ZAP is committed to support the privacy rights of ZAP customers and we have taken many measures towards full compliance of GDPR. GDPR means the European Union General Data Protection Regulations (EU Regulations 2016/679), or the United Kingdom General Data Protection Regulations created by the UK Data Protection Act 2018 on the UK’s exit from the European Union. This includes:
ZAP acts as a Data Processor within the realm of GDPR compliance. ZAP is responsible for safeguarding the data of partners or customers’ users as it flows through our services.
As a ZAP customer (or partner), you are a Data Controller within the GDPR, ZAP is the Data Processor. This means that throughout the time of your subscription to our services, you retain ownership of and control of your Customer or User data. You will want to pay attention to the following non-exhaustive list of items:
This is an agreement that ZAP offers, that governs the relationship between the Customer (acting as a data controller) and ZAP (acting as a data processor). The DPA facilitates ZAP’s customers’ compliance with their obligations under the GDPR. Our DPA contains data transfer frameworks to ensure that our customers can lawfully transfer personal data to ZAP outside of the European Union by relying on one of these mechanisms: Binding Corporate Rules, or Standard Contractual Clauses. You may download this DPA by clicking this link.
A sub-processor is a third-party data processor engaged by ZAP, including entities from within ZAP, who has or potentially will have access to or process Service Data (which may contain Personal Data). ZAP uses different types of sub-processors to perform various functions in order to operate its service. ZAP requires its sub-processors to satisfy equivalent obligations as those required by ZAP (as a data processor). ZAP maintains an up-to-date list of the names and locations of all sub-processors used for hosting or other processing of service data.
ZAP owns or controls access to the infrastructure used to host the Service and Customer data.
The following sub-processors may be used by ZAP employees to store the minimum relevant set of data required to perform a specific function: