Your Privacy is Important

Privacy Policy – Version 2.1 – June 10th 2019

At Zeguro, our core mission is to help businesses protect against the digital risks of this world. As a result, our goal is to set a high standard for protecting the privacy of your information. We want to be clear about how we collect, use, protect, and share your information, including your personal information, and the rights and choices you have about the ways in which you can help us protect your privacy.

This Privacy Policy explains:

  • What information we collect and why we collect it.
  • How we use that information and when we disclose it.
  • Your rights regarding that information, including how to access and update your information.
  • The steps we take to protect your information. 

Scope: This Privacy Statement applies to the information that we obtain through your use of Zeguro products and services, including our websites (https://www.zeguro.com, https://www.zeguro.co.uk, https://www.zeguro.com.au) our CyberSafe Platform, social media, communications, web-based tools  & our mobile app (collectively, our “Services”). For a current list of the Services and vendors covered by this Privacy Policy, see our Subvendor Directory.

This Privacy Policy does not apply to personal information arising from Zeguro’s employment-related activities. Except to the extent that a third party provides services on our behalf (such as a SaaS vendor), this Privacy Policy also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, pen testing firms, audit firms, and other vendors.

You should read this Policy carefully as it contains important information about how we will use your Data (as defined below). In certain circumstances you will be required to indicate your consent to the processing of your Data as set out in this Policy when you first submit such Data to or through the Website. For further information about consent see below.

Where we provide the Services under contract with an organization (for example your employer) that organization controls the information processed by the Services. For more information, please see Notice to End Users below. 

We may update this Policy from time to time in accordance with clause 23 below. This Policy was last updated on 06/10/2019.

About us

The terms “Zeguro” or “us” or “we” refer to Zeguro Inc., the owner of the Website. We are a company registered in San Francisco whose registered office is at 101A Clay St, Suite 280, San Francisco CA 94111. The term “you” refers to the individual accessing and/or submitting Data to the Website. Zeguro, we and us refers to Zeguro Inc., Zeguro Insurance Services LLC and any of our corporate affiliates.

Zeguro is a U.S.-based company that offers our Services to domestic and international business customers. As a result, information that we collect, including personal information, may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may provide information to third-party service providers in the U.S. and in other countries to the extent necessary to support Zeguro’s business activities, and we may access personal information collected by our customers to support the Services that we provide to our customers. Thus, personal information may be transferred to and stored on servers located in the United States and in countries different from the country in which that information was initially collected. Similarly, information we collect may be accessed by Zeguro and our third-party service providers and business partners from countries other than the ones in which the information is stored. For more information about how we handle personal information from EU-based individuals, see below.

We, as the Data Controller, can be contacted via our representative and Data Protection Officer, Dan Smith via email on privacy@zeguro.com or call US: +1 (855)980-0660 or UK: +44 203 473 3800.

Information we collect about you

When you use the Website and/or when you otherwise deal with us we may collect the following information about you (“Data”):

Information you provide us:

  • Personal information including first and last name, date of birth, photograph and/or likeness;
  • Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title.
  • User IDs and passwords
  • Personal information that you choose to share within our user communities, such as our public slack groups or on our community forum (help.zeguro.com)
  • Payment Information (Securely Stored through our 3rd Party Payment Processor – Stripe)
  • Content that you create, input, submit, post, upload, transmit, or store while using our Services
  • Other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites
  • Details of any insurance made by you through the Website, together with details relating to subsequent correspondence (if applicable).

Information we collect automatically:

  • Technical information (primarily used for security monitoring of your account) including Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information, the length of your visit and your interactions with the Website. 
  • We and our analytics providers (see our Subvendor Directory), also collect and store analytics information when you use our Services to help us improve our Services.
  • Information obtained through our correspondence and monitoring in accordance with “Correspondence and monitoring” section below.

Information we collection from other sources:

  • We may obtain information, including personal information, from our business partners and service providers. This information includes, but is not limited to, information that we receive from our direct marketing providers, product referrals, and other interactions. We also may combine information we receive from third parties with other information we collect from you through our Services as described in this Privacy Policy.
  • Occasionally we may receive information about you from other sources, for example any insurance companies where you have an active policy, cyber security software providers, cloud service providers you connect with through the Website, or from any third party websites and applications that integrate or communicate with the Website in relation to you. If so, we will add this information to the Data we already hold about you in order to help us carry out the activities listed below.

If you provide information (including personal information) about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their personal information as described in this Privacy Policy. Please contact us immediately at legal@zeguro.com if you become aware of an individual providing us with personal information about another individual without being authorized to do so, and we will act consistently with this Privacy Policy.

How long we keep your Data

We retain your data only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus 1 year, and then securely disposes of that information.

In most cases we hold data for the following time periods:

  • 5 Years where the legal basis is our legitimate interest in providing services;
  • 5 Years or until consent is withdrawn (whichever is sooner), where the legal basis is express consent; or
  • 7 Years where the legal basis is a legal requirement.

Why we collection information from and about you

We will not use your personal information for anything other than the following lawful purposes:

To establish and maintain contractual relationships with our customers:

  • To provide our customers with product based alerts, recommendations, warnings, training results, training modules, vulnerability reports, and more in relation to the services we provide.
  • To establish relationships with new customers
  • To fulfill our obligations to current customers
  • To contact customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages
  • To enable individuals to access and use our Services

To provide services and information that you request and consent to receive:

  • To provide customer service and support
  • To communicate with you, including responding to your comments, questions, tickets, and requests regarding our Services
  • To process and complete transactions, and send you related information, including purchase confirmations and invoices
  • To provide direct marketing, email, and other information distribution
  • To disclose your information to selected third parties as permitted by this Policy, and you have provided express consent (See below)

To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:

  • To administer, operate, maintain, and secure our website and Services
  • To monitor and analyze trends, usage, and activities in connection with our Services
  • To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities
  • To verify compliance with our internal policies and procedures
  • For accounting, recordkeeping, backup, and administrative purposes
  • To customize and improve the content of our communications, websites, and social media accounts
  • To educate and train our workforce in data protection and customer support
  • To provide, operate, maintain, improve, personalize, and promote our Services
  • To ensure that content from the Website is presented in the most effective manner for you and for your device.
  • To develop new products, services, features, and functionality
  • To notify you of any changes to this website
  • To market our products and services (first-party marketing only; we do not provide personal information for use in marketing any non-Zeguro, third-party goods or services)

To comply with our legal obligations:

  • To comply with legal obligations, including but not limited to complying with tax and financial reporting and audit requirements
  • To demonstrate compliance with applicable privacy and data security laws and regulations, such as GDPR and SOC2
  • To comply with incident monitoring, reporting, assessment, and notification requirements
  • To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law

If we need your Consent

As noted above, you will be required to give consent to certain activities before we can process your Data as set out in this Policy. Where applicable, we will seek this consent from you when you first submit Data to or through the Website.

If you have previously given consent you may freely withdraw such consent at any time. You can do this through your account on the Website or by notifying us in writing.

Please note that if we need to process your Data in order to operate the Website and/or provide our services, and you object or do not consent to us processing your Data, the Website and/or those services may not be available to you.

Our marketing activities and your option to opt-out

Where you have previously ordered products or services, submitted a quote or obtained a trial from us, we may contact you by email, SMS and post to inform you about the services, promotions and special offers that may be of interest to you on the product or service you are ordering. We will inform you (during the sale, signup or quote process) if we intend to use your data for such purposes and give you the opportunity to opt-out of receiving such information from us. 

If you prefer not to receive any direct marketing communications from us, or you no longer wish to receive them, you can opt out at any time (see below).

You have the right at any time to ask us to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to marketingoptout@zeguro.com giving us enough information to identify you and deal with your request. Alternatively you can follow the unsubscribe instructions in emails you receive from us.

Your Data and its use

You may upload data to our Website, which may include personal information or data about your end users (all of which we call “Customer Data”).  Customer Data is owned and controlled by you, and any Customer Data that we maintain or process we consider to be strictly confidential. We collect and process Customer Data solely on behalf of you/our customers, and in accordance with our agreements with customers. We do not use or disclose Customer Data except as authorized and required by our customers and as provided for in our agreements with our customers.  

Zeguro will not be liable for any third-party costs, penalties or claims that arise from the use of Customer Data that is uploaded by you.

The Customer shall retain ownership of all Customer Data and all rights therein. The Customer grants a royalty-free, transferable, non-exclusive license for the term of this Agreement to the Supplier to use the Customer Data to the extent necessary to provide the platform and perform the Customer Support Services (as applicable).

The Customer acknowledges that the Supplier has no control over any Customer Data hosted as part of the provision of the Platform and, although it reserves the right to do so, the Supplier does not actively monitor the content of the Customer Data.

The Supplier shall notify the Customer immediately if it becomes aware of any allegation that any Customer Data may be Infringing Data and the Supplier shall have the right to remove such Customer Data from the Website without the need to consult the Customer.

