Privacy Policy

Last modified October 12, 2018

ZenQMS Privacy & Security Policy

Please review this policy in conjunction with our Terms of Service.


This Privacy Policy describes how ZenQMS collects, uses and discloses "Customer Data", some of which could include personally identifiable information, and what choices you as a user have with respect to the information.


Updates in this version of the Privacy Policy reflect changes in data protection law. In addition, we have worked to make the Privacy Policy clearer and more understandable.


When we refer to “ZenQMS”, we mean the ZenQMS entity that acts as the processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below. When we refer to "Members" we mean our clients who are directly in control of the Customer Data they enter into the system, including any personally identifiable data.


Applicability Of This Policy

This Privacy Policy applies to ZenQMS' online platform for managing quality activities, including all associated ZenQMS environments (collectively, the “Services”), ZenQMS.com and other ZenQMS websites (collectively, the “Websites”) and other interactions (e.g., customer support requests, member conferences, etc.) you may have with ZenQMS. If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of ZenQMS' business.


This Privacy Policy does not apply to any third-party applications or software that integrate with the Services through the ZenQMS API (“Third Party Services”), or any other third party products, services or businesses. In addition, a separate agreement governs delivery, access and use of the Services (the “Customer Agreement” or "Terms of Service"), including the processing of any messages, files or other content submitted through Services accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Member”) controls their instance of the Services (their “Member Account”) and any associated Customer Data. If you have any questions about specific Member settings and privacy practices, please contact the Member with whom associate.


Information We Collect & Receive

ZenQMS may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways:

  • Customer Data. Customers or individuals granted access to a Member Account by a Member (“Authorized Users”) routinely submit Customer Data to ZenQMS when using the Services.
  • Other Information. ZenQMS also collects, generates and/or receives Other Information:
    1. Member Account and Account Information. To create or update a Member Account, you or your Member (e.g., your employer) supply ZenQMS with an email address, phone number, password, domain and/or similar account details. In addition, Members provide ZenQMS (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.
    2. Usage Information.
      • Services Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work. For example, ZenQMS logs the features, content and links you interact with.
      • Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
      • Device information. ZenQMS collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
      • Location information. We receive information from you, your Member and other third-parties that helps us approximate your location. We may, for example, use a business address submitted by your employer, or an IP address received from your browser or device to determine approximate location. ZenQMS may also collect location information from devices in accordance with the consent process provided by your device.
    3. Cookie Information. ZenQMS uses cookies to make the application work better and safer.
      • A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site's computers and stored on your computer's hard drive.
      • We use both session-based and persistent cookies. ZenQMS sets and accesses our own cookies on the domains in our Services. In addition, we use third party cookies, like Google Analytics.
      • The Company only uses cookies that are strictly necessary for the delivery of the services requested by the user. We use cookies to record current session information, and only maintain permanent cookies to the extent it's related to security (e.g. 2-factor authentication) or operations (e.g. remembering which tabs you had open). We do not use cookie information for tracking or marketing purposes. We recommend all users clear cookies and cache regularly as a matter of good computer practice and to avoid browser/security issues. To find out more about cookies visit this site.
    4. Additional Information Provided to ZenQMS. We receive Other Information when submitted to our Websites or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with ZenQMS.

      Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Member Account setup details, is not provided, we may be unable to provide the Services.


      How We Use Information

      Customer Data will be used by ZenQMS in accordance with Member’s instructions, including any applicable terms in the Customer Agreement and Member’s use of Services functionality, and as required by applicable law. ZenQMS is a processor of Customer Data and Member is the controller. Member may, for example, use the Services to grant and remove access to a Member Account, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Services. ZenQMS uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, ZenQMS uses Other Information:

      • To provide, update, maintain and protect our Services, Websites and business. This includes use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.
      • As required by applicable law, legal process or regulation.
      • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
      • To develop and provide search, learning and productivity tools and additional features. ZenQMS tries to make the Services as useful as possible for specific Member Accounts and Authorized Users. For example, we may look for OS/Browser information relative to common errors to identify possible issues.
      • To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features or other news about ZenQMS. These are marketing messages so you can control whether you receive them.
      • For billing, account management and other administrative matters. ZenQMS may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
      • To investigate and help prevent security issues and abuse.

