What is the GDPR?
The primary aim of the General Data Protection Regulation (GDPR) is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The regulation contains provisions and requirements related to the processing of personal data of individuals who are located in Europe. It became effective on May 25, 2018.
Any organization that holds personal data is subject to the GDPR if the organization is located within Europe or provides services or goods to individuals residing in Europe. GDPR applies even if the data processing takes place outside of the EU.
Which Data Elements Fall under the GDPR?
Personal Data or Personally Identifiable Information (PII) is any information that can be used to directly or indirectly identify an individual. This includes data information, such as names, addresses, phone numbers, date of birth, browser cookies, IP addresses, financial information, information on devices, geo-location information, consumer preferences, advertising identifiers, and social media information.
Zumigo’s GDPR Policy
Zumigo is committed to continually examining and reviewing its practices and policy on how we protect our customers, partners, and employee data. The GDPR will help drive a stronger framework of requirements for personally identifiable information of individuals in Europe.
- Updates to our Privacy Statement and internal policies and process.
- Design and implement a process to allow individuals in Europe to exercise their rights, which include accessing, modifying, and deleting their personal information.
The GDPR provides for two different relationships for a business handling personal data. The Data Controller determines the intent and methods of processing personal data, whereas the Data Processor is processing data on behalf of the Data Controller.
Zumigo as a Data Processor
Zumigo is purely a Data Processor for products or services that are offered to its enterprise customers. The enterprise customers are the data controllers collecting personal data from their own products and services offered to their consumers. Zumigo does not store Personally Identifiable Information (PII) data and only acts as an agent to process PII data on behalf of its enterprise customers.
The Data Processor is legally required to protect personal data according to the GDPR. The data protection requirements should be clearly determined by all parties with data protection terms in their agreements to ensure the customer’s personal data is properly processed as required by the GDPR.
Zumigo as Data Controller
In conducting business through Zumigo.com websites or business communications with corporate clients, partners, and prospects, Zumigo may collect and process Personal Information such as names, business email, business phone number, business names, and business titles. Zumigo does not share or resell any of this information with third parties.
You may contact us if you have general questions or concerns about this GDPR Policy Statement or how we process your Personal Data.
Our Data Protection Officer can be contacted at firstname.lastname@example.org. You can also contact us by writing to:
ATTN: Privacy & Data Protection Unit
2001 Gateway Place, Suite 435E
San Jose, CA 95110
Effective Sept 4, 2020