|
|
support »
terms »
privacy
Introduction
zootzone.com is committed to protecting your privacy, notwithstanding the requirements of the respective laws cited.
This document and agreement endeavours to summarise the key requirements of several applicable privacy laws concurrently, including the GDPR (Europe), POPIA (South Africa) and CCPA (California) as well as how zootzone.com handles your information in order to comply with them.
Links to the precise details of the respective laws are included at the end of the agreement.
Definitions
Subject
The person who's data is being controlled and processed.
The Subject in this agreement is a person who is either a customer or a customer's representative.
Data
Information which identifies a Subject, including details such as their passport or identity number, email address, physical address and so on. Also referred to as Personal Information.
Controller
A person or organisation controlling the Subject's data. The Controller determines both the reasons for, as well as the means of processing the Subject's information.
The Controller in this agreement is Zootzone CC (2003/062990/23 ), trading as zootzone.com in the Republic of South Africa.
Processor
A person or organisation processing the Subject's data.
This processing is required in order to operate the primary service (such as email or web hosting) or ancillary (complimentary) services (such as billing) for the express purpose of supporting the Controller's ability to carry out functions related to the services.
zootzone.com as well as other sub-processors (organisations) with which zootzone.com has downstream Data Processing Agreements are classified under this definition.
Principles
zootzone.com stands by and acts on the following principles, in order to protect the Subject's privacy and to comply with the various privacy laws:
- Only collect information which is explicitly necessary.
- Be fair, transparent and law abiding.
- Ensure that information is accurate.
- Retain information only for as long as is necessary.
- Take appropriate measures to secure the information.
- Only share information with explicitly published Sub-Processors within this agreement.
- Never share information with other 3rd parties, unless explicitly authorised to do so.
Compliance
zootzone.com complies with the various privacy laws by:
- Deploying well known and understood to be secure technologies and system designs.
- Maintaining systems through regular auditing, upgrades and patching where necessary, in order to meet stringent security standards.
- Storing data only for as long as is required by law or for operational reasons.
- Seeking clear, verifiable and where necessary, legal authorisation, prior to acting on requests to alter, delete, or disclose information.
- Supplying an authorised Subject with a copy of their data, upon request.
- Correcting an authorised Subject's stored information, upon request.
- Permanently deleting an authorised Subject's data, upon request, when and where possible. For example, a country's tax authority may require the retention of transactional information for a certain number of years.
- Notifying a Subject of a data breach which may have exposed their information to parties outside of the agreed chain of data Sub-Processors.
- Cooperating with law enforcement and other legally empowered entities for the purposes of assessment and disclosure where and when appropriate, according to the applicable law.
Agreement
- By subscribing to and accessing the services supplied by zootzone.com, the Subject provides their implicit consent to the storing and processing of their personal information by both zootzone.com as the Controller and primary Processor, as well as by Sub-Processors listed in this agreement.
- When the Subject resides in a location which differs to that of a Sub-Processor, the Subject consents to the cross-border transfer of operationally necessary data, as specified in the Sub-Processors specification of this agreement.
- If the Subject does not consent, they must cancel their service(s) and cease to access them.
- The agreement will remain active for as long as the Subject represents a customer that has an active subscription and is making use of zootzone.com's services.
Exclusions
- The services operated by zootzone.com supply platforms to customers for the storage and processing of customers' own data which zootzone.com neither controls nor processes directly, under the definitions of Controller and Processor of this agreement.
- Data stored on zootzone.com's servers by its customers, which contains the personal data of their own email contacts, their own website visitors or their own customers are excluded from this agreement. Such an agreement must be drawn up between customers as a Controller and their own data Subjects.
- The complete end-to-end security of the data which passes through the systems which zootzone.com supplies as components of its service, extends beyond the core service itself. A chain of connected systems is only as secure as the weakest link.
- Customers must ensure that their own devices (such as smart phones or laptops) which access the services (such as email accounts) are secure and up-to-date and that their credentials for accessing services hosted by zootzone.com are secured in encrypted password vaults on their own devices.
- Similarly, the exposed application layers of a customer's own websites (such as WordPress) are built using software, designs and policies over which zootzone.com has no direct control. These layers are the responsibility of the customer and/or their appointed consultants / web developers.
- zootzone.com is not liable for any data breaches arising from adversaries, be they people, organisations or systems, which have acquired customer data through means other than directly breaching zootzone.com's controlled systems, where a clear failure to implement reasonable security measures is proven.
Sub-Processors
zootzone.com's services are augmented by other companies' services which process Subject's information in various ways, in order to fulfil distinct and only completely necessary functions which zootzone.com is currently not in a position to offer itself.
These 3rd parties are Sub-Processors of a Subject's personal information, where applicable. Each sub-Processor of a Subject's information has a separate implicit Data Protection Agreement with zootzone.com.
| Sub-Processor |
Country |
Function |
Data Processed |
| Enchant |
CA |
Support |
Name, email, phone number |
| Freshbooks |
CA |
Invoicing |
Name, email, postal address, phone number |
| FreeAgent |
GB |
Accounting |
Name, email, postal address, phone number |
| RRP Proxy |
DE |
Domain registrations |
Name, email, postal address, phone number |
| ZACR |
ZA |
Domain registrations |
Name, email, postal address, phone number |
| Twilio |
US |
Automated SMS |
Mobile phone numbers |
| PayFast |
ZA |
Payments |
Name, email, credit card number |
Privacy Laws
| Acronym |
Name |
Region |
| GDPR |
General Data Protection Regulation |
Europe |
| UK DPA |
UK Data Protection Act |
United Kingdom |
| POPIA |
Protection of Personal Information Act |
Republic of South Africa |
| CCPA |
California Consumer Privacy Act |
California, USA |
Download PDF
zootzone_com_privacy.pdf
Information Officer
Dale Gallagher
privacy zootzone.com
+27 21 300 2213
|
