Last Updated : July 2024
Zift Solutions provides this Data Privacy Framework Notice (“Notice”) to describe Zift Solutions’ participation in the Data Privacy Framework (“DPF”) program, to explain the measures that Zift Solutions takes to protect the privacy of data subjects in the European Economic Area, the United Kingdom, and Switzerland, and to comply with applicable law and our obligations under the DPF.
Capitalized terms used but not otherwise defined in the text of this Notice are defined in Section 11 of this Notice.
1. Zift Solutions DPF Participation
Zift Solutions complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Zift Solutions has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Zift Solutions has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of Personal Data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Zift Solutions commits to subject to the EU-U.S. DPF Principles all Personal Data received from the EEA and the United Kingdom (and Gibraltar), and to the Swiss-U.S. DPF Principles all Personal Data received from Switzerland in reliance on the relevant parts of the DPF program.
2. Types of Personal Data Processed
Zift Solutions sells Channel as a Service (CHaaS) solutions that our Customers and their Authorized Partners use to manage their partner relationships. In providing these tools, Zift Solutions processes Customer Data and Partner Data that our Customers and their Authorized Partners provide to us, enter into our products or instruct us to process on their behalf. Zift Solutions Customers and/or their Authorized Partners determine the information we receive and how we can use it. The Personal Data received by Zift in reliance on the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF typically includes business-related information about representatives of our Customers and/or their Authorized Partners and their customers, prospects, and/or sales leads, including names, business addresses, business telephone numbers, business e-mail addresses, and social media identifiers.
3. Purposes for Collection and Use of Personal Data
Zift Solutions collects and uses Customer Data and Partner Data pursuant to our agreements with Customers and their Authorized Partners. Our products are deployed on Software-as-a-Service (SaaS) platform and Customers will also engage us for professional services and customer support. To fulfil our contractual obligations, Zift Solutions may access and use Customer Data and Partner Data to provide services, to correct and address technical or service problems, to follow instructions of the Customer or Authorized Partner who submitted the data, and otherwise to fulfill our obligations under our agreements with Customers and Authorized Partners. In this respect, Zift Solutions is generally a processor of Personal Data, not a controller.
4. Third Parties Who May Receive Personal Data (Onward Transfer)
Zift Solutions may employ and contract with third-party service providers and other entities to assist in providing our services to customers by performing certain tasks on our behalf. These third-party providers may offer customer support, data storage services (data centers), or technical operations. Zift Solutions maintains contracts with these third parties restricting their access, use and disclosure of Personal Data in compliance with our DPF obligations. These third parties may access, process, or store Personal Data in the course of providing their services. Zift Solutions shall remain liable under the DPF Principles if its agent processes such Personal Data in a manner inconsistent with the DPF Principles, unless Zift Solutions proves that it is not responsible for the event giving rise to the damage.
5. Compelled Disclosures of Personal Data
Zift Solutions may be required to disclose Personal (i) to respond to investigations, court orders or legal process, (ii) to investigate, prevent or take action regarding illegal activities, suspected fraud, potential threats to the physical safety of any person, or violations of Zift Solutions’ terms of service, or (iii) as otherwise required by law.
Zift Solutions may also be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security and law enforcement requirements.
6. Access and Choice
in the EEA, the United Kingdom, and Switzerland have a right to access personal data about them, and to limit the use and disclosure of their personal data. As part of its certification to the EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, Zift Solutions is committed to respecting those rights.
Solutions acts as service provider to customers in the EEA, the United Kingdom, and Switzerland with respect to Customer Data and Partner Data and is subject to strict contractual limitations on its ability to disclose that Personal Data to third parties or to use that personal data for purposes other its performance of services on Customers’ and Authorized Partners’ behalf. For these reasons, Zift Solutions assumes that the Customers and Authorized Partners from whom it receives Customer Data and Partner Data will provide these individuals a means to access any Personal Data about them, and to request that their Personal Data be corrected, amended, or deleted. Zift Solutions further assumes that customers obtain from these individuals appropriate consent to transfer their Personal Data to us and for us to process their Personal Data consistent with this Notice and our agreements with those Customers and Authorized Partners.
you are an individual who believes your personal data is included in Customer Data or Partner Data that we process on behalf of a Customer or Authorized Partner in the EEA, United Kingdom, or Switzerland and would like to exercise your rights of access or choice, please contact that customer directly. Alternatively, you may contact Zift Solutions in accordance with the “Inquiries and Complaints” section of this Notice, in which case you should provide the name of the Customer or Authorized Partner who acts as the controller for your personal data. We will refer your request to that Customer or Authorized Partner and will support them as needed in responding to your request.
7. Inquiries and complaints
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Zift Solutions commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. Individuals in the EEA, United Kingdom, and Switzerland with inquiries or complaints regarding our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Zift Solutions at:
Zift Channel Solutions, Inc. 6501 Weston Parkway, Suite 200, Cary, NC 27513, USA, or call us at +1 (919) 794-8385, or contact us.
Zift Solutions has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by us, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
8. US Federal Trade Commission enforcement
The Federal Trade Commission has jurisdiction over Zift Solutions’ compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
9. Binding Arbitration
Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance that are not resolved by any of the other DPF mechanisms. For additional information about the arbitration process please see Annex I of the Data Privacy Framework Principles: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.
10. Changes to this Notice
This Notice may be amended from time to time, consistent with the DPF Principles and applicable data protection and privacy laws and principles.
11. Definitions
The following capitalized terms used in this Notice have the following meanings:
“Authorized Partner” means any third-party sales channel partners of a Customer for which the Customer has purchased and approved issuance of an Authorized Partner license to enable their access and use of the Zift Solutions Channel as a Service offering(s).
“Customer” means a customer with whom Zift Solutions has entered into an agreement to provide Zift Solutions’ Channel as a Service (CHaaS) offering(s).
“Customer Data” means information, data, text, content, videos, images, audio clips, photos, graphics, and / or other types of content, information and/or data provided or made available by a Customer to Zift Solutions, including any Personal Data contained therein.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, by reference to a name, or to one or more factors unique to his or her personal physical, psychological, mental, economic, cultural or social characteristics.
“EEA” means the European Economic Area, which comprises the member states of the European Union, as well as Norway, Liechtenstein, and Iceland.
“Partner Data” means information, data, text, content, videos, images, audio clips, photos, graphics, and / or other types of content, information and/or data provided or made available by an Authorized Partner to Zift Solutions, including any Personal Data contained therein.
“Personal Data” means data about an identified or identifiable individual received by Zift Solutions in the United States from the EEA, United Kingdom, or Switzerland and recorded in any form.
“Zift Solutions” means, collectively, Zift Solutions, Inc. and its U.S. affiliate adhering to the DPF Principles, Relayware, Inc.