TABLE OF CONTENTS
Effective: April 24, 2024
You can request past versions of our Privacy Policy
from legal@zenqms.com
ZenQMS Privacy Policy
Please review this policy in conjunction with our Terms of Service.
This Privacy Policy describes how ZenQMS collects, uses and discloses "Client Data" and Other Information as defined herein (collectively, “Information”), some of which could include information that identifies you personally, and what choices you have with respect to the Information that we collect.
When we refer to “ZenQMS” in this Privacy Policy, we mean the ZenQMS entity that acts as the processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below. When we refer to "Clients" we mean our customer who use our Services (defined below) that are directly in control of the Client Data, including any personally identifiable Information, they enter into ZenQMS’ environments.
Applicability of This Policy
This Privacy Policy applies to ZenQMS' online platform for managing quality activities, including all associated ZenQMS environments (collectively, the “Services”), ZenQMS.com and other ZenQMS websites (collectively, the “Websites”) and other interactions (e.g., customer support requests, Client conferences, etc.) you may have with ZenQMS. By accessing or using the Services, Websites or any other aspect of ZenQMS' business, you consent to the terms of this Privacy Policy.
This Privacy Policy does not apply to any third-party applications or software that integrate with the Services through the ZenQMS API (“Third-Party Services”), or any other third-party products, services or businesses. In addition, a separate agreement governs delivery, access and use of the Services (the “Master Subscription Agreement” or "Terms of Service"), including the processing of any messages, files or other content submitted through Services accounts (collectively, “Client Data”). The organization (e.g., your employer or another entity or person) that entered into the Master Subscription Agreement (“Client”) controls their instance of the Services (their “Client Account”) and any associated Client Data. If you have any questions about specific Client settings and privacy practices, please contact the Client.
Information We Collect & Receive
ZenQMS may collect and receive Client Data and other information and data (“Other Information”) in a variety of ways:
- Client Data. Clients or individuals granted access to a Client Account by a Client (“Authorized Users”) routinely submit Client Data to ZenQMS when using the Services.
- Other Information. ZenQMS also collects, generates and/or receives Other Information. Other Information, includes but is not limited to:
- Client Account and Account Information. To create or update a Client Account, you or another authorized individual acting on behalf of your Client (e.g., your employer) supply ZenQMS with an email address, phone number, password, domain and/or similar account details. In addition, Clients provide ZenQMS (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.
- Usage Information.
- Services Metadata. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work. For example, ZenQMS logs the features, content and links you interact with.
- Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
- Device information. ZenQMS collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its software and settings.
- Location information. We receive information from you, your Client and other third parties that helps us approximate your location. We may, for example, use a business address submitted by your employer, or an IP address received from your browser or device to determine approximate location. ZenQMS may also collect location information from devices in accordance with the consent process provided by your device.
- Cookie Information. ZenQMS uses cookies to make the application work better and safer.
- A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site's computers and stored on your computer's memory.
- We use both session-based and persistent cookies. ZenQMS sets and accesses our own cookies on the domains in our Services. In addition, we use third party cookie services, like Google Analytics.
- The Company only uses cookies that support the delivery of the services requested by the user. We use cookies to record current session information, and only maintain permanent cookies to the extent it's related to security (e.g. 2-factor authentication) or operations (e.g. remembering which tabs you had open). We do not use cookie information for tracking or marketing purposes. We recommend all users clear cookies and cache regularly as a matter of good computer practice and to avoid browser/security issues. To find out more about cookies visit this site.
- Additional Information Provided to ZenQMS. We receive Other Information when submitted to our Websites or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with ZenQMS.
Generally, no one is under a statutory or contractual obligation to provide any Client Data or Other Information. However, certain Information is collected automatically and, if some Information, such as Client Account setup details, are not provided, we may be unable to provide the Services.
How We Use Information
Client Data will be used by ZenQMS in accordance with the Master Subscription Agreement and as required by applicable law. ZenQMS is a processor of Client Data and Client is the controller. Client may, for example, use the Services to grant and remove access to a Client Account, assign roles and configure settings, access, modify, export, share and remove Client Data and otherwise apply its policies to the Services.
