct your personal data: You and Customer may access, or correct, information you have uploaded to the Platform by using the tools within the Platform. If you do not see the tools within the Platform, you should contact Customer directly. Changes on the Platform take immediate effect on your specific network, but data will be retained by us in our backup systems for a commercially reasonable amount of time, typically 90 days.
Account closure and right of erasure: If you would like to stop using the Platform, you should contact Customer. Similarly, if you stop working for or with the Customer, the Customer may suspend your User account and/or delete any information associated with your User account according to its privacy policy. In addition, you can also request to Customer:
Information viewable by Recipients within the Platform will be deleted within 30 days upon receiving your request, in any case complete removal of data stored on our backup systems, will happen in a commercially reasonable period of time, typically 90 days.
Right of objection and restriction: You have the opportunity to elect whether you would like to receive certain correspondences from us or opt out of Zelo’s promotional emails. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your relationship, transactions, and communications related to the Platform, unless your account is deleted.
Our legal grounds for collecting and using your personal data as described in this Privacy Statement fall into the following four categories.
Consent: In some cases, we ask you for your consent to process your personal data, such as when we need your consent for marketing purposes. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. If you would like to withdraw your consent, you can do so by contacting us as provided in the How to Contact Us section below.
Legitimate Interest: We process certain data for the legitimate interests of Workday, our affiliates, our partners, or our customers. These legitimate interests include, for example, contacting you to provide support or sending you marketing information (subject to applicable law); detecting, preventing, and investigating illegal activities and potential security issues; and maintaining and improving the Website and mobile applications. We will rely on our legitimate interests for processing personal data only after balancing our interests and rights against the impact of the processing on individuals.
Performance of a Contract: Sometimes we process personal data to perform our obligations under an agreement with you
Other Legal Bases: In some cases, we may have a legal obligation to process your personal data, such as in response to a court or regulator order. We also may need to process your personal data to protect vital interests, or to exercise, establish, or defend legal claims.
If you or Customer believes that we do are not complying with our privacy policy, or have any issue or concern you can submit a complaint with us and we will respond to you within 45 days. To that end please contact us in writing and provide your identification and contact details, name or domain of Customer and a complete explanation of your concern.
In compliance with the Privacy Shield Principles, Zelo commits to resolve complaints about our collection or use of your personal information.
EU and Norwegian individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Zelo at notice@zeloapp.com or contact us at:
Zelo, Inc.
Attn: Privacy Office
470 Ramona St
Palo Alto CA 94301
U.S.A.
Zelo has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.
In the event that you cannot fully resolve your complaint through the Department of Commerce, it is possible that you may use binding arbitration as a final resort. For more information on how to invoke arbitration under the Privacy Shield Framework, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If applicable, you may also contact the Norwegian Data Protection Authority. You can find information on how to contact the Norwegian Data Protection Authority on their website: https://www.datatilsynet.no/en/
Zelo uses infrastructure services with their own governing data processing agreements with Amazon Web Services, and an array of third party vendors. All competence to administer these services exist and in the rare occasions external consultants are used the actions are logged and regulated by our internal security instructions. We only use servers governed by the European internal market and the EU-US Privacy Shield.
Zelo does not knowingly solicit or collect personal data from children under the age of 13, and the Platform is not directed at children under the age of 13.
We store specific information from your browser using cookies. Cookies are data stored on your computer that are associated with user information. We use persistent cookies to create site usage statistics on the Service. Persistent cookies are stored on your computers for an extended period of time. This information is not personally identifiable.
We may update this Privacy Policy from time to time. When we update this Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy online, make it available through the Platform, and when we make large changes, communicate it to the Customer. The Customer will be responsible for notifying you, and may elect to do so through the Platform, or we will notify you if the Customer instructs us to do so. Your continued use of the Service implies acceptance of these changes.
If you have any questions about this policy or concerns regarding the use or disclosure of your personal data through the Platform, you can contact us by sending an email to notice@zeloapp.com or by contacting us at:
Zelo, Inc.
Attn: Privacy Office
470 Ramona St
Palo Alto CA 94301
U.S.A.
or for Customers in the EU, EAA and Switzerland:
Zelo AS
Attn: Privacy Office
Breitorget 7
4006 Stavanger
Norway
Please provide your identification and contact details, name or domain of Customer and a complete explanation of your concern.
To communicate with our Data Protection Officer, please email notice@zeloapp.com.