Effective: 13 February 2023
You can request past versions of our Privacy Policy from legal@zenqms.com
Please review this policy in conjunction with our Terms of Service.
This Privacy Policy describes how ZenQMS collects, uses and discloses "Customer Data" and “Other Information” as defined herein (collectively, “Information”), some of which could include information that identifies you personally, and what choices you have with respect to the Information that we collect.
When we refer to “ZenQMS” in this Privacy Policy, we mean the ZenQMS entity that acts as the processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below. When we refer to "Members" we mean our clients who are directly in control of the Customer Data, including any personally identifiable Information, they enter into ZenQMS’ environments.
This Privacy Policy applies to ZenQMS' online platform for managing quality activities, including all associated ZenQMS environments (collectively, the “Services”), ZenQMS.com and other ZenQMS websites (collectively, the “Websites”) and other interactions (e.g., customer support requests, member conferences, etc.) you may have with ZenQMS. By accessing or using the Services, Websites or any other aspect of ZenQMS' business, you consent to the terms of this Privacy Policy.
This Privacy Policy does not apply to any third-party applications or software that integrate with the Services through the ZenQMS API (“Third-Party Services”), or any other third-party products, services or businesses. In addition, a separate agreement governs delivery, access and use of the Services (the “Master Subscription Agreement” or "Terms of Service"), including the processing of any messages, files or other content submitted through Services accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Master Subscription Agreement (“Member”) controls their instance of the Services (their “Member Account”) and any associated Customer Data. If you have any questions about specific Member settings and privacy practices, please contact the Member.
ZenQMS may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways:
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information. However, certain Information is collected automatically and, if some Information, such as Member Account setup details, are not provided, we may be unable to provide the Services.
Customer Data will be used by ZenQMS in accordance with the Master Subscription Agreement and as required by applicable law. ZenQMS is a processor of Customer Data and Member is the controller. Member may, for example, use the Services to grant and remove access to a Member Account, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services.
ZenQMS uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, ZenQMS uses Other Information:
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, ZenQMS may use it for any lawful purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data”.
This section describes how ZenQMS may share and disclose Information with third parties (subject to any contractual duty of confidentiality between us and the Customer). Members determine their own policies and practices for the sharing and disclosure of Information, and ZenQMS does not control how they or any other third parties choose to share or disclose Information
ZenQMS retains Customer Data in accordance with a Member’s instructions, including any applicable terms in the Master Subscription Agreement and Member’s use of Services functionality, and as required by applicable law and regulation. Depending on the Services plan, Member may be able to customize its retention settings and apply those customized settings at the Member Account level, Site level or other level. In some instances, Member may also apply different settings to messages, files or other types of Customer Data. The deletion of Customer Data and other use of the Services by Member may result in the deletion and/or de-identification of certain associated Other Information. ZenQMS may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for ZenQMS to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations and regulatory requirements (e.g., 21 CFR Part 11), resolve disputes and enforce our agreements.
ZenQMS Authorized Users should direct requests for deletion, correction and/or amendment of Information to the Member in accordance with the ‘Your Rights’ section in this Privacy Policy. As per clause 3 in the Data Processing Addendum, ZenQMS notifies a Member if any data subject request has been made to it directly from one of the Member’s users.
Data deletion, correction and/or amendment requests regarding Information controlled by ZenQMS (generally “Other Information”) should be made to ZenQMS via email to help@zenqms.com or legal@zenqms.com. ZenQMS examines such requests made to it directly within 30 (Thirty) days. We may ask you and/or Member to verify your identity, or the data subject’s identity, if different, the reason for the request, and what information is requested to be deleted, corrected and/or amended. We will also seek the review and approval of such requests from the Member who invited you to the account. We will delete, correct and/or amend your Information following the request if it is found that it does not conflict with ZenQMS ability comply with (and demonstrate compliance with) legal obligations and regulatory requirements. ZenQMS sends a confirmation to the requester/ Member that Information was deleted/ corrected/ amended. If Information was not deleted/ corrected/ amended for the reasons listed above, ZenQMS notifies the requester/ Member with the reasoning for the request denial.
