GDPR Policy

The EU General Data Protection Regulation (GDPR) is now in effect, as of May 25th 2018, and it brings new global data protection rights for individuals in the European Union.

ZAP is committed to support the privacy rights of ZAP customers and we have taken many measures towards full compliance of GDPR. This includes:

  • An update of our terms of service
  • The introduction of a EU Data Protection Addendum (DPA), as required by the GDPR
  • Various cookie protections and opt-out functionality on our website
  • Further internal and third-party security audits of our processes, Azure-based platform and application

ZAP’s role in GDPR Compliance

ZAP acts as a Data Processor within the realm of GDPR compliance. ZAP is responsible for safeguarding the data of partners or customers’ users as it flows through our services.

Customer’s role in GDPR Compliance

As a ZAP customer (or partner), you are a Data Controller within the GDPR, ZAP is the Data Processor. This means that throughout the time of your subscription to our services, you retain ownership of and control of your Customer or User data. You will want to pay attention to the following non-exhaustive list of items:

  • Perform your own research, audit, internal training and strategy steps within your company to ensure you understand GDPR and how it applies to your business
  • Ensure your Terms and Privacy policies are up to date
  • If you are an organization located in the EU, and/or need to be GDPR compliant, you may request to sign our EU Data Protection Agreement (DPA)
  • Be mindful of the amount of personal data that may be processed in a ZAP model and limit it as much as possible.
  • Also ensure that users’ consent is handled appropriately.

What is a Data Processing Agreement (“DPA”)?

This is an agreement that ZAP offers, that governs the relationship between the Customer (acting as a data controller) and ZAP (acting as a data processor). The DPA facilitates ZAP’s customers’ compliance with their obligations under the GDPR. Our DPA contains data transfer frameworks to ensure that our customers can lawfully transfer personal data to ZAP outside of the European Union by relying on one of three mechanisms: Binding Corporate Rules, Privacy Shield certification, or Standard Contractual Clauses.

ZAP’s Third-parties / Sub-processors

A sub-processor is a third-party data processor engaged by ZAP, including entities from within ZAP, who has or potentially will have access to or process Service Data (which may contain Personal Data). ZAP uses different types of sub-processors to perform various functions in order to operation its service.

ZAP requires its sub-processors to satisfy equivalent obligations as those required by ZAP (as a data processor). ZAP maintains an up-to-date list of the names and locations of all sub-processors used for hosting or other processing of service data.

Infrastructure and Service Sub-processors

ZAP owns or control access to the infrastructure used to host the Service and Customer data.

Sub-processor Application Location
Microsoft Azure
  • Cloud provider hosting Customer Data
  • User authentication
  • Logging and reporting
  • Only used by ZAP SaaS
Customer data is hosted at the customer’s elected location, as set forth in our Terms of Service.
Microsoft Dynamics 365
  • Customer Relationship Management
  • Service license provider
United States
Zendesk
  • Cloud-based Service Provider
  • ZAP Customer HelpDesk
United States
SendGrid
  • Cloud-based email provider
  • Only used by ZAP SaaS
United States

Other Sub-processors

The following sub-processors may be used by ZAP employees to store the minimum relevant set of data required to perform a specific function:

Sub-processor Application Location
Slack User and applicant data may be discussed here United States
Box User data may be stored here United States
Microsoft Office 365 User data may be discussed or referenced here United States

ZAP Group Sub-processors

The following sub-processors may be used by ZAP employees to store the minimum relevant set of data required to perform a specific function:

ZAP Entity Regions covered Address
Zap Technology Pty Ltd. Asia Pacific 854 Lorimer Street
Port Melbourne 3207 VIC.
Australia
Zap Technology Limited Europe, Middle-East and Africa 33 Cavendish Square
London W1G 0PW
United Kingdom
ZAP Technology LLC Americas 8875 Hidden River Parkway
Suite 300
Tampa, FL 33637
United States of America