ZenQMS uses Other Information in furtherance of our legitimate interests in operating our Services, Websites and business. More specifically, ZenQMS uses Other Information:
- To provide, update, maintain and protect our Services, Websites and business. This includes use of Other Information to support delivery of the Services under a Master Subscription Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
- To develop and provide search, learning and productivity tools and additional features. ZenQMS tries to make the Services as useful as possible for specific Client Accounts and Authorized Users. For example, we may look for OS/Browser information relative to common errors to identify possible issues.
- To send emails and other communications.
- Communications regarding the Services. We may send you service, technical and other administrative emails, messages and other types of communication. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them.
- Marketing Messages. In addition, we sometimes send emails about new product features or other news about ZenQMS. These are marketing messages so you can control whether you receive them.
- For billing, account management and other administrative matters. ZenQMS may use Other Information to contact you for invoicing, account management and similar administrative reasons, and to keep track of billing and payments.
- To investigate and help prevent security issues and abuse. ZenQMS may use Other Information to monitor, detect and anticipate potential security issues and incidents, and to take appropriate protective and/or remedial measures.
- With your consent. We use Information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
- Legal bases for processing (for EEA/ UK users). If you are an individual in the European Economic Area (EEA) or the UK, we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use Information regarding EEA and UK users only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose;
- We need to process your Information to comply with a legal obligation or regulatory requirements (e.g. 21 CFR Part 11);
- If you have consented to our use of Information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your Information because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, ZenQMS may use it for any lawful purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data”.
How We Share and Disclose Information
This section describes how ZenQMS may share and disclose Information with third parties (subject to any contractual duty of confidentiality between us and the Client). Clients determine their own policies and practices for the sharing and disclosure of Information, and ZenQMS does not control how they or any other third parties choose to share or disclose Information
- Client’s Instructions. ZenQMS will solely share and disclose Client Data in accordance with a Client’s instructions, including any applicable terms in the Master Subscription Agreement and Client’s use of Services functionality, and in compliance with applicable law and legal process.
- Displaying the Services. When an Authorized User submits Other Information, it may be displayed to other Authorized Users in the same Client Account. For example, an Authorized User’s email address may be displayed with their Client Account profile.
- Collaborating with Others. The Services provide different ways for Authorized Users to collaborate. Other Information, such as an Authorized User’s profile Information, may be shared internally among other Authorized Users within a Client Account, subject to the policies and practices of the other Client Account(s).
- Client Access. Owners, administrators, Authorized Users and other Client representatives and personnel may be able to access and modify Other Information.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business (“Third Party Services”). Third Party Services include, for example, virtual computing and storage services (e.g. Amazon Web Services). Regulatory compliance with policies (e.g. GDPR) may be reviewed during a Quality Risk Assessment of these service providers or business partners.
- Third Party Services through API. Client may enable or permit Authorized Users to enable Third Party Services to access information in ZenQMS through its API. When enabled, ZenQMS may share Other Information with Third Party Service providers. Third Party Services are not owned or controlled by ZenQMS and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices of such Third Party Service providers or contact the provider for any questions.
- During a Change to ZenQMS’ Business. If ZenQMS engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of ZenQMS' assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements and/or business associate agreements.
- To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. In certain situations, we may also be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- To enforce our rights, prevent fraud, and for safety. ZenQMS may disclose Information to protect and defend the rights, property or safety of ZenQMS or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
Data Retention & Deletion
ZenQMS retains Client Data in accordance with a Client’s instructions, including any applicable terms in the Master Subscription Agreement and Client’s use of Services functionality, and as required by applicable law and regulation. Depending on the Services plan, Client may be able to customize its retention settings and apply those customized settings at the Client Account level, Site level or other level. In some instances, Client may also apply different settings to messages, files or other types of Client Data. The deletion of Client Data and other use of the Services by Client may result in the deletion and/or de-identification of certain associated Other Information. ZenQMS may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for ZenQMS to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations and regulatory requirements (e.g., 21 CFR Part 11), resolve disputes and enforce our agreements.
ZenQMS Authorized Users should direct requests for deletion, correction and/or amendment of Information to the Client in accordance with the ‘Your Rights’ section in this Privacy Policy. As per clause 3 in the Data Processing Addendum, ZenQMS notifies a Client if any data subject request has been made to it directly from one of the Client’s users.
Data deletion, correction and/or amendment requests regarding Other Information should be made to ZenQMS via email to help@zenqms.com or legal@zenqms.com. ZenQMS examines such requests made to it directly within 30 (thirty) days. We may ask you and/or Client to verify your identity, or the data subject’s identity, if different, the reason for the request, and what information is requested to be deleted, corrected and/or amended. We will also seek the review and approval of such requests from the Client who invited you to the account. We will delete, correct and/or amend your Information following the request if it is found that it does not conflict with ZenQMS ability comply with (and demonstrate compliance with) legal obligations and regulatory requirements. ZenQMS sends a confirmation to the requester/ Client that Information was deleted/ corrected/ amended. If Information was not deleted/ corrected/ amended for the reasons listed above, ZenQMS notifies the requester/ Client with the reasoning for the request denial.
Security
ZenQMS takes security of Information very seriously. ZenQMS applies, maintains, and monitors physical, technical, and administrative safeguards in accordance with industry standards as outlined in its System and Data Security related SOPs and Policies, to protect Information you provide from loss, misuse, and unauthorized access or disclosure. These steps consider the sensitivity of the Information we collect, process and store, and the current state of technology. Materials describing ZenQMS’ security standards and certifications are available in the ZenQMS Auditor Share Account.
Given the nature of communications and information processing technology, ZenQMS cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will always be safe from intrusion by others.
It is ZenQMS’ Client’s responsibility to apply physical, technical, and procedural controls that are not under ZenQMS control and to prevent any breaches that may originate in their organization.
If a Client elects to fully terminate its use of the Service for any reason, or is terminated by the Company, all confidential data owned by that Client will be permanently deleted from the Service, ZenQMS’ possession or otherwise in the Company's control.
Age Limitations
To the extent permitted by applicable law, ZenQMS does not permit use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with their Personal Data, please contact us and we will take steps to delete such Personal Data.
Data Protection Officer
To communicate with our Data Protection Officer, Panos Boudouvas, please email help@zenqms.com or legal@zenqms.com.
Identifying the Data Controller and Processor
Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, the Client is the controller of Client Data. In general, ZenQMS is the processor of Client Data and the controller of Other Information.
Your Rights
- Authorized Users have the right to access and edit their Personal Data by logging into the application's administration / mySettings pages.
- Authorized Users have the right to not volunteer personal information and/or to correct or delete their Personal Data from our closed system. Authorized Users can alter/delete most all Personal Data directly from within the application's personal settings page, can request this change from their employer's ZenQMS administrator directly, and/or email help@zenqms.com.
- The application requires a bare minimum of Personal Data to work properly, for instance userID (e.g. email address) and first and last name. And we do not share this data other than with ZenQMS employees that specifically require this access. Authorized Users that do NOT agree to the terms of this Privacy Policy can opt-out when they first log into the application. Doing so would preclude use of the application.
- To the extent that ZenQMS' processing of your Personal Data is subject to the General Data Protection Regulation, ZenQMS relies on its legitimate interests, described above, to process your data. ZenQMS may also process Other Information that constitutes your Personal Data for direct marketing purposes and you have a right to object to ZenQMS' use of your Personal Data for this purpose at any time.
- To the extent that ZenQMS' processing of your Personal Data is subject to the General Data Protection Regulation, you have the right to opt-out from sensitive data collection; this choice will also fully restrict access to the application.
- To the extent that ZenQMS' processing of your Personal Data is subject to the General Data Protection Regulation, you have the right to complain to a data protection authority about the collection and use of Personal Information. See the ‘Complaints’ section in this policy for details.
- To the extent that ZenQMS' processing of your Personal Data is subject to the General Data Protection Regulation, you have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States, should direct their query to our EU GDPR Rep., Alina Cobarzan, at legal@zenqms.com. If requested to remove data, we will respond within a reasonable timeframe as stated in the Data Retention and Deletion section of this Policy.
International Transfers
ZenQMS servers are in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, ZenQMS takes many steps to protect your privacy, as described in this Policy.
In addition, we leverage Third Party Service providers who process Personal Data on our behalf, to provide services to ZenQMS, and their servers may be located outside of the EEA. A full list of the sub-processors we use to process data, is available in the GDPR document in the Auditor Share Account. We take steps to ensure that our vendors offer appropriate safeguards to protect Personal Data they process on our behalf, and contractually obligate them to process such data in compliance with applicable data protection laws. ZenQMS remains responsible and liable if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the EU GDPR, unless ZenQMS proves that it is not responsible for the event giving rise to the damage.
