What is the GDPR?

The primary aim of the General Data Protection Regulation (GDPR) is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.  The regulation contains provisions and requirements related to the processing of personal data of individuals who are located in Europe.  It became effective on May 25, 2018.

Any organization that holds personal data is subject to the GDPR if the organization is located within Europe or provides services or goods to individuals residing in Europe.  GDPR applies even if the data processing takes place outside of the EU.

Which Data Elements Fall under the GDPR?

Personal Data or Personally Identifiable Information (PII) is any information that can be used to directly or indirectly identify an individual. This includes data information, such as names, addresses, phone numbers, date of birth, browser cookies, IP addresses, financial information, information on devices, geo-location information, consumer preferences, advertising identifiers, and social media information.

Zumigo’s GDPR Policy

Zumigo is committed to continually examining and reviewing its practices and policy on how we protect our customers, partners, and employee data. The GDPR will help drive a stronger framework of requirements for personally identifiable information of individuals in Europe.

Zumigo has an established Global Privacy Policy and a team of privacy professionals. Our Global Privacy Policy process includes:

  • Updates to our Privacy Statement and internal policies and process.
  • Providing continuous efforts to support privacy and data protection by re-assessing and improving our GDPR & privacy policy enforcement through process improvements and updates to support any regulation changes.
  • Design and implement a process to allow individuals in Europe to exercise their rights, which include accessing, modifying, and deleting their personal information.

The GDPR provides for two different relationships for a business handling personal data.  The Data Controller determines the intent and methods of processing personal data, whereas the Data Processor is processing data on behalf of the Data Controller.

Zumigo as a Data Processor

Zumigo is purely a Data Processor for products or services that are offered to its enterprise customers.  The enterprise customers are the data controllers collecting personal data from their own products and services offered to their consumers.  Zumigo does not store Personally Identifiable Information (PII) data and only acts as an agent to process PII data on behalf of its enterprise customers.

The Data Processor is legally required to protect personal data according to the GDPR.  The data protection requirements should be clearly determined by all parties with data protection terms in their agreements to ensure the customer’s personal data is properly processed as required by the GDPR.

Zumigo as Data Controller

In conducting business through Zumigo.com websites or business communications with corporate clients, partners, and prospects, Zumigo may collect and process Personal Information such as names, business email, business phone number, business names, and business titles.  Zumigo does not share or resell any of this information with third parties.

Contact Us

You may contact us if you have general questions or concerns about this GDPR Policy Statement or how we process your Personal Data.

Our Data Protection Officer can be contacted at privacy@zumigo.com.  You can also contact us by writing to:

Zumigo, Inc.
ATTN: Privacy & Data Protection Unit
2001 Gateway Place, Suite 435E
San Jose, CA 95110
USA

Resources

Zumigo Global Privacy Policy Statement

Effective Sept 4, 2020