Last updated: March 2022
II. PERSONAL INFORMATION WE COLLECT
The categories of personal information we collect depend on whether you are a Customer, visitor, or applicant, and the requirements of applicable law.
Information You Provide to Us.
Account Creation. When you create a user account using Zingtree’s Services, we may collect your name, email address, business information, credit card information, username, and password.
Account Usage. When you use an account, the category and sensitivity of the Customer Data entered into Zingtree's Services is at the sole discretion of the Customer and/or their end users. Zingtree does not collect Customer Data.
Your Communications with Us. We collect personal information from you such as your name, email address, phone number, or mailing address when you request information about our Services, request a demo, register for our newsletter, request customer or technical support, apply for a job or otherwise communicate with us.
Surveys. We may contact you to participate in surveysIf you decide to participate, you may be asked to provide certain information which may include personal information.
Social Media Content. We may offer forums, blogs, or social media pages. Any content you provide on these channels will be considered “public” and is not subject to privacy protections.
Information Collected Automatically or From Others
Automatic Data Collection. We may collect certain information automatically when you use the Zingtree website or Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device,Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.
In addition, we may automatically collect data regarding your use of our Services, such as the types of content you interact with and the frequency and duration of your activities. We may combine your information with information that other people provide when they use our Services.
- Cookies. Cookies are small text files placed in a visitor’s computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about a user’s engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
In conjunction with the gathering of data through the above-referenced methods, our web servers may log records to include, but not limited to user system activity, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located.The web server logs also may record the address of the web page that referred you to our website or Services, the IP address (and associated city and state or province for the IP address) of the device you use to connect to the Internet.
Analytics. We may also use Google Analytics and other service providers to collect information regarding visitor behavior and visitor demographics on our website or Services. For more information about GoogleAnalytics, please visit www.google.com/policies/privacy/partners/.You can opt out of Google’s collection and processing of data generated by your use of the Services by going to http://tools.google.com/dlpage/gaoptout.
III. HOW WE USE YOUR INFORMATION.
If you have any questions or concerns about how CustomerData is handled or would like to exercise your rights, you should contact the person or entity (i.e., the data controller) who has contracted with us to use our Services to process Customer Data. Our Customers control the personal information in these cases and determine the security settings within the account, its access controls and credentials, and data retention. We will, however, assist our Customers to address any concerns you may have, in accordance with the terms of our contract with them.
Our Business Purposes. We use your information for a variety of business purposes, including to:
Fulfill our contract with you and provide you with our Services, such as:
- Managing your information and accounts;
- Providing access to certain areas, functionalities, and features of our Services;
- Communicating with you about your account, activities on our Services and policy changes;
- Undertaking activities to verify or maintain the quality or safety of a Service;
- Processing your financial information and other payment methods for products or Services purchased;
- Providing advertising, analytics, and marketing services;
- Providing Services on behalf of our investors, such as maintaining or servicing accounts, providing investor service, and verifying investor information;
- Processing applications and transactions; and
- Allowing you to register for events.
Analyze and improve our Services pursuant to our legitimate interests, such as:
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;
- Measuring interest and engagement in our Services and short-term, transient use, such as contextual customization of ads;
- Undertaking research for technological development and demonstration;
- Researching and developing products, services, marketing, or security procedures to improve their performance, resilience, reliability, or efficiency;
- Improving, upgrading, or enhancing our Services or device or those of our Providers;
- Developing new products and Services;
- Ensuring internal quality control;
- Verifying your identity and preventing fraud;
- Debugging to identify and repair errors that impair existing intended functionality;
- Enforcing our terms and policies; and
- Complying with our legal obligations, protecting your vital interests, or as may be required for the public good.
Provide you with additional content and Services, such as:
- Furnishing you with customized materials about offers, products, and Services that may be of interest, including new content or Services;
- Auditing relating to interactions, transactions, and other compliance activities; and
- Other purposes you consent to, are notified of, or are disclosed when you provide personal information.
De-Identified and Aggregated Information. We may use personal information and other data about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access our website or Services, or other analyses we create.
Marketing and Advertising Our Products and Services. We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law. Some of the ways we may market to you include email campaigns, custom audiences advertising, and “interest-based” or “personalized advertising,” including through cross-device tracking.
If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time as set forth below.
Share Content with Friends or Colleagues. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends or colleagues through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Please only share with us contact information of people with whom you have a relationship (e.g., relative, friend neighbor, or co-worker).
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular site behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality.
- Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our visitors use the Services.
- Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed.
- Advertising or Targeting Related. We may use first party or third-party Technologies to deliver content, including ads relevant to your interests, on our Services or on third party sites.
Notice Regarding Third Party Websites, Social Media Platforms and Application Programming Interfaces and Software Development Kits. The Services may contain links to other websites, and other websites may reference or link to our website or other Services. These other websites are not controlled by us. We encourage our Customers and users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
We may use third party application programming interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of our Services. APIs and SDKs may allow third parties including analytics and advertising partners to collect your personal information for various purposes including to provide analytics services and content that is more relevant to you. For more information about our use of APIs and SDKs, please contact us asset forth below.
IV. DISCLOSING YOUR INFORMATION TO THIRD PARTIES.
We disclose your information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below. Zingtree will not share your information with third parties for a purpose that is materially different from original purposes without your consent.
Service Providers. We may share any personal information we collect about you with our third-party service providers. The categories of service providers (processors) to whom we entrust personal information include IT and related services; information and services; payment processors; customer service providers; and vendors to support the provision of the Services.
Business Partners. We may provide personal information to business partners with whom we jointly offer products or services. In such cases, our business partner’s name will appear along with ours.
Advertising Partners. Through our Services, we may allow third party advertising partners to set Technologies and other tracking tools to collect information regarding your activities and your device (e.g.,your IP address, mobile identifiers, page(s) visited, location, time of day). We may also combine and share such information and other information (such as demographic information and past purchase history) with third party advertising partners. These advertising partners may use this information (and similar in formation collected from other websites) for purposes of delivering targeted advertisements to you when you visit third party websites within their networks.This practice is commonly referred to as “interest-based advertising” or“online behavioral advertising.” We may allow access to other data collected by the Services to share information that may be useful, relevant, valuable, or otherwise of interest to you. If you prefer not to share your personal information with third party advertising partners, you may follow the instructions below.
Disclosures to Protect Us or Others. We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to:comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.
Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of our Services to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
International Data Transfers. You agree that all information processed by us may be transferred, processed, and stored any wherein the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We have taken appropriate safeguards to require that your personal information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. Further details can be provided upon request. Zingtree’s liability regarding the onward transfer of personal information to third parties shall be governed by the applicable mutually executed agreements and in compliance with the EU-US & Swiss-US Privacy Shield requirements.
V. YOUR CHOICES.
General. You have certain choices about your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on ourServices and for other legal purposes as described above.
We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.
“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We honor do not track signals when a Do Not Track (DNT) browser mechanism is in place.
Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy, at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/. To separately make choices for mobile apps on a mobile device, you can downloadDAA’s AppChoices application from your device’s app store. Alternatively, for some devices you may use your device’s platform controls in your settings to exercise choice.
Please note you must separately opt out in each browser and on each device. Advertisements on third party websites that contain the AdChoices link may have been directed to you based on information collected by advertising partners over time and across websites. These advertisements provide a mechanism to opt out of the advertising partners’ use of this information for interest-based advertising purposes.
Your Privacy Rights. In accordance with applicable law, e.g., GDPR, you may have the right to:
- Request Access: The right to request confirmation of whether Zingtree processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- RectifyInformation: The right to request Zingtree to rectify or update your Personal Data that is inaccurate, incomplete, or outdated;
- Data Deletion: The right to request Zingtree to erase your Personal Data;
- Data Restriction: The right to request Zingtree to restrict/stop the processing of your Personal Data;
- Data Portability: The right to request Zingtree to export your Personal Data, where technically feasible;
- Notification: The right to be notified about the uses of your Personal Data, where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent if you feel your rights are being impeded;
- Objection: The right to object to the processing of your Personal Data, including the withdrawal of previously provided consent; and
- Automated Individual Decision-Making: The right to refuse the automated processing of your Personal Data to make individual decisions about you if it significantly affects the data subject or produces legal effects.
If you would like to exercise any of these rights, please log into your account or contact us as set forth below. We will process such requests in accordance with applicable laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request.