      If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, ZenQMS may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”


      Data Retention

      ZenQMS will retain Customer Data in accordance with a Member’s instructions, including any applicable terms in the Customer Agreement and Member’s use of Services functionality, and as required by applicable law. Depending on the Services plan, Member may be able to customize its retention settings and apply those customized settings at the Member Account level, Site level or other level. Member may also apply different settings to messages, files or other types of Customer Data. The deletion of Customer Data and other use of the Services by Member may result in the deletion and/or de-identification of certain associated Other Information. ZenQMS may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for ZenQMS to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.


      How We Share And Disclose Information

      This section describes how ZenQMS may share and disclose Information. Members determine their own policies and practices for the sharing and disclosure of Information, and ZenQMS does not control how they or any other third parties choose to share or disclose Information. As a general rule, disclosure here is also governed by any in force confidentiality agreements between us and the Customer.

      • Member’s Instructions. ZenQMS will solely share and disclose Customer Data in accordance with a Member’s instructions, including any applicable terms in the Customer Agreement and Member’s use of Services functionality, and in compliance with applicable law and legal process.
      • Displaying the Services. When an Authorized User submits Other Information, it may be displayed to other Authorized Users in the same Member Account. For example, an Authorized User’s email address may be displayed with their Member Account profile.
      • Collaborating with Others. The Services provide different ways for Authorized Users collaborate. Other Information, such as an Authorized User’s profile Information, may be shared internally, subject to the policies and practices of the other Member Account(s).
      • Member Access. Owners, administrators, Authorized Users and other Member representatives and personnel may be able to access and modify Other Information.
      • Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services (e.g. Amazon Web Services). Regulatory compliance with policies (e.g. GDPR) may be reviewed during the Quality Risk Assessment of these service providers or business partners.
      • Third Party Services through API. Member may enable or permit Authorized Users to enable Third Party Services to access information in ZenQMS through it's API. When enabled, ZenQMS may share Other Information with Third Party Services. Third Party Services are not owned or controlled by ZenQMS and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
      • During a Change to ZenQMS' Business. If ZenQMS engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of ZenQMS' assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
      • To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. In certain situations, we may also be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
      • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of ZenQMS or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.

      Security

      ZenQMS takes security of data very seriously. ZenQMS works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology. Given the nature of communications and information processing technology, ZenQMS cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.


      While not an exhaustive list, please note the following overview of Our approach to security:

      • System Architecture. The service is designed with robust, industrial security and performance in mind, using .NET/ASP.NET and MS SQL Server. It is a closed environment, requiring member users to log into a secure environment with unique credentials and enforced time outs. Member administrators can apply several security restrictions to login IDs and passwords, including 2-factor authentication. Password and/or user ID changes generate automatic email alerts to the affected users, and multiple failed login attempts will result first in notification to the affected user and then a mandatory lock out. All data in transmission is secured using SSL (https) protocol. Data ‘at rest’ in the database is secured using industry-leading AES 256-bit encryption algorithms. All data is regularly backed up, with back ups stored in alternate, secure locations and services. Access to the production database is strictly managed and monitored, with access provided only to trusted employees. Finally, GMP/p.11 compliant database audit trail logs provide an added level of security/monitoring.
      • Service Infrastructure. The infrastructure hosting the Service is robust, scalable, and secure. It is certified for SOC 1 (formerly SAS70), SOC 2 & SOC 3, ISO 27001, PCI DSS Level 1 & HIPPA. The Company's strategy includes the ability to use and deploy within multiple geographic sites to prevent service interruptions. The data/software running the Service are managed in a discrete, segregated server instance. Access to the hosting environment is strictly managed and monitored, and access is provided only to trusted employees.
      • General Systems Security. All ZenQMS employees must make security logins active for their workstations/notebooks, and access to the shared data servers and email systems requires two-factor authentication. Member Confidential Information sent to ZenQMS outside the Service may be stored locally in a ZenQMS User’s workstation. The Company recommends secure avenues for receiving Confidential Information from members, such as SFTP, though We will receive data through email and related cloud-based data sharing services (e.g., Sharepoint, Dropbox, etc.) at the member’s request.
      • ZenQMS Employee Legal Commitment. ZenQMS employees are required to sign an employment agreement that includes a commitment to acknowledging their responsibilities for protecting any member Confidential Information and general security issues and commitments.
      • Technical Support Access Log. Select ZenQMS employees acting in a support capacity may be required to log in and access parts of the service that may display a Member’s Confidential Information based on a Member’s or Authorized User’s explicit request. Any such access is documented with a mandatory reason. Member administrators can review this log in the Administration > Member Account > ZenQMS Access History section.
      • Destruction of Confidential Information. If a Member elects to fully terminate its use of the Service for any reason, or is terminated by the Company, all confidential data owned by that Member will be permanently deleted from the Service, ZenQMS’ possession or otherwise in the Company's control. Please see “VI. TERM & TERMINATION – Section 5” of Our Terms of Service for additional details.

