CirrusDCS Privacy Policy
Last Modified: February 21, 2021
This Privacy Policy (the Policy) covers the privacy practices ZKTeco employs when ZKTeco
customers (Customers)use our cloud-based enterprise applications (the Services).
This Privacy Policy does not cover any information or data collected by ZKTeco for other
purposes, such as information collected on the ZKTeco website or for marketing purposes.
Capitalized terms used but not defined in this Policy shall have the meaning given to
them in the Master Services Agreement(the Agreement).
1. Collection and Use of Personal Data
1.1. Personal Data ZKTeco Processes. In the normal course of using the Services,
Customer employees will input electronic data (e.g., punch data)
into the ZKTeco systems (Customer Personal Data).
The use of information collected through the Services shall be
limited to the data necessary to provide Services for which the
Customer has engaged ZKTeco, as described in the Agreement.
ZKTeco may access Customer Data for the purposes of providing the
Services, preventing or addressing service or technical problems,
responding to support issues, and responding to Customer s instructions,
or as may be required by law, in accordance with the relevant Agreement
between Customer and ZKTeco.
1.2. Data Processing. ZKTeco
processes Customer Personal Data under the direction of Customer, and has
no direct control or ownership of the Customer Personal Data it processes.
Customers are responsible for complying with any regulations or laws that
require providing notice, disclosure, and/or obtaining consent prior to
transferring the data to ZKTeco for processing purposes.
Customer Personal Data processed from outside the United States (US)is
handled as described in section 2 of this
Policy and the ZKTeco Data Processing Agreement.
1.3. Editing or Deleting Personal Data. Any person who seeks access, or who
seeks to correct, amend, or delete inaccurate data, should direct
their query to the ZKTeco Customer (the data controller). If the Customer
instructs ZKTeco to remove the personal data to comply with data protection
regulations, ZKTeco will respond to their request within 30 days.
1.4. Disclosure to Law Enforcement. ZKTeco will refer any request for disclosure
of personal data by a law enforcement authority to the Customer.
ZKTeco may, where it concludes that it is legally obligated to do so,
disclose personal data to law enforcement or other government authorities.
ZKTeco will notify Customer of such request unless prohibited by law.
1.5. Accessing the Services. Customers
and their authorized users may access the Services directly through a URL
unique to their individual tenant, or may elect to use internal launch pages
for single sign-on or other purposes. Customers input information for
processing and storage as they use the Services. Customers may also configure
the Services to allow end users to input information directly into the Services.
2.
Global Data Privacy. Providing
Services Customers with employees outside of the US may require the transfer of
Customer Personal Data to the US (e.g., when Customer hosts its Workday tenant
in the United States).
2.1. International Personal Data Transfers. This Policy shall apply even if
ZKTeco transfers Customer Personal Data internationally, at the
direction of Customer, to provide Services as established in the Agreement.
ZKTeco has taken appropriate safeguards to require that Customer Personal
Data will remain protected.
When we transfer information from a European Union to the United States
we make use of standard contractual data protection clauses, which have
been approved by the European Commission, and we rely on the EU-U.S.
and Swiss-U.S. Privacy Shield Framework to safeguard the transfer of
information we collect from the European Economic Area (EEA), the
United Kingdom, and Switzerland, as established in sections 2.2 and 2.3
of this Policy. Data transferred from the EU to the US may also be subject
to the policies set forth in the ZKTeco Data Processing Agreement.
2.2. EU-U.S.Privacy Shield Statement. ZKTeco complies with the EU-U.S. Privacy
Shield Framework as set forth by the U.S. Department of Commerce regarding
the collection, use, and retention of personal information transferred from
the European Union to the United States. ZKTeco has certified to the Department
of Commerce that it adheres to the Privacy Shield Principles. If there is any
conflict between the terms in this Privacy Statement and the Privacy Shield
Principles, the Privacy Shield Principles shall govern. To learn more about
the Privacy Shield program, and to view our certification, please visit privacyshield.gov.
2.2.1. E.U.-U.S. Privacy Shield Statement Update.
Following the invalidation
of the EU-U.S. Privacy Shield, and while a replacement framework is
developed, ZKTeco shall continue to comply with the Privacy Shield
framework requirements and with any additional data security Laws
including, but not limited to, the GDPR and CCPA. Should a replacement
framework be agreed to by the U.S. Department of Commerce or other
appropriate body, ZKTeco shall adopt and comply with the replacement
framework as soon as it is in effect and take any action
required to comply with the replacement framework.
2.3. EU-U.S. Privacy Shield Policy. ZKTeco maintains an EU-U.S.
Privacy Shield Policy. This policy can be accessed at this URL:
https://www.zktechnology.com/zkteco-privacy-shield-policy/
2.4. Concerns. If you have an unresolved concern regarding
EEA or Swiss privacy or data use that we have not addressed satisfactorily,
please contact the relevant EU data protection authority or the Swiss Federal
Data Protection and Information Commissioner, as applicable.
If you have a non-EEA or non-Swiss privacy or data use concern that
we have not addressed satisfactorily, please contact our U.S.-based
third-party dispute resolution provider (free of charge)
: https://www.bbb.org/EU-privacy-shield/file-a-complaint/
3. Additional ZKTeco Privacy Information
3.1. Data Retention. ZKTeco
retains Customer Personal Data for sixty (60) days, unless otherwise set forth
in the relevant sections of the Agreement.
3.2. Security. The security of Customer Personal Data, including personal data,
is very important to ZKTeco. ZKTeco maintains a comprehensive, written
information security program that contains industry-standard,
administrative, technical, and physical safeguards designed to
prevent unauthorized access to Customer Personal Data.
ZKTeco designs its applications to allow Customers to achieve
differentiated configurations, enforce user access controls, and manage
data categories that may be populated and/or made accessible on a
geographical basis. Configuring these settings appropriately is the
Customers responsibility. Customer may hire ZKTeco to implement the
application and/or to make adjustments through ongoing support, but
Customer is responsible for establishing user access controls and policies.
Additional information about the security settings and configurations can be
found in the ZKTeco Documentation made available to Customers.
3.3. Changes to This Privacy Policy. We reserve the right to change or update this
Privacy Policy at any time. Changes to the Privacy Policy will
be posted on this website and links to the Privacy Policy will
indicate that the policy has been changed or updated. We encourage
you to periodically review this Privacy Policy for any changes.
For new Customers, changes or updates are effective upon posting.
For existing Customers, changes or updates are effective 30 days
after posting.
3.4. Compliance. ZKTeco has appointed a chief security
officer responsible for overseeing the implementation of the privacy
program within the organization. If you have further questions related
to this policy, please ask your Customer Support contact to log a customer
care case with the privacy question.
4. Contact Information
4.1. If you have any questions regarding our Privacy Statement, or if at any time after
providing your personal information to ZKTeco you want to update, change, unsubscribe,
or request removal or deletion of your information, or if you would like to assert any
of the rights listed above, please direct your request via the postal mail address listed below.
ZKTeco will respond to your request within a reasonable timeframe.
4.2. ZKTeco Contact Address:
ZKTeco
Attn: Chief Security Officer
200 Centennial Avenue, Suite 211
Piscataway, NJ 08854