Zoku Privacy Policy

Last Modified: March 05, 2020

This Privacy Policy applies to the processing of Personal Information, as defined below, by Zoku Pte. Ltd. (“Company”, “we”, “our”, “us”). We respect your privacy rights and, where applicable, obligations and are committed to safeguarding them through our compliance with this Privacy Policy and applicable laws, first and foremost of which is the Singapore Personal Data Protection Act of 2012. Additionally, in light of our global outreach, we strive to provide certain disclosures and safeguards aimed at facilitation of complaint data transfers and processing of Personal Information from the European Economic Area, Switzerland, the United Kingdom, and the State of California, USA. You may send us your feedback, comment, requests for support, questions and other communications related to data privacy to privacy@zokusuite.com.

1. Summary

As our Company is focused on serving the needs of business entities, we use Personal Information very scarcely, solely to achieve our legitimate business aims as a service provider of commercial software and related services (“Services”), and only with respect to the Personal Information that is actively provided to us, including by authorized use of our Services by customers, or searched exclusively for specific communication with businesses and other entities. Furthermore, even if you actively use our Services, it is also possible that we will not be processing any Personal Information in the legal sense for either such information does not constitute data that shall be protected under applicable data protection law as Personal Information, or such information is in the form (e.g., in anonymous, deidentified, or aggregated) which does not require data protection compliance measures on our part. We never sell Personal Information to anyone, profile you, or do something beyond what can be reasonably expected from a services provider like us.

2. Scope

This Privacy Policy applies to the processing of Personal Information which is defined as personal data, personal information, personally identifiable information (PII), or any other equivalent term under any applicable data protection law. Unless otherwise limited or qualified by the applicable law, the term “Personal Information” includes broadly any information that relates to identified or identifiable individual.

We process the following two large categories of Personal Information:

1. Business Personal Information: Personal Information belonging to visitors and users of our website, current or prospective customers, business partners, suppliers, consultants, collaborators and their representatives.

2. Services Personal Information: Personal Information that is provided by our customers and being processed by Company on behalf of the customers during and in order to perform our Services, whether residing on our, customer or third-party systems and environments. This category excludes data which are exempt from protection requirements or do not constitute a protectable category of Personal Information (e.g., in anonymous, deidentified, or aggregated form).

3. Applicability

We reserve the right to modify this Privacy Policy at all times by posting an updated version on our website at www.zokusuite.com (“Website”). In case of a material change bearing on rights of Data Subjects or responsibilities of our customers, we will endeavor to notify about such changes by e-mail. Any change applies to all processing of the data after the effective date of the change or receipt of the e-mail notification if such notification has been sent. Your continued use of our Services following the posting of a revised Privacy Policy means that you accept and agree to the changes. You are expected to check this page frequently enough to be aware of any changes.

4. Data Subjects

We collect, use, and otherwise process Personal Information of individuals who vary depending on the category of Personal Information (all collectively, “Data Subjects”):

(1) Business Personal Information: We process Personal Information of individuals who represent or otherwise communicate on behalf of our current or prospective customers, business partners, suppliers, consultants, collaborators. At this moment, these persons include representatives, employees, agents, consultants, and other individuals interested, or actually engaged, in communication with us regarding our Services.

We also collect information about visitors on our Website via cookies and similar technologies. Nonetheless, this information is never combined with any other identifying Personal Information, such as names and e-mails, except when and if an IP address may be linked to any account (if such feature is available at the Website) with a view to assure safety and compliance and related purposes. We always request your consent for cookies to be properly placed and read on your device.

(2) Services Personal Information: While rendering our Services to our customers, we may process Personal Information under control of the customers for their business purposes. At this moment, depending on a specific Service that we may provide, these individuals include customers’ employees, contractors, consultants, end users, clients, and purchasers.

5. Data Processing Roles and Responsibility

We serve as a data controller with regards to Business Personal Information and a data processor (service provider) with respect to Services Personal Information.

Whenever we are deemed as a data controller of Personal Information, Zoku Pte. Ltd., a company incorporated in Singapore and having its address at 410 North Bridge Road, Singapore 188726, is the entity who acts as the data controller for the purposes of this Privacy Policy. All questions, comments, requests for support, and other communications related to data privacy can be sent to privacy@zokusuite.com.

Whenever we are deemed as a data processor (service provider) of Personal Information, we will process the Personal Information solely for the purpose of providing Services to our customers in accordance with our Privacy Policy and at all times subject to instructions of the customer who are the data controllers. Each party is responsible for compliance with its respective obligations under applicable law. We undertake to comply with any instructions of the data controller pertinent to the processing of the Personal Information to the extent necessary to: (i) comply with our processor (service provider) obligations under applicable laws, or (ii) assist the data controller to comply with its controller obligations under applicable laws. To the extent that as a result of the compliance with such instructions or providing other assistance to its customers, Company will incur additional charges or fees not covered by the fees for the Services payable under the relevant agreement between Company and the customer (data controller), such charges and fees shall be promptly reimbursed by the customer (data controller).

6. Sources of Data

Data Sources. We collect or obtain Personal Information from a limited number of sources. We collect Business Personal Information from the following sources.

– When you interact with us during in-person meetings at various events, conferences, and workshops, or communicate with us via electronic communication means such as email, telephone, or through varied messages;

– When we search or receive from third parties contact information of relevant business representatives, exclusively for communication purposes, as set out in detail below;

– When you provide us with data by a conscious affirmative action, for example, when you choose to use your data in relevant fields at your personal Company account (if such feature is available at the Website) or when you intentionally submit to us your bio with a view that it be considered for any business purpose;

– When any Personal Information is obtained through cookies and similar technologies, as set out in detail below.

We collect Services Personal Information, if any collection takes place, exclusively from our customers or their relevant service providers.

Third-Party Sources. We never seek Personal Information from third-parties, such as data brokers, except for limited contact information of representatives of specific entities which we have a legitimate and substantiated interest in doing business with. In those cases, we may receive such contact information exclusively for business communication purposes regarding specific business transactions and subject to proper confidentiality and data protection restrictions.

Cookies and Similar Technologies. When you visit the Website, we usually place cookie files on your device, or read such files already on your device, as well as utilize similar technologies, subject always to obtaining your consent in an appropriate consent form on the Website. We use those technologies to record information about your device, your browser and, in some cases, your preferences and browsing habits without identifying you personally as a Data Subject. This information is never combined with any data available to us thus leading to identification of any particular individual, except for IP addresses which we may combine with the data pertinent to the access to personal accounts (if such feature is available at the Website) only with a view to maintain safety and integrity of the account and the Website as a whole. Without any such combination, we can use your IP address for purposes of web analytics via Google Analytics and Google AdSense.

7. Categories of Personal Information

Business Personal Information. We process the following categories of Business Personal Information:

– Identification: name and business physical address, email addresses, telephone numbers and other business communication account identifiers;

– Services Related: our communications including e-mails, messages, call and chat transcripts;

– Business Related: name, size and location of the company which a Data Subject represents or relates to, transactional and financial data pertinent to our dealings with the company;

– Marketing: testimonials, questionnaires and surveys;

– Online Identifies: mobile device identifiers and cookie IDs; IP addresses and information that may be derived from IP addresses, such as geographic location and relevant behavioral data of the device interacting with the Website;

– Consent and other administrative records together with the date and time, means of consent and any related information, if such consent is the legal basis for the processing;

– Account Data (if such feature is available at the Website): mandatory or optional data fields, session information such as IP address, time and date of logins, logs of actions;

– Any other information voluntarily transmitted to us by a conscious affirmative action.

Services Personal Information. We process only those categories of Services Personal Information that the customers may choose to provide to use as part of our Services. At this moment, that information includes customer record, names and contact details, purchase histories, purchaser scores, marketing details (e.g., discounts and new product offers). We do not process financial data in any unencrypted from.

Sensitive personal data. We do not seek to collect or otherwise process as Business Personal Information any sensitive data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, sex life or sexual orientation, or gender. Furthermore, we strongly request that you do not send us any sensitive Personal Information whether as Business or Services Personal Information. Whenever such Personal Information is or may constitute Services Personal Information, we request that you notify us in advance and implement safeguards aimed at an appropriate protection of this category of data.

Children’s Data. Because our Company is focused on serving the needs of business entities, we do not seek to collect or otherwise process Personal Information of minors, except in case where such information constitutes part of Services Personal Information. If you believe that we have somehow collected Personal Information of a minor as part of Business Personal Information without appropriate consent, please notify us through our e-mail privacy@zokusuite.com so that we may immediately delete this information.

8. Purposes of Data Processing

Business Personal Information Purposes. We process Business Personal Information for:

– business communications, including responding to your requests and inquiries and Services support communications;

– maintaining safety, security and integrity of information, communications, networks, and systems, including preserving data and information, as well as is protection from unauthorized or prohibited actions of any person;

– analysis, development, improvement and optimization of functionality and performance of our Services, as well as customization of our Services based on your business interests;

– testing and applying new Services, system versions, patches, updates and upgrades, and resolving bugs and other issues;

– surveys and testimonials: from time to time, we may request that you answer several questions which can make our Services more relevant, interesting, and beneficial to you;

– direct marketing: sending direct marketing and informational communications, as set out in more detail in Section XIII;

– legal compliance with our contractual, legal and regulatory obligations;

– pursuance of other legitimate interests: such as detecting and protecting against breaches of our policies, contracts and applicable laws; establishing, exercising or defending our legal rights, etc.

Services Personal Information Purposes. We may process any Services Personal Information exclusively for the purpose of providing our Services to our customers. At all times, it may include:

• maintaining safety, security and integrity of information, communications, networks, and systems;

• compliance with our contractual obligations, applicable laws and regulations;

• other business purposes as may be enumerated in or approved by applicable laws.

Minimization. We take every reasonable step to ensure that Personal Information is limited to the data reasonably necessary in connection with the purposes set out in this Privacy Policy.

No Requirement for Data Protection Impact Assessment. We believe, based on your internal evaluation, that our processing practices do not present a high risk to rights and freedoms of Data Subject in such a way that it would invoke the necessity for conducting a data protection impact assessment under any applicable law.

9. Legal Bases for Processing

In processing of Personal Information in compliance with this Privacy Policy, we may rely on one or more of the following legal bases, depending on the circumstances:

1. Data Subjects’ consent to the processing of their Personal Information for specific purposes. This is primarily the case for our processing of Services Personal Information: At this instance, we rely on our customers’ obtaining a proper consent subject to all requirements of applicable data protection law. To secure this, we request that our customer represent and warranty that the Services Personal Information, which we can processing as part of the Service rendered to the customers, has been collected from Data Subjects based on their properly given consent, except for cases where obtaining consent is unpracticable or impossible and subject to the condition that our customers secure other legal bases for such processing of Personal Information through our Services.

In addition, we may also seek your consent for use of Business Personal Information which include, among others, sending newsletters and other direct marketing communications. Please, note that whenever you give us your consent for some processing, you have always a right to withdraw it at any time and free of charge. If you cannot find a form or another modality to withdraw your consent on the Website or in communications, please, send us your withdrawal by e-mail to privacy@zokusuite.com.

2. The processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the data subject prior to entering into a contract. That is a very rare case when the Data Subject is our customer, business partner, supplier, consultants, or collaborator.

(3) We may have a legitimate interest in carrying out the processing of Personal Information. This is primarily the case for our processing of Business Personal Information. This may be the legal basis relied on when, for example, Personal Information is necessary for preserving integrity of data and communications on the Website and protection of rights and interests of Company and other persons; providing or improving our Services; fulfilling our regulatory and compliance obligations; detecting, and protecting against, breaches of our policies, contracts and applicable laws; or establishing, exercising or defending our legal rights and interests. We can rely on this ground only to the extent that such legitimate interest is not overridden by Data Subject’s fundamental interests, rights, or freedoms and is allowed by applicable data protection law.

(4) The processing is necessary for compliance with a legal obligation established by applicable law. This is primarily the case when we are required to produce to a law-enforcement agency any of Personal in which scenario we will endeavor, but not guarantee, to inform you about such a request unless it is prohibited by applicable law.

10. Security and Confidentiality

Company has implemented and will maintain technical and organizational measures designed to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Information.

11. Third Party Recipients of Data

Third Party Recipients. We share Personal Information with following third parties:

1. To third-party service providers (e.g., analytics, marketing campaign management, website management, IT and related infrastructure maintenance, customer service, e-mail, auditing, webhosting and other similar service providers) in with a view to engage them to perform business functions on behalf of Company. In most cases, these are global OSPs and software providers having their own data compliance programs audited and monitored by relevant data protection authorities.

2. With appropriate governmental, court and other law enforcement agencies as may be required by applicable law, such as to comply with legal process or subpoena.

3. With respect to Business Personal Information only, with third-parties who are not service providers for us but who may have a legitimate interest in doing business with the company which the Data Subject may work for or otherwise relate to, such as our business partners and customers.

Data Processing Agreements. If we engage a third-party service provider to process Personal Information, the processor will be subject to binding contractual pursuant to applicable data protection law. Among others, the processer will have to: (i) process your personal data only on documented instructions from us; and (ii) implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks pertinent to such a processing.

Google Analytics and AdSense. Our Website may use Google Analytics and AdSense, web analytics services provided by Google, Inc., USA. Those services may employ cookies which are used to generate information about your use of the Website (including your IP address). This information is then transmitted to and stored by Google on servers in the United States. Google will use this information in aggregate form for the purpose of evaluating use of the Website, compiling reports on user activity and providing other services relating to websites activity and Internet usage. Google will not associate your IP address with any other data held by Google. For more information about Google’s privacy policies, please, visit http://www.google.com/analytics/

12. International Data Transfers and Safeguards Employed

We are a Singapore company with global outreach. For this reason, we need and do comply with the Singapore data protection law, specifically the Personal Data Protection Act 2012 (PDPA). In addition, to help our customers comply with the requirements of data protection laws applicable to those entities in their jurisdictions, we strive to implement various provisions of foreign data protection laws, in particular, the General Data Protection Regulation (EU) 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA). Please, note that the mere fact that we strive to comply with foreign does not invoke extraterritorial jurisdiction on the Company.

Whenever we receive any Personal Information belonging to the Data Subjects from the European Economic Area, Switzerland, the United Kingdom, we strive to conclude with our customers legally binding agreements based upon the EU Standard Contractual Clauses in accordance with Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors. You can also request the copies of such agreements by e-mail directed to privacy@zokusuite.com.

Whenever we receive any Personal Information belonging to the Data Subjects from the European Economic Area, Switzerland, we undