Due to the global nature of the Zmags Services, our privacy practices may vary among the states, countries and regions in which we operate in order to comply with applicable legal requirements.
PRIVACY SHIELD NOTICE: We are in the process of submitting our certification of compliance with the EU-U.S. and Swiss-U.S. Privacy Shield with respect to the personal data of users of the Zmags Services who are residents of the EU, EEA or Switzerland that we receive and process through the Zmags Services. We certify that we adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement (hereinafter, “Privacy Shield Principles”) for individuals in participating European countries whose personal data is processed through the Zmags Services. Once complete, our Privacy Shield certification will be available here. We may also process personal data submitted relating to individuals in Europe via other compliance mechanisms, including use of the European Union Standard Contractual Clauses or Binding Corporate Rules.
The Zmags Services gather certain information automatically, some of which may be considered personal information under applicable law.
We may collect, among other things, the following types of information:
We may also collect information, including personal information, in the following situations:
Zmags Services may use the information, including personal information, collected in connection with the Zmags Services for the purpose of providing the Services to our customers, as well as for supporting our business functions, such as fraud prevention, marketing, analytics and legal functions, and other legitimate purposes.
To the extent permitted by applicable law and, for customer data, as permitted by our customer agreements, we may use information collected in connection with our Services:
Aggregate Information. To the extent permitted by applicable law, we may use, process, transfer, and store any data about individuals and customers or partners in an anonymous (or pseudonymous) and aggregated manner. We may combine personal information with other information, collected online and offline, including information from third party sources. We may also use information in other ways with consent or as permitted by applicable law. By using the Zmags Services, our customers agree that we are hereby licensed to collect, use, share and store anonymized (or pseudonymized) aggregated data collected through the Zmags Services for benchmarking, analytics, A/B testing, metrics, research, reporting, machine learning and other business purposes.
Automated Decisions. To the extent permitted by applicable law, we may collect data in an automated manner and make automated decisions, including using machine learning algorithms, about individual users of the Zmags Services in order to provide or optimize the Zmags Services offered and/or delivered, for security or analytics purposes, and for any other lawful purpose.
To the extent permitted by applicable law, Zmags may share and disclose information, including personal information, as set forth below:
Zmags may also disclose personal information for other purposes or to other third parties when an individual has consented to, or requested, such disclosure, or where a customer has obtained permission from such individual, or where such disclosure is otherwise legally permitted for legitimate business purposes, and, for customer data, with such customer’s authorization or otherwise in accordance with Zmags’ agreement with such customer.
We may use the following types of cookies and similar technologies:
Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all of the features available through the Zmags Services.
For more information, visit the help page for your web browser or see All About Cookies or visit Your Online Choices which has further information about behavioral advertising and online privacy.
To the extent permitted by applicable law, we may retain information for as long as the account of the customer for whom we collected the information is active, for at least twenty-four (24) months thereafter, or as long as is reasonably necessary to provide the Zmags Services or as needed for other lawful purposes. We may retain cached or archived copies of information. We may retain anonymized or pseudonymized, aggregated data indefinitely, to the extent permitted under applicable law. We may be required to retain some data for a longer period of time because of various laws and regulations or because of contractual obligations. We also will retain information as long as reasonably necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
To the extent required by applicable law, or in our discretion otherwise, we will allow customers and individuals to limit use of personal information. If at any time after providing us with your personal information such information changes or you change your mind about receiving information from us, you may request access to your data or that your data be changed.
If you no longer wish to receive our communications, you may opt-out of receiving them at any time by following the instructions included in each communication, by contacting us via email at firstname.lastname@example.org, or by mail at 332 Congress Street, 2nd Floor, Boston, MA 02210 MA, 02145 USA; Attn: Data Security Coordinator.
When you use your mobile device to interact with us or use the Zmags Services, we may receive information about your mobile device, including a unique identifier for your device. We and our service providers and third parties we collaborate with, including ad networks, may use cross-device/cross-context tracking. For example, you might use multiple browsers on a single device, or use various devices (such as desktops, smartphones, and tablets), which can result in your having multiple accounts or profiles across these various contexts and devices. Cross-device/cross-context technology may be used to connect these various accounts or profiles and the corresponding data from the different contexts and devices.
We provide you with a means for submitting your resume or other personal information through our website for consideration for employment opportunities at Zmags. Personal information received through resume submissions will be kept confidential. We may contact you for additional information to supplement your resume, and we may use your personal information within Zmags, or keep it on file for future use, as we make our hiring decisions.
To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of personal information, we employ procedural and technological measures that are reasonably designed to help safeguard the information we collect, including storing all personal information in secure databases protected via a variety of industry-standard access and security controls and procedures. Only authorized Zmags personnel have access to the personal information, including server logs and cookie utilization data, that we collect. These individuals are required to follow strict security policies and procedures Zmags may use encryption, secure socket layer, firewall, password protection and other physical security measures to help prevent unauthorized access to such. Zmags may also place internal restrictions on who in the company may access data to help prevent unauthorized access to such information.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. Therefore, despite our efforts, we cannot guarantee its absolute security. We do not warrant or represent that personal information about you will be protected against, loss, misuse, or alteration by third parties.
If you use the Services, you are responsible for maintaining the confidentiality of your access information and password. You are responsible for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your password. We cannot secure any personal information that you release on your own, that you request us to release or that is released through another third party to whom you’ve given access.