ZenQMS contractually commits to transfer and process all of its Clients’ EU, UK and Swiss data in compliance with the Standard Contractual Clauses (“SCCs”), which are a valid data export mechanism and which apply as part of Data Processing Addendum (DPA) to the Master Subscription Agreement.
In addition to incorporating SCCs, our DPA also specifies our commitments to security, confidentiality of processing, limitations on international transfers of Personal Data, cooperation with data subject rights, notice of security incidents, and more. Clients who wish to sign a DPA with ZenQMS may request it by contacting us at legal@zenqms.com.
Data Privacy Framework (DPF) programs
ZenQMS may transfer your Personal Data to countries other than the one in which you live. To safeguard transfers of Personal Data originating from the European Union, the UK, or Switzerland to other countries not deemed adequate under applicable data protection law, ZenQMS participates in the EU-U.S Data Privacy Framework (DPF) program and has accordingly self-certified as part of the U.S. Department of Commerce Data Privacy Framework Program. ZenQMS has certified to the U.S. Department of Commerce that it adheres to (1) the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF, (2) the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF, and (3) the UK Extension to the EU-U.S. Data Privacy Framework with regard to the processing of personal data from the UK (collectively, the “DPF Principles”). To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/. To view ZenQMS’s certification information, please visit https://www.dataprivacyframework.gov/s/participant-search and enter “ZenQMS” in the search feature.
ZenQMS is subject to the regulatory and enforcement powers of the U.S. Federal Trade Commission with respect to Personal Data received or transferred pursuant to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework, and the UK extension. EU, UK and Swiss individuals have the right to obtain confirmation of whether ZenQMS maintains personal information relating to them in the United States. Upon request, ZenQMS will provide access to the personal information that it holds about individuals, and individuals may also correct, amend, or delete their personal information. To request access or correction of personal data transferred to the United States under the DPF Principles, individuals should direct their query to ZenQMS’s EU GDPR Rep., Alina Cobarzan, at legal@zenqms.com. If requested to remove data, ZenQMS will respond within a reasonable timeframe as stated in the Data Retention and Deletion section of this Policy. ZenQMS provides an individual opt-out choice for sensitive data, which fully restricts access to the application if selected.
ZenQMS provides an individual opt-out choice for sensitive Personal Data, which fully restricts access to the application if selected. In certain situations, ZenQMS may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
ZenQMS is accountable for Personal Data that it receives in the United States under the EU-U.S. Data Privacy Framework, UK extension, and Swiss-U.S. Data Privacy Framework and subsequently transfers to a third party. ZenQMS remains responsible and liable under the DPF Principles if third-party agents that it engages to process the Personal Data on its behalf do so in a manner inconsistent with the DPF Principles, unless ZenQMS proves that it is not responsible for the event giving rise to the damage.
Complaints
In compliance with the DPF Principles, ZenQMS commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States. European Union, UK, and Swiss individuals with DPF inquiries or complaints please should first contact ZenQMS at:
Phone: +1 267 670 8999
Email: legal@zenqms.com
Mail: 40 Coulter Ave, Suite 265, Ardmore, PA 19003, USA
ZenQMS Data Protection Officer: Panos Boudouvas
ZenQMS EU GDPR Rep.: Alina Cobarzan
ZenQMS has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, BBB National Programs' Data Privacy Framework Services. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf for more information and to file a complaint. This service is provided free of charge to you.
If your complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
European Union, UK, and Swiss individuals also have the right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and UK are available here and Switzerland are available here.
California Laws
The California Consumer Protection Act and California Privacy Rights Act (the “California Laws”) does not apply to ZenQMS. For more information on the California Laws and the businesses to which they apply, see https://oag.ca.gov/privacy/ccpa#sectiona or visit this page for our Frequently Asked Questions document.
Changes to This Privacy Policy
ZenQMS may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, ZenQMS will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. Contact the Client if you wish to request the removal of Personal Data under their control.
Contacting ZenQMS
Please also feel free to contact ZenQMS if you have any questions about this Privacy Policy or ZenQMS' practices, or if you are seeking to exercise any of your statutory rights. You may contact us at help@zenqms.com, legal@zenqms.com or at our mailing address below:
ZenQMS LLC
40 Coulter Ave, Suite 265
Ardmore, PA 19003
USA