VI. DATA RETENTION.
VII. SECURITY OF YOUR INFORMATION.
The security of your Information is important to us. We have implemented industry acceptable security standards and are annually assessed for compliance by qualified third parties to protect the sensitive information submitted to us from unauthorized disclosure, alteration, disruption, or destruction, while in transit our custody. These safeguards vary based on the sensitivity of the Information that we collect, process and store and the current state of technology. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of ourServices. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an email to you.
VIII. CHILDREN’S INFORMATION.
The Services are not directed to children under 18 (or other age as required by local law), and we do not knowingly collect personal information from children. If you learn that your child has provided us with personal information without your consent, you may contact us as set forth below. If we learn that we have collected any personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
IX. OTHER REGULATORY PROVISIONS.
Supervisory Authority. If you are located in the European Economic Area, Switzerland, the United Kingdom, or Brazil you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.
Supplemental Notice for California Residents. This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of2020 (“CPRA”). The CCPA and CPRA provide California residents with the right to know what categories of personal information Zingtree has collected about them and whether Zingtree disclosed that personal information for a business purpose(e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth in “Personal Information We Collect” and “How We Use Your Personal Information” above, respectively.
“Sales” of Personal Information under the CCPA and CPRA. For purposes of the CCPA and CPRA, Zingtree does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
Additional Privacy Rights for California Residents
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to acton your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth below and provide written authorization signed by you and your designated agent.
Verification. To protect your privacy, we will take the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Services.
If you are a California resident and would like to exercise any of your rights under theCCPA or CPRA, please contact us as set forth below. We will process such requests in accordance with applicable laws.
Referral Programs. As described above in How We Use Your Personal Information (“Share Content with Friends or Colleagues”), we may offer referral programs. We may offer incentives to you such as discounts or promotional credit in connection with these programs, wherein you provide personal information regarding your friends or colleagues (such as their email address) and receive rewards when they sign up to use our Services. (The referred party may also receive rewards for signing up via your referral.)These referral programs are entirely voluntary and allow us to grow our business and provide additional benefits to you. The value of the referred party’s data to us depends on whether the referred party ultimately becomes a user and uses our Services. Said value will be reflected in the incentive offered for each referral.
Supplemental Notice for Nevada Residents. If you are a resident of Nevada, you have the right to opt out of the sale of certain Personal Information to third parties who intend to license or sell that Personal Information. You can exercise this right by contacting us at email@example.com with the subject line “Nevada Do NotSell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your PersonalInformation as sales are defined in Nevada Revised Statutes Chapter 603A. If you have any questions, please contact us as set forth below.
X. PRIVACY SHIELD PRINCIPLES AND SELF-CERTIFICATION
To comply with the EuropeanUnion (EU) General Data Protection Regulation (GDPR) pertaining to international data transfer mechanisms, Zingtree strictly adheres to the Privacy Shield Principles. Zingtree is self-certified under the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. Designed by the U.S. Department of Commerce and the European Commission and Swiss Administration, Privacy Shield was developed to provide a framework for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. In addition, we offer EU Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for our customers who operate in the EU. For more information on Zingtree’s GDPR compliance with GDPR, please visit Zingtree GDPR Information.
XI. COMPLAINTS AND ENFORCEMENT
Zingtree encourages communications from its customers, partners, employees, website visitors and all others, who may have questions or concerns. You may contact us about our practices or to make a complaint and seek recourse according to the. methods available to you, and subject to applicable enforcement powers.
As part of Zingtree’s adherence to the EU-U.S. Privacy Shield Principles, we are committed to resolve in a timely manner complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Zingtree at the information provided below in the "Contact Us" section.
If you have an unresolved complaint, Zingtree commits to cooperate with your local EU data protection authority and/or the Swiss Federal Data Protection and Information Commissioner (cumulatively “DPAs”) as alternative dispute resolution providers. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, contact your local DPA.
Zingtree is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). European Union and Swiss individuals have the possibility, under certain conditions, to invoke binding arbitration.
XIII. CONTACT US.
Mark R. Beckmeyer, D.Sc.,CISSP, is the Zingtree Senior Director of Security and Compliance and serves asthe company’s Security and Privacy Officer.
Attn: Security/Privacy Officer
700 Larkspur Landing Circle, Suite 199
Larkspur, CA 94939