      Age Limitations

      To the extent prohibited by applicable law, ZenQMS does not allow use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.


      Data Protection Officer

      To communicate with our Data Protection Officer, please email help@zenqms.com or legal@zenqms.com.


      Identifying The Data Controller And Processor

      Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, the Member is the controller of Customer Data. In general, ZenQMS is the processor of Customer Data and the controller of Other Information.


      Your Rights

      • Authorized Users have the right to access and edit their personal information by logging into the application's administration / mySettings pages.
      • Authorized Users have the right to not volunteer personal information and/or to correct or delete their personal data from our closed system. Authorized Users can alter/delete most all information directly from within the application's personal settings page, can request this change from their employer's ZenQMS administrator directly, and/or email <a href:"mailto:help@zenqms.com">help@zenqms.com</a>.
      • The application requires a bare minimum of personal information to work properly, for instance userID (e.g. email address) and first and last name. And we do not share this data other than with our teammates that specifically require this access. Authorized Users that do NOT agree to the terms of this Privacy Policy can opt-out when they first log into the application. Doing so would preclude use of the application, however, and workarounds would have to be handled between the Authorized User and the Member.
      • To the extent that ZenQMS' processing of your Personal Data is subject to the General Data Protection Regulation, ZenQMS relies on its legitimate interests, described above, to process your data. ZenQMS may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to ZenQMS' use of your Personal Data for this purpose at any time.

      Privacy Shield Frameworks

      ZenQMS may transfer your Personal Data to countries other than the one in which you live. To safeguard transfers of Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law ZenQMS participates in the Privacy Shield Frameworks.


      ZenQMS complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. ZenQMS has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/


      With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, ZenQMS is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission.


      Pursuant to the Privacy Shield Frameworks, EU and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to legal@zenqms.com. If requested to remove data, we will respond within a reasonable timeframe.


      We will provide an individual opt-out choice for sensitive data; this choice will also fully restrict access to the application.


      In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


      ZenQMS’ accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, ZenQMS remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless ZenQMS proves that it is not responsible for the event giving rise to the damage.


      Complaints

      In compliance with the Privacy Shield Principles, ZenQMS commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact ZenQMS at:


      Phone: +1 267 670 8999

      Email: legal@zenqms.com

      Mail: 114 Forrest Ave, Suite 201, Narberth, PA 19072, USA


      ZenQMS has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.


      If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction


      Changes To This Privacy Policy

      ZenQMS may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, ZenQMS will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. Contact the Member if you wish to request the removal of Personal Data under their control.


      Contacting ZenQMS

      Please also feel free to contact ZenQMS if you have any questions about this Privacy Policy or ZenQMS' practices, or if you are seeking to exercise any of your statutory rights. You may contact us at help@zenqms.com or at our mailing address below:


      ZenQMS LLC

      114 Forrest Ave, Suite 201

      Narberth, PA 19072

      USA

      </section> </div>