Where required under applicable law or by contract, we will notify the appropriate parties or individuals of any loss, misuse or alteration of personal information so that such parties or individuals can take the appropriate actions for the due protection of their rights. If such personal information is information of a Zmags customer, we will notify such customer and coordinate with them regarding any required notices to particular individuals.
The Zmags Services may be provided using resources and servers located in various countries around the world, including the United States and other countries. Therefore, personal information about individuals or customers may be transferred, processed and stored outside the country where the Zmags Services are used, including to countries outside the European Union (“EU”), European Economic Area (“EEA”) or Switzerland, where the level of data protection may not be deemed adequate by the European Commission.
Under California’s “Shine the Light” law, California residents who provide personal information in obtaining products or services for personal, family or household use may be entitled to request and obtain from us, once per calendar year, information about customer information we have shared, if any, with other businesses for such other businesses’ own direct marketing uses. If applicable, this information would include the categories of resident information and the names and addresses of those businesses with which we shared such resident information for the immediately prior calendar year. To obtain this information, please contact us as indicated below. Please include sufficient personal identification information so that we can process the request, including that you are a California resident.
Attn: Data Security Coordinator
332 Congress Street
Boston, MA 02210
Phone: +1 (617) 963-8000
CLASS ACTION WAIVER. YOU AND WE AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR OUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.
“Personal Data” means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of such natural person; and
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
EU-U.S. and Swiss-U.S. Privacy Shield Notice. We are in the process of submitting our certification of compliance with the EU-U.S. and Swiss-U.S. Privacy Shield with respect to the personal data of users of the Zmags Services who are residents of the European Union (“EU”), European Economic Area (“EEA”) and Switzerland that we receive and process through the Zmags Services. We certify that we adhere to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement (“Privacy Shield Principles”) for personal data of users of the Zmags Services in the countries participating in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Once complete, our certification will be available here. We may also process personal data submitted relating to individuals in Europe via other compliance mechanisms, including use of the European Union Standard Contractual Clauses or Binding Corporate Rules.
Our legal bases for the processing of Personal Data are: (i) consent or (ii) any other applicable legal bases, such as our legitimate interest in engaging in commerce, offering products and services of value to the customers of the Zmags Services, preventing fraud, ensuring information and network security, direct marketing and advertising, and complying with industry practices.
Additional Rights for European Residents. As a resident of the EU or a country following substantially similar legislation regarding the protection of Personal Data, individuals may have one or more of the following additional rights:
Access. To request a copy of the Personal Data we have collected about you by contacting us.
Rectification & Erasure. To request that we rectify or delete any of the Personal Data about you that is incomplete, incorrect, unnecessary or outdated.
Objection. To object, at any time, to Personal Data about you being Processed for direct marketing purposes.
Restriction of Processing. To request restriction of Processing of Personal Data about you for certain reasons, such as, for example, if you consider Personal Data about you collected by us to be inaccurate or you have objected to the Processing and the existence of legitimate grounds for Processing is still under consideration.
Data Portability. To request and receive the Personal Data we have collected about you in a commonly used and machine-readable form.
Right to Withdraw Consent. If Personal Data about you is processed solely based on your consent and not for any other legitimate interest, to withdraw your consent at any time, without affecting the lawfulness of our Processing based on such consent before it was withdrawn, including processing related to existing contracts for our products and services.
Right to Lodge a Complaint with a DPA. If you believe our Processing of Personal Data about you is inconsistent with the applicable data protection laws, to lodge a complaint with your local supervisory data protection authority (“DPA”).
To exercise any of the above listed rights, please contact us as set forth below and provide sufficient details so that we can respond appropriately. We will process any requests in accordance with applicable law and within a reasonable period of time. We may need to verify the identity of the individual submitting a request before we can address such request. If the request relates to data our customers collect and process through the Zmags Services, we will refer the request to that customer and will support them in responding to the request. For Zmags customers, certain information may be reviewed, corrected and updated by logging into the Zmags Services account and editing the profile information.
Questions and Complaints. Residents of a country participating in the Privacy Shield Framework may direct any questions or complaints concerning our Privacy Shield compliance to our Privacy Shield and Data Protection Contact. We will work with you to resolve your issue.
If we have not responded to a concern relating to data processed under the Privacy Shield Framework in a timely manner, or we have not addressed the concern satisfactorily, you may contact our U.S.-based dispute resolution provider, at no cost, here. If neither Zmags nor our independent dispute resolution provider resolve your complaint, you may have the possibility to invoke binding arbitration through the Privacy Shield Panel. However, prior to initiating such arbitration, a resident of a country participating in the Privacy Shield Framework must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from our designated independent dispute resolution provider; and (3) contact the U.S. Department of Commerce (either directly or through a European DPA) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident.
U.S. Federal Trade Commission Enforcement. Zmags’ commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Compelled Disclosures. Zmags may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Privacy Shield and Data Protection Contact. Unless otherwise specified, the data controller of personal data uploaded to the Zmags Services is the Zmags customer for whom such Services are provided and Zmags is the processor of such data for such customer. In certain cases, Zmags may also be the controller of aggregated, anonymous or pseudonymous data relating to the Zmags Services. Our Privacy Shield and Data Protection Contact for the personal information collected in connection with the Zmags Services is:
Attn: Data Security Coordinator
332 Congress Street
Boston, MA 02210
Phone: +1 (617) 963-8000