ZenQMS takes security of Information very seriously. ZenQMS applies, maintains, and monitors physical, technical, and administrative safeguards in accordance with industry standards as outlined in its System and Data Security related SOPs and Policies, to protect Information you provide from loss, misuse, and unauthorized access or disclosure. These steps consider the sensitivity of the Information we collect, process and store, and the current state of technology. Materials describing ZenQMS’ security standards and certifications are available in the ZenQMS Auditor Share Account.
Given the nature of communications and information processing technology, ZenQMS cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will always be safe from intrusion by others.
It is ZenQMS’ Member’s responsibility to apply physical, technical, and procedural controls that are not under ZenQMS control and to prevent any breaches that may originate in their organization.
If a Member elects to fully terminate its use of the Service for any reason, or is terminated by the Company, all confidential data owned by that Member will be permanently deleted from the Service, ZenQMS’ possession or otherwise in the Company's control..
To the extent permitted by applicable law, ZenQMS does not permit use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with Personal Data, please contact us and we will take steps to delete such information.
To communicate with our Data Protection Officer, Panos Boudouvas, please email help@zenqms.com or legal@zenqms.com.
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, the Member is the controller of Customer Data. In general, ZenQMS is the processor of Customer Data and the controller of Other Information.
ZenQMS servers are in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, ZenQMS takes many steps to protect your privacy, as described in this Policy.
In addition, we leverage Third Party Service providers who process Personal Data on our behalf, to provide services to ZenQMS, and their servers may be located outside of the EEA. A full list of the sub-processors we use to process data, is available in the GDPR document in the Auditor Share Account. We take steps to ensure that our vendors offer appropriate safeguards to protect Personal Data they process on our behalf, and contractually obligate them to process such data in compliance with applicable data protection laws. ZenQMS remains responsible and liable if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the EU GDPR, unless ZenQMS proves that it is not responsible for the event giving rise to the damage.
ZenQMS contractually commits to transfer and process all of its Members’ EU, UK and Swiss data in compliance with the Standard Contractual Clauses (SCCs), which are a valid data export mechanism and which apply as part of ZenQMS' Data Processing Addendum (DPA).
In addition to incorporating SCCs (“Standard Contractual Clauses”), our Data Processing Addendum (DPA) also specifies our commitments to security, confidentiality of processing, limitations on international transfers of Personal Data, cooperation with data subject rights, notice of security incidents, and more. Members who wish to sign a DPA with ZenQMS may request it by contacting us at legal@zenqms.com.
The California Consumer Protection Act and California Privacy Rights Act (the “California Laws”) does not apply to ZenQMS. For more information on the California Laws and the businesses to which they apply, see https://oag.ca.gov/privacy/ccpa#sectiona or visit this page for our Frequently Asked Questions document.
ZenQMS may transfer your Personal Data to countries other than the one in which you live. To safeguard transfers of Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law, ZenQMS participates in the Privacy Shield Frameworks.
ZenQMS complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. ZenQMS has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, ZenQMS is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to our EU GDPR Rep., Alina Cobarzan, at legal@zenqms.com. If requested to remove data, we will respond within a reasonable timeframe as stated in the Data Retention and Deletion section of this Policy.
We will provide an individual opt-out choice for sensitive data; this choice will also fully restrict access to the application.
In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
ZenQMS’ accountability for Personal Data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, ZenQMS remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the Principles, unless ZenQMS proves that it is not responsible for the event giving rise to the damage.
In compliance with the Privacy Shield Principles, ZenQMS commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints please should first contact ZenQMS at:
Phone: +1 267 670 8999
Email: legal@zenqms.com
Mail: 40 Coulter Ave, Suite 265, Ardmore, PA 19003, USA
ZenQMS Data Protection Officer: Panos Boudouvas
ZenQMS EU GDPR Rep.: Alina Cobarzan
ZenQMS has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
European Union and Swiss individuals also have the right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here and Switzerland are available here.
ZenQMS may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, ZenQMS will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. Contact the Member if you wish to request the removal of Personal Data under their control.
Please also feel free to contact ZenQMS if you have any questions about this Privacy Policy or ZenQMS' practices, or if you are seeking to exercise any of your statutory rights. You may contact us at help@zenqms.com, legal@zenqms.com or at our mailing address below:
ZenQMS LLC
40 Coulter Ave, Suite 265
Ardmore, PA 19003
USA