Zeguro respects the rules and laws of the jurisdiction in which it operates, as well as the privacy and rights of its customers. Accordingly, Zeguro provides Customer Information in response to law enforcement requests only when we reasonably believe that we are legally required to do so. To protect our customers’ rights, we carefully review requests to ensure that they comply with the law. Zeguro reserves the right to disclose Customer Data to law enforcement officials in the investigation of fraud or other alleged unlawful activities, only after law enforcement officials provide legal process appropriate for the type of information sought, such as a subpoena, court order, or a warrant.

The Customer shall indemnify the Supplier from and against all loss caused to the Supplier as a result of the use by the Customer or a User of Infringing Data on the Platform.

When and Why We Share or Disclose Personal Information

Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Policy, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose personal information that we collect from or about you.

We may share your information in the following ways:

With your express consent: We will share your personal information with companies, organizations, or individuals outside of Zeguro when we have your consent to do so.

When you choose to directly share your information while using our Services: When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.

When your account is accessed by your organization’s designated Zeguro administrator: Your Zeguro account owners and administrators may be able to:

  • Access information in and about your Zeguro account;
  • Disclose, restrict, or access information that you have provided or that is made available to you when using your Zeguro account, including your content; and
  • Control how your Zeguro account may be configured, accessed, or deleted.

With our vendors and business partners, to accomplish our business purposes: We may share your information with our service providers and other third parties who perform services on our behalf, listed in our Subvendor Directory. We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online service when you use our Services. We also work with third-party service providers to add critical capability to the modules of the CyberSafe Platform, E.g: Threat intelligence, Training videos, Pen-Test and Vun Scanning services etc.

When necessary to comply with laws and law enforcement requests, or otherwise to protect our rights or those of individuals: We may disclose your information (including your personal information) to a third party if:

  • We believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;
  • To enforce our agreements, policies and terms of service;
  • To protect the security or integrity of Zeguro’s products and services;
  • To respond to an incident involving personal data for which Zeguro has direct or indirect responsibility
  • To protect the property, rights, and safety of Zeguro, our customers or the public from harm or illegal activities;
  • To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
  • To investigate and defend ourselves against any third-party claims or allegations. 

As the result of a business transition: We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Policy. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.

Sharing aggregate, anonymized, deidentified, or otherwise non-personal data: We may share aggregate, anonymized, deidentified, or otherwise non-personal information that does not directly or indirectly identify you and that cannot, with reasonable effort, be used to identify you in order to improve the overall experience of our Services. Such aggregated, anonymized, deidentified, or otherwise not re-identifiable information is not personal information within the scope of this Privacy Policy.

With our other companies within our group of companies (which means our subsidiaries, our ultimate holding company and its subsidiaries): Zeguro may share data with our regulated insurance entities for the purpose of providing you an insurance quote or policy.


When we monitor or record sensitive information

We may monitor and record communications with you (such as telephone conversations, screen recordings and emails) for the purposes of provision of services, support, quality assurance, training, fraud prevention and compliance purposes. We are also required by law to record any customer communication for the purposes of obtaining insurance. We will always verbally advise that recording is happening for this purpose. Any information that we receive through such monitoring and communication will be added to the information we already hold about you.

Overseas transfers (EEA Users only)

From time to time we may need to transfer your Data to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein (“EEA”). Non-EEA countries that we may need to transfer your Data to include the United States of America, because we are primarily based there.

Such countries may not have similar protections in place regarding protection and use of your data as those set out in this Policy. Therefore, if we do transfer your Data to countries outside the EEA we will take reasonable steps in accordance with applicable Privacy and Data Protection Requirements to ensure adequate protections are in place to ensure the security of your Data, including:

  • Use of approved contractual clauses; and
  • Ensuring that we only transfer your Data to persons or entities that are appropriately authorized and/or accredited to process Personal Data in compliance with applicable Privacy and Data Protection Requirements. 

By submitting your Data to us in accordance with this Policy you consent to these transfers for the purposes specified in this Policy.

Keeping your Data Secure

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, we certainly try very hard, employing a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the personal information you trust us with. More information on what security measures Zeguro uses to protect your data can be found at https://www.zeguro.com/security 

While we will use all reasonable efforts to safeguard your Data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any Data that is transferred from you or to you via the internet.

Zeguro protects personal information under its control, and requires its service providers to also protect against, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.

If you have concerns about the security of your information with Zeguro, please contact us immediately at security@zeguro.com to report an issue.


Your rights to your data

  1. You have the right to request access to information about Personal Data that we may hold and/or process about you, including: whether or not we are holding and/or processing your Personal Data; the extent of the Personal Data we are holding; and the purposes and extent of the processing.
  2. You have the right to have any inaccurate information we hold about you be rectified and/or updated. If any of the Data that you have provided changes, or if you become aware of any inaccuracies in such Data, please let us know in writing giving us enough information to deal with the change or correction.
  3. You have the right in certain circumstances to request that we delete all Personal Data we hold about you (the ‘right of erasure’). Please note that this right of erasure is not available in all circumstances, for example where we need to retain the Personal Data for legal compliance purposes. If this is the case, we will let you know.
  4. You have the right in certain circumstances to request that we restrict the processing of your Personal Data, for example where the Personal Data is inaccurate or where you have objected to the processing 
  5. You have the right to request a copy of the Personal Data we hold about you and to have it provided in a structured format suitable for you to be able to transfer it to a different data controller (the ‘right to data portability’). Please note that the right to data portability is only available in some circumstances, for example where the processing is carried out by automated means. If you request the right to data portability and it is not available to you we will let you know.
  6. You have the right in certain circumstances to object to the processing of your Personal Data. If so, we shall stop processing your Personal Data unless we can demonstrate sufficient and compelling legitimate grounds for continuing the processing which override your own interests. If, as a result of your circumstances, you do not have the right to object to such processing then we will let you know.
  7. You have the right to object to direct marketing, for which see “Our marketing activities and your option to opt-out” above.

Complaints, Questions and Arbitration

Under this Privacy Policy, any unresolved privacy complaints can be referred to an independent dispute resolution mechanism. We use the International Centre for Dispute Resolution®/American Arbitration Association®. If you feel that we have not satisfactorily addressed your complaint, you can visit the ICRD/AAA website at https://apps.adr.org/webfile/ for more information on how to file a complaint. In some cases, you may be able to invoke binding arbitration.

California Privacy Rights

California Civil Code Section 1798.83 permits Zeguro customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at legal@zeguro.com.

Our use of Cookies

Our software may issue ‘cookies’ (small text files) to your device when you access and use the Website and you will be asked to consent to this at the time (e.g. when you first visit our website). Cookies do not affect your privacy and security since a cookie cannot read data off your Website or read cookie files created by other sites.

Our Website uses cookies and other tracking and monitoring software to: distinguish our users from one another; collect standard Internet log information; and to collect visitor behavior information. The information is used to track user interactions with the Website and allows us to provide you with a good experience when you access the Website, helps us to improve our Website, and allows us to compile statistical reports on Website visitors and Website activity.

You can set your Website not to accept cookies if you wish (for example by changing your browser settings so cookies are not accepted), however please note that some of our Website features may not function if you remove cookies from your Website. For further general information about cookies please visit www.aboutcookies.org or www.allaboutcookies.org.


Changes to this Policy

We keep this Policy under regular review and may change it from time to time. If we change this Policy we will post the changes on this page, and place notices on other pages of the Website as applicable, so that you may be aware of the Data we collect and how we use it at all times. You are responsible for ensuring that you are aware of the most recent version this Policy as it will apply each time you access the Website.

Your continued use of our Services after the revised Statement has become effective indicates that you have read, understood, and agreed to the current version of this Statement.

This Policy was last updated on 06/10/2019

Links to other websites

Our Website may contain links to other websites. This Policy only applies to our Website. If you access links to other websites any Data you provide to them will be subject to the privacy policies of those other websites.

We have no control over third party websites or systems and accept no legal responsibility for any content, material or information contained in them. Your use of third party sites or systems will be governed by the terms and conditions of that third party. It is your responsibility to ensure you are happy with such third party terms and conditions.

The display of any hyperlink and/or reference to any third party website, system, product or service does not mean that we endorse that third party's website, products or services and any reliance you place on such hyperlink, reference or advert is done at your own risk.

Accessibility

This Policy aims to provide you with all relevant details about how we process your Data in a concise, transparent, intelligible and easily accessible form, using clear and plain language. If you have any difficulty in reading or understanding this Policy, or if you would like this Policy in another format (for example audio, large print or braille), please get in touch with us.

Notice to End Users

Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different than this policy. 

Administrators are able to:

  • Require you to reset your account password;
  • Restrict, suspend or terminate your access to the Services;
  • Access information in and about your account;
  • Access or retain information stored as part of your account;
  • Install or uninstall third-party apps or other integrations 

In some cases, administrators can also:

  • Restrict, suspend or terminate your account access;
  • Change the email address associated with your account;
  • Change your information, including profile information;
  • Restrict your ability to edit, restrict, modify or delete information

Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date.  You will be notified if this happens. 

If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services.  If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile.  Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.

Please contact your organization or refer to your administrator’s organizational policies for more information.

Contact us

We welcome your feedback and questions on this Policy. If you wish to contact us, please email us at privacy@zeguro.com or call US: +1 (855)980-0660 or UK: +44 203 473 3800.