At Zeguro, our mission is to help businesses protect against the digital risks of this world. As a result, our goal is to set a high standard for protecting the privacy of your information. We want to be clear about how we collect, use, protect, and share your information, including your personal information, and the rights and choices you have about the ways in which you can help us protect your privacy.
This Privacy Policy explains:
Scope
This Privacy Statement applies to the information that we obtain through your use of Zeguro products and services, including Cyber Safety, our websites (https://www.zeguro.com, https://www.zeguro.co.uk, https://www.zeguro.com.au, https://portal.zeguro.com), social media, communications, and web-based tools (collectively, our “Services”). For a current list of the third party vendors referred to in this Privacy Policy, see our Subvendor Directory.
This Privacy Policy does not apply to personal information arising from Zeguro’s employment-related activities. Except to the extent that a third party provides services on our behalf (such as a SaaS vendor), this Privacy Policy also does not apply to the practices of third parties to which we may link or otherwise refer you, such as consultants, pentesting firms, audit firms, and other vendors.
You should read this Policy carefully as it contains important information about how we will use your Data (as defined below). In certain circumstances, you will be required to indicate your consent to the processing of your Data as set out in this Policy when you first submit such Data to or through our Services (as defined above). For further information about consent, see below.
Where we provide the Services under contract with an organization (for example your employer), that organization controls the information processed by the Services. For more information, please see Notice to End Users below.
If you have any feedback or questions about this Privacy Policy, you can contact us.
The terms “Zeguro” or “us” or “we” refer to Zeguro Inc., the owner of the Services. We are a company registered in San Francisco whose registered office is at 101A Clay St, Suite 280, San Francisco, CA, 94111. The term “you” refers to the individual accessing and/or submitting Data to the Services. Zeguro, we, and us refer to Zeguro Inc., Zeguro Insurance Services LLC., and any of our corporate affiliates.
Zeguro is a U.S.-based company that offers our Services to domestic and international business customers. Information that we collect, including personal information, may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may provide information to third-party service providers in the U.S. and in other countries to the extent necessary to support Zeguro’s business activities, and we may access personal information collected from our customers to support the Services that we provide to our customers. Thus, personal information may be transferred to and stored on servers located in the United States and in countries different from the country in which that information was initially collected. Similarly, information we collect may be accessed by Zeguro and our third-party service providers and business partners from countries other than the ones in which the information is stored.
For more information about how we handle personal information from EU-based individuals, Overseas transfers section below.
When you use the Services and/or when you otherwise deal with us, we may collect the following information about you (“Data”):
If you provide information (including personal information) about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their personal information as described in this Privacy Policy. Please contact us immediately at legal@zeguro.com if you become aware of an individual providing us with personal information about another individual without being authorized to do so, and we will act consistently with this Privacy Policy.
We retain your data only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus 1 year, and then securely dispose of that information. In most cases we hold data for the following time periods:
We will not use your personal information for anything other than the following lawful purposes. We collect information from and about you in order to:
You may upload data to our Services, which may include personal information or data about your end users (all of which we call “Customer Data”). Customer Data is owned and controlled by you, and any Customer Data that we maintain or process we consider to be strictly confidential. We collect and process Customer Data solely on behalf of you/our customers, and in accordance with our agreements with customers. We do not use or disclose Customer Data except as authorized and required by our customers and as provided for in our agreements with our customers.
Zeguro will not be liable for any third-party costs, penalties, or claims that arise from the use of Customer Data that is uploaded by you.
The Customer shall retain ownership of all Customer Data and all rights therein. The Customer grants a royalty-free, transferable, non-exclusive license for the term of this Agreement to Zeguro to use the Customer Data to the extent necessary to provide the Services and perform the Customer Support Services (as applicable).
The Customer acknowledges that Zeguro has no control over any Customer Data hosted as part of the provision of the Platform and, although it reserves the right to do so, Zeguro does not actively monitor the content of the Customer Data.
Zeguro shall notify the Customer immediately if it becomes aware of any allegation that any Customer Data may be Infringing Data and Zeguro shall have the right to remove such Customer Data from the Services without the need to consult the Customer.
Zeguro respects the rules and laws of the jurisdiction in which it operates, as well as the privacy and rights of its customers. Accordingly, Zeguro provides Customer Information in response to law enforcement requests only when we reasonably believe that we are legally required to do so. To protect our customers’ rights, we carefully review requests to ensure that they comply with the law. Zeguro reserves the right to disclose Customer Data to law enforcement officials in the investigation of fraud or other alleged unlawful activities, only after law enforcement officials provide legal process appropriate for the type of information sought, such as a subpoena, court order, or a warrant.
The Customer shall indemnify Zeguro against all loss caused to Zeguro as a result of the use by the Customer or a User of Infringing Data on the Platform.
Where you have previously ordered products or services, submitted a quote, or obtained a trial from us, we may contact you by email, phone, SMS, and post to inform you about the services, promotions, and special offers that may be of interest to you on the product or service you are ordering. We will inform you (during the sale, signup, or quote process) if we intend to use your data for such purposes and give you the opportunity to opt out of receiving such information from us.
If you prefer not to receive any direct marketing communications from us, or you no longer wish to receive them, you can opt out at any time (see below).
You have the right at any time to ask us to stop processing your information for direct marketing purposes. If you wish to exercise this right, you should contact us by sending an email to support@zeguro.com. Be sure to give us enough information to identify you and deal with your request. Alternatively you can follow the unsubscribe instructions in emails you receive from us.
We may monitor and record communications with you (such as telephone conversations, screen recordings, and emails) for the purposes of provision of services, support, quality assurance, training, fraud prevention, and compliance. We are also required by law to record any customer communication for the purposes of obtaining insurance.
We will always verbally advise that recording is happening for this purpose. Any information that we receive through such monitoring and communication will be added to the information we already hold about you.
Our software may issue ‘cookies’ (small text files) to your device when you access and use the Services and you will be asked to consent to this at the time (e.g. when you first visit our website).
Our Services use cookies and other tracking and monitoring software to: distinguish our users from one another; collect standard Internet log information; and to collect visitor behavior information. The information is used to track user interactions with the Services and allows us to provide you with a good experience when you access the Services, helps us to improve our Services, and allows us to compile statistical reports on Services visitors and activity.
You can set your browser not to accept cookies if you wish. However, some of our Services features may not function properly. For further general information about cookies, please visit www.aboutcookies.org or www.allaboutcookies.org.
By submitting Data to or through the Services, you give consent to the use of your Data as outlined in this Privacy Policy.
If you have previously given consent you may freely withdraw such consent at any time. You can do this by notifying us in writing (either via mail or email).
If we need to process your Data in order to provide the Services, and you object or do not consent to us processing your Data, the Services may not be available to you.
Except to the extent necessary to fulfill our business obligations, to accomplish one of the lawful purposes described in this Privacy Policy, or pursuant to your express instructions, we do not sell, transfer, or otherwise disclose personal information that we collect from or about you.
We may share your information in the following ways:
We will share your personal information with companies, organizations, or individuals outside of Zeguro when we have your consent to do so.
When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
Your Zeguro account owners and admin users may be able to:
We may share your information with our service providers and other third parties who perform services on our behalf, listed in our Subvendor Directory.
We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Services. We also work with third-party service providers to add critical capability to the modules of Cyber Safety, e.g: threat intelligence, training videos, pentesting, and vulnerability scanning services, etc.
We may share Data with our regulated insurance entities for the purpose of providing you an insurance quote or policy.
We may disclose your information (including your personal information) outside of Zeguro if we have a good-faith belief that it is necessary to:
We may share or transfer your information (including your personal information) in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. We will take reasonable steps to assure that any other entity involved continues to comply with the terms of this Privacy Policy. We will notify you of such a change in ownership or transfer of assets by posting a notice on our website.
We may share aggregated, anonymized, de-identified, or otherwise non-personal information in order to improve the overall experience of our Services.
Such aggregated, anonymized, de-identified, or otherwise not re-identifiable information is not personal information within the scope of this Privacy Policy because they do not directly or indirectly identify you and cannot, with reasonable effort, be used to identify you.
Unfortunately, no data transmission over the Internet or a data storage system can be guaranteed to be 100% secure. That said, we certainly try very hard, employing a variety of organizational, technical, and administrative measures to provide a level of security appropriate to the risk associated with the personal information you trust us with. More information on what security measures Zeguro uses to protect your Data can be found at https://www.zeguro.com/security-first.
While we will use all reasonable efforts to safeguard your Data, you acknowledge that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any Data that is transferred from you or to you via the Internet.
Zeguro protects personal information under its control and requires its service providers to also protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal Data transmitted, stored, or otherwise processed.
From time to time we may need to transfer your Data to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland, and Liechtenstein (“EEA”). Non-EEA countries that we may need to transfer your Data to include the United States of America, because we are primarily based there.
Such countries may not have similar protections in place regarding protection and use of your Data as those set out in this Policy. Therefore, if we do transfer your Data to countries outside the EEA, we will take reasonable steps in accordance with applicable Privacy and Data Protection Requirements to ensure adequate protections are in place to ensure the security of your Data, including:
By submitting your Data to us, in accordance with this Policy, you consent to these transfers for the purposes specified in this Policy.
You have the right to:
California Civil Code Section 1798.83 permits Zeguro customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us.
Under this Privacy Policy, any unresolved privacy complaints can be referred to an independent dispute resolution mechanism. We use the International Centre for Dispute Resolution®/American Arbitration Association® (ICRD/AAA). If you feel that we have not satisfactorily addressed your complaint, you can visit the ICRD/AAA website at https://apps.adr.org/webfile/ for more information on how to file a complaint. In some cases, you may be able to invoke binding arbitration.
We keep this Policy under regular review and may change it from time to time. If we change this Policy, we will post the changes on this page, and place notices on other pages of the Services as applicable, so that you may be aware of the Data we collect and how we use it at all times. You are responsible for ensuring that you are aware of the most recent version of this Policy as it will apply each time you access the Services.
Your continued use of our Services after the revised Statement has become effective indicates that you have read, understood, and agreed to the current version of this Statement.
Our Services may contain links to other companies or individuals’ websites or services. This Policy only applies to our Services. If you access links to other websites, any Data you provide to them will be subject to the privacy policies of those other websites.
We have no control over third party websites or systems and accept no legal responsibility for any content, material, or information contained in them. Your use of third party sites or services will be governed by the terms and conditions of that third party.
The display of any hyperlink and/or reference to any third party website, system, product, or service does not mean that we endorse that third party's website, products, or services, and any reliance you place on such hyperlink, reference, or advert is done at your own risk.
This Policy aims to provide you with all relevant details about how we process your Data in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. If you have any difficulty in reading or understanding this Policy, or if you would like this Policy in another format (for example audio, large print, or braille), please get in touch with us.
Our Services are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization's policies. We are not responsible for the privacy or security practices of an administrator's organization, which may be different from this policy.
Administrators are able to:
In some cases, administrators can also:
Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.
If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services. If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.
Please contact your organization or refer to your administrator’s organizational policies for more information.
