Introduction
This Privacy Policy explains what information Z Rex LLC, ZRexSolutions.com and its related entities (“Z Rex LIMS”) collect about you and why, what we do with that information, how we share it, and how we handle the content you place in our products and services. It also explains the choices available to you regarding our use of your personal information and how you can access and update this information.
Scope of Privacy Policy
This Privacy Policy applies to the information that we obtain through your use of “Z Rex Services” via a “Device” or when you otherwise interact with Z Rex.
“Z Rex Services” include our:
- Websites
- SaaS Products
but does not include:
- Third Party Products. These are third party products or services that you may choose to integrate with Z Rex products or services. You should always review the policies of third party products and services to make sure you are comfortable with the ways in which they collect and use your information.
A “Device” is any computer used to access the Z Rex Services, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
By registering for or using Z Rex Services you consent to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.
Definitions
Add-On: A bundle of code, resources and configuration files that can be used with a Z Rex product to add new functionality or to change the behavior of that product’s existing features.
Content: Any information or data that you upload, submit, post, create, transmit, store or display in a Z Rex Service.
Information: All of the different forms of data, content, and information collected by us are as described in this Privacy Policy.
Personal Information: Information that may be used to readily identify or contact you as an individual person, such as: name, address, email address, IP address, geographic locations or phone number. Personal Information does not include information that has been anonymized such that it does not allow for the ready identification of specific individuals.
Websites: Z Rex’s websites, including but not limited to zrexsolutions.com, any related websites, sub-domains and pages.
GDPR: General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
Changes to Our Privacy Policy
We may change this Privacy Policy from time to time. If we make any changes, we will notify you by revising the “Effective Starting” date at the top of this Privacy Policy. If we make any material changes, we will provide you with additional notice (such as by adding a notice in the Z Rex Services homepages, login screens, or by sending you an email notification). We encourage you to review our Privacy Policy whenever you use Z Rex Services to stay informed about our information practices and the ways you can help protect your privacy.
If you disagree with any changes to this Privacy Policy, you will need to stop using Z Rex Services and deactivate your account(s), as outlined below.
Information You Provide to Us
We collect the following information:
Account and Profile Information: We collect information about you and your company as you register for an account, create or modify your profile, make purchases through, use, access, or interact with the Z Rex Services (including but not limited to when you upload, download, collaborate on or share Content). Information we collect includes:
- Contact information such as name, email address, mailing address, IP address, geographic locations and phone number.
- Billing information such as credit card details and billing address. Your financial information will not be stored by us except for the name and address of the card holder, the expiry date and the last four digits of the Credit Card number. Subject to your prior consent and where necessary for processing future payments, your financial information will be stored in encrypted form on secure servers of our reputed Payment Gateway Service Provider who is beholden to treating your Personal Information in accordance with this Privacy Policy Statement.
- Profile information such as a username, and job title, institution, Department, email and telephone number.
In some cases another user (such as a system administrator) may create an account on your behalf and may provide your information, including Personal Information (most commonly when your company requests that you use our products). We collect Information under the direction of our customers and often have no direct relationship with the individuals whose personal data we process. If you are an employee of one of our customers and would no longer like us to process your information, please contact your employer. If you are providing information (including Personal Information) about someone else, you must have the authority to act for them and to consent to the collection and use of their Personal Information as described in this Privacy Policy.
Contents of Your User Account: We store and maintain files, documents, to-do lists, emails and other data stored in your user account. In order to prevent loss of data due to errors or system failures, we also keep backup copies of data including the contents of your user account. Hence your files and data may remain on our servers even after deletion or termination of your user account. We may retain and use your Personal Information and data as necessary to comply with our legal obligations, resolve disputes, and enforce our rights. We assure you that the contents of your user account will not be disclosed to anyone and will not be accessible even to employees of Z Rex except in circumstances specifically mentioned in this Privacy Policy Statement and Terms of Services. We do not scan the contents of your user account for serving targeted advertisements.
Other Submissions: We collect other data that you submit to our Websites or as you participate in any interactive features of the Z Rex Services, participate in a survey, contest, promotion, sweepstakes, activity or event, apply for a job, request customer support, communicate with us via third party social media sites or otherwise communicate with us. For example, information regarding a problem you are experiencing with an Z Rex product could be submitted to our Support Services.
Information We Collect from Your Use of Z Rex Services
Web Logs: As is true with most websites and services delivered over the Internet, we gather certain information and store it in log files when you interact with our Websites and SaaS Products. This information includes internet protocol (IP) addresses as well as browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your Devices, your mobile carrier, and system configuration information. In the case of our SaaS Product, the URLs you accessed (and therefore included in our log files) include usernames necessary for the SaaS Product to perform the requested operations. Occasionally, we connect Personal Information to information gathered in our log files as necessary to improve Z Rex Services for individual customers. In such a case, we would treat the combined Information in accordance with this privacy policy.
Analytics Information from Website and SaaS Products: We collect analytics information when you use our Websites and SaaS Products to help us improve our products and services. In the SaaS Products, this analytics information consists of the feature and function of the Z Rex Service being used, and domain name, the username and IP address of the individual who is using the feature or function (which will include Personal Information if the Personal Information was incorporated into the username), the sizes and original filenames of attachments, and additional information required to detail the operation of the function and which parts of the Z Rex Services are being affected.
The analytics information we collect includes elements of Content related to the function the user is performing. As such, the analytics information we collect may include Personal Information or sensitive business information that the user has included in Content that the user chose to upload, submit, post, create, transmit, store or display in an Z Rex Service.
As of date this policy went into effect, we use Google Analytics as an analytics provider. Use the Google Analytics Opt-out Browser Add-on to prevent analytics information from being sent to Google Analytics.
Analytics Information Derived from Content: Analytics information also consists of data we collect as a result of running queries against Content across our user base for the purposes of generating Usage Data. “Usage Data” is aggregated data about a group or category of services, features or users that does not contain Personal Information. For example, we may query Content to determine the most common types of workflows that users use (e.g. what percentage of all instances use ITIL style workflows?) by searching for the most common workflow names, or we may query Content to determine the most popular job titles for Confluence users in order to better understand the composition of our user base.
Though we may happen upon sensitive or Personal Information as we compile Usage Data from Content across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Content of any particular customer.
Cookies and Other Tracking Technologies: Z Rex and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory. We use cookies to improve and customize Z Rex Services and your experience; to allow you to access and use the Websites or SaaS Products without re-entering your username or password; and to count visits and understand which areas and features of the Websites and SaaS Products are most popular. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of our Websites or SaaS Products. Z Rex and our third party partners also collect information using web beacons (also known as “tracking pixels”). Web beacons are electronic images that may be used in our Websites or SaaS Products or in emails that help us to deliver cookies, count visits, understand usage and campaign effectiveness and determine whether an email has been opened and acted upon.
Z Rex and our third party partners also use javascript, e-tags, “flash cookies”, and HTML5 local storage to collect information about your online activities over time and across different websites or online services. Many browsers include their own management tools for removing HTML5 local storage objects.
Information We Collect from Other Sources
Information from Third Party Services: We also obtain information from third parties and combine that with Information we collect through Z Rex Services. For example, we may have access to certain information from a third party social media or authentication service if you log into Z Rex Services through the service or otherwise provide us with access to Information from the service. Any access that we may have to such Information from a third party social or authentication service is in accordance with the authorization procedures determined by that service. By authorizing us to connect with a third party service, you authorize us to access and store your name, email address(es), current city, profile picture URL, and other information that the third party service makes available to us, and to use and disclose it in accordance with this Privacy Policy.
How We Use Information We Collect
General Uses: We use the Information we collect about you (including Personal Information to the extent applicable) for a variety of purposes, including to:
- Provide, operate, maintain, improve, and promote Z Rex Services;
- Enable you to access and use Z Rex Services, including uploading, downloading, collaborating on and sharing Content;
- Process and complete transactions, and send you related information, including purchase confirmations and invoices;
- Send transactional messages, including responding to your comments, questions, and requests; providing customer service and support; and sending you technical notices, updates, security alerts, and support and administrative messages;
- Send promotional communications, such as providing you with information about services, features, surveys, newsletters, offers, promotions, contests, events and sending updates about your team and chat rooms; and providing other news or information about us and our select partners.
- Monitor and analyze trends, usage, and activities in connection with Z Rex Services and for marketing or advertising purposes;
- Investigate and prevent fraudulent transactions, unauthorized access to Z Rex Services, and other illegal activities;
- Personalize Z Rex Services, including by providing content, features, or advertisements that match your interests and preferences;
- Enable you to communicate, collaborate, and share content with users you designate; and
- For other purposes about which we obtain your consent.
Notwithstanding the foregoing, we will not use Personal Information appearing in our Analytics Logs or Web Logs for any purpose. The use of Information collected through our Z Rex Services shall be limited to the purposes disclosed in this policy.
Information Sharing and Disclosure
We will not share or disclose any of your Personal Information or Content with third parties except as described in this policy. We do not sell your Personal Information or Content.
Your Use: When you use Z Rex Services, Content you provide will be displayed back to you. Certain features of Z Rex Services allow you or your administrator to make some of your Content public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you input into Z Rex Services.
Collaboration: As a natural result of using Z Rex Services, you may create Content and grant permission to other Z Rex users to access it for the purposes of collaboration. Some of the collaboration features of Z Rex Services display your profile information, including Personal Information included in your profile, to users with whom you have shared your Content. Where this information is sensitive, we urge you to use the various security and privacy features of the Z Rex Services to limit those who can access such information. Your sharing settings may make any Information, including some Personal Information, that you submit to the Z Rex Services visible to the public, unless submitted to a restricted area.
Access by Your System Administrator: You should be aware that the administrator of your instance of Z Rex Services may be able to:
- access information in and about your Z Rex Services account;
- access communications history, including file attachments, for your Z Rex Services account;
- disclose, restrict, or access information that you have provided or that is made available to you when using your Z Rex Services account, including your Content; and
- control how your Z Rex Services account may be accessed or deleted.
- may have access to your stored data.
Z Rex Community: Our Websites offer publicly accessible community services such as blogs. You should be aware that any Content you provide in these areas may be read, collected, and used by others who access them. Your posts may remain even after you cancel your account. To request removal of your Personal Information from the Z Rex Community, please contact Z Rex technical support. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to and why.
Service Providers, Business Partners and Others: We work with third party service providers to provide hosting, maintenance, back-up, storage, virtual infrastructure, payment processing, analysis and other services for us. These service providers may have access to or process your Information for the purpose of providing those services for us. Please be aware that you are providing your Information to these third parties acting on behalf of Z Rex.
Third Party Add-Ons: You may choose to make use of third party Add-Ons in conjunction with Z Rex Services. Third party Add-Ons are software written by third parties to which you grant access privileges to your Content (which may include your Personal Information). When access is granted, your Content is shared with the third party. Third party Add-On policies and procedures are not controlled by Z Rex . Third parties who have been granted access to your Content through Add-Ons could use this data to contact you and market services to you, and could share your data with other third parties. This Privacy Policy does not cover the collection or use of your data by third party Add-Ons, and we urge you to consider the privacy policies governing third party Add-Ons. If you object to your Personal Information being shared with these third parties, please uninstall the Add-On (in the event installed from the Z Rex Marketplace) or terminate your agreement with the third party Add-On provider (in the event you have purchased a direct integration).
Testimonials: We may display personal testimonials of satisfied customers in the Z Rex Services. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us using the information below.
Compliance with Laws and Law Enforcement Requests; Protection of Our Rights: We may disclose your Information (including your Personal Information) to a third party if (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request, (b) to enforce our agreements, policies and terms of service, (c) to protect the security or integrity of Z Rex’s products and services, (d) to protect Z Rex, our customers or the public from harm or illegal activities, or (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
Business Transfers: We may share or transfer your Information (including your Personal Information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice in the Z Rex Services of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Aggregated or Anonymized Data: We may also share aggregated or anonymized information that does not directly identify you with the third parties described above.
With Your Consent. We will share your Personal Information with third parties when we have your consent to do so.
Information We Do Not Share
We do not share Personal Information about you with third parties for their marketing purposes (including direct marketing purposes) without your permission.
Data Storage, Transfer and Security
Z Rex hosts data with hosting service providers in numerous countries including the United States and Germany. The servers on which Personal Information is stored are kept in a controlled environment for data storage and processing of region-specific data. Dedicated servers in the US and EU regions are deployed for customers from those regions. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Information you choose to store in Websites or SaaS Products are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.
Where data is transferred over the Internet as part of a Website or SaaS Product, the data is encrypted using industry standard SSL (HTTPS).
Your Choices
You may opt out of receiving promotional communications from Z Rex by using the unsubscribe link within each email or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Z Rex’s Services. You can opt-out of some notification messages in your account settings.
Accessing and Updating Your Information
You may often correct, update, amend, or remove your Personal Information in your account settings or by directing your query to your account administrator.You or your administrator may be able to deactivate your Z Rex Services account. If you can deactivate your own account, you can most often do so in your account settings. Otherwise, please contact your administrator. To deactivate an organization account, please contact Z Rex Support.
We will retain your account information for as long as your account is active, or as reasonably useful for commercial purposes or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If your account is managed by an administrator, that account administrator may have control with regards to how your account information is retained and deleted.
Compliance with GDPR
Z Rex as a Data Processor: Of all persons with a registered account in Z Rex software, personal data is stored in our systems. For end-users using Z Rex hosted on Digital Ocean, Z Rex is regarded as the Data Processor according to the GDPR. All data collected by Z Rex will be stored exclusively in secure hosting facilities provided by Amazon Web Services. Z Rex has a Business Associate Agreement (BAA) in place with its provider, ensuring compliance with the Directive. All hosting is performed in accordance with the highest security regulations.
How We Protect Your Personal Data: As a Data Processor, Z Rex has taken strict measures and implemented the required procedures to guarantee the safety of data of its customers. As a proof of its effort, Z Rex’s cloud service provider (Digital Ocean) has been IEC/ISO27001:2013 certified. The most important measures that have been taken to ensure the protection of personal data as well as confidentiality, integrity and availability of services provided by Z Rex as a Data Processor are:
- Secured communication via SSL encryption
- Periodic off-site encrypted data back-ups (twice every 24 hours) for disaster recovery (kept up to 1 month)
- Disaster recovery procedures
- Real-time system monitoring and logging
- Firewall and network configuration such that servers are not directly connected to the internet
- System maintenance including the installation of security patches
- Security features to protect system access, such as two-factor authentication and IP restriction
- Privacy features to block storage of personal information by end-users
- Confidentiality agreements as part of all employee contracts 10. Access to systems by Z Rex employees on need-to-access basis
Right to Access: The GDRP dictates that all EU citizens have the right to access the personal data that is stored by others. To provide full system functionality the following minimal set of personal data is stored in Z Rex software applications: