Zift Solutions Privacy Shield EU-US and Swiss-US

The EU-US and Swiss-US Privacy Shield are frameworks for the transatlantic exchange of Personal Data for commercial purposes between the European Union (as defined below), United Kingdom and Switzerland in to the United States. One of its purposes is to enable US companies to more easily receive Personal Data from EU entities under EU privacy laws meant to protect European citizens. The EU-US and Swiss-US Privacy Shield frameworks replace the US-EU and US-Swiss Safe Harbor Privacy Frameworks which were declared invalid by the European Court of Justice in October 2015.

All Zift Solutions employees who handle Personal Data from European Union, the United Kingdom, and Switzerland are required to comply with the Principles.

Capitalized terms are defined in Section 12 of this Policy.

1. Scope

Important Notice to Residents of the European Union, United Kingdom, and Switzerland.

In order to satisfy the requirement under European laws that adequate protection be given to Personal Data transferred from EU member countries, United Kingdom and Switzerland to the United States, Zift Solutions complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from European Union, United Kingdom and Switzerland to the United States. Zift Solutions has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and is committed to subjecting all European Personal Data received in reliance on each respective Privacy Shield Framework to that Framework’s applicable Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

Zift processes Personal Data in the United States and operates its websites in the United States. If you are located in the European Union, the United Kingdom, or Switzerland, please be aware that any Personal Data you provide to us will be transferred to the United States. By using our websites, participating in any of our services, and/or providing us with Personal Data, you agree to this practice.

Learn more about the Privacy Shield program, and to view our certification.

2. Type of data processed

Zift Solutions deliver an Enterprise Channel Management platform on which our Customers support and manage their indirect channels of distribution. In providing these tools, Zift Solutions processes data our Customers provide to us, enter into our products, or instruct us to process on their behalf. Zift Solutions Customers and/or their authorized partners determine the information we receive and how we can use it. Zift Solutions is generally a processor of Personal Data, not a controller. The information includes business-related information about our Customers’ customers (e.g. names, business addresses, work phone numbers, work e-mail addresses, social media identifiers, etc.), prospects, and/or sales leads.

3. Purposes

Zift Solutions processes Personal Data pursuant to our subscription agreement. Our products are deployed on Software As a Service (SaaS) platform and Customers will also engage us for professional services and customer support. To fulfil our contractual obligations, Zift Solutions may use Personal Data to provide services, to correct and address technical or service problems, or to follow instructions of the Customer or authorized partners who submitted the data. Zift Solutions will not sell, rent, exchange or share Personal Data to third parties other than agents or contracted service providers for purposes materially different from those for which the Personal Data was provided. If this practice should change in the future, we will update this policy accordingly and we or our Customers, as appropriate, will provide individuals with opt-out or opt-in (if applicable) choice.

4. Third Parties who may receive Personal Data (Onward Transfer)

Zift Solutions may employ and contract with third-party service providers and other entities to assist in providing our services to Customers by performing certain tasks on our behalf. These third-party providers may offer customer support, data storage services (data centers), or technical operations. Zift Solutions maintains contracts with these third parties restricting their access, use and disclosure of Personal Data in compliance with our Privacy Shield obligations. These contracted third parties may access, process, or store Personal Data in the course of providing their services.

Unless we tell you differently, our agents or contracted third parties do not have any right to use Personal Data or other information we share with them beyond what is necessary to assist us. You hereby consent to our sharing of Personal Data with our agents or contracted third parties. We may be liable under certain circumstances if one of our agents or contracted third parties processes Personal Data in a manner inconsistent with the Privacy Shield.

5. Education

Zift Solutions commits to educating its employees about the issues, guidelines and laws related to compliance with Privacy Shield.

6. Compelled disclosure

Zift Solutions may be required to disclose collected information in order to (i) respond to investigations, court orders or legal process, (ii) to investigate, prevent or take action regarding illegal activities, suspected fraud, potential threats to the physical safety of any person, (iii) violations of Zift Solutions’ terms of service, or (iv) as otherwise required by law. Note that we may be required to share Personal Data in response to lawful requests by public authorities including to meet national security and law enforcement requirements.

7. Data Integrity & Security

Zift Solutions maintains commercially reasonable safeguards to maintain the accuracy, integrity and security of Personal Data.

Security: Zift Solutions takes reasonable and appropriate precautions, including administrative, technical, personnel, and physical measures, to safeguard Personal Data against loss, misuse, theft, and unauthorized access, disclosure, alteration, and destruction. Zift Solutions security policies, operating procedures, and technical controls, where applicable, generally adhere to commonly accepted standards for security of networks, infrastructure, applications, and data.

Data Integrity: Zift Solutions limits its collection of Personal Data to that which is relevant for the intended business and legal purposes. We also encourage our Customers to limit their submission of Personal Data to only that necessary to use our services. Zift Solutions does not use the data in a way that is incompatible with the purposes for which it was collected or subsequently authorized by the individual. In cases where our Customers collected data, we limit our use to those authorized by the terms of our agreements with them. Zift Solutions takes reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current, primarily by permitting Customers to effectuate updates to Personal Data and facilitating individuals’ requests as described below.

8. Your rights to access, and choices

If you are an individual based in Europe and our product holds your Personal Data, you may request access, or request to correct, amend, or delete your Personal Data. If you would like to request access to, or correction, amendment, or deletion of your Personal Data, you may do so by contacting the business that provided Zift Solutions your Personal Data directly to make your requests, or alternatively you can contact us directly at privacy@ziftsolutions.com. If you contact us directly, you will need to provide the name of the Zift Solutions Customer who submitted your Personal Data to our product. If Zift Solutions is not the data controller with respect to the Personal Data, we will refer your request to that Customer and will take reasonable steps to support them in responding to your request.

Individuals who reside in Europe are entitled to choose (opt-out) whether their Personal Data is (a) to be disclosed to a non-agent third party or contracted service provider, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individuals. If Zift Solutions is not the data controller with respect to the Personal Data, we will take reasonable steps to help ensure we enable choices communicated to us by our Customer, the data controller. In the event Zift Solutions collects Personal Data directly from individuals residing in Europe and Zift Solutions is the data controller, Zift Solutions will provide those individuals with reasonable mechanisms to exercise their choices.

9. Inquiries and complaints

In compliance with the EU-US and Swiss-US Privacy Shield Principles, Zift Solutions commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with inquiries or complaints regarding this Privacy Shield policy should first contact Zift Solutions at:

Zift Channel Solutions, Inc. 6501 Weston Parkway, Suite 200, Cary, NC 27513, USA, or call us at +1 (919) 794-8385, or contact us.

Zift Solutions has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield. If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.

10. US Federal Trade Commission enforcement

Zift Solutions is subject to the investigatory and enforcement authority of the United States Federal Trade Commission (FTC).

11. Binding Arbitration

Finally, and under limited circumstances, individuals with unresolved privacy complaints can invoke a binding arbitration option before a Privacy Shield Panel. You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps:
(1) raised your compliant directly with Zift Solutions and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified under the Inquiries and complaints paragraph; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration) at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

12. Changes to Zift Solutions Privacy Policy

This Policy may be amended from time to time, consistent with the Principles and applicable data protection and privacy laws and principles. We may place a prominent notice on our website in regard to material changes to our privacy policy.

13. Definitions

Capitalized terms in this Privacy Policy have the following meanings:

“Zift Solutions” means Zift Channel Solutions, Inc and its affiliates and subsidiaries to which the Principles apply. A list of the entities covered by the Principles is available at www.privacyshield.gov.

“Customer” means a prospective, current, or former partner (distributor or reseller), vendor, supplier, customer, or client of Zift Solutions from Europe. The term also shall include any individual agent, employee, representative, customer, or client of a Customer of Zift Solutions where Zift solutions has obtained his or her Personal Data from such Customer as part of its business relationship with the Customer.

“Europe” or “European” refers to a country in the European Economic Area which, for the purposes of this Policy, includes Norway, Liechtenstein and Iceland, and also Switzerland.

“Personal Data” data about an identified or identifiable individual that are within the scope of the General Data Protection Regulation EU 2016/679. Personal Data does not include data that is de-identified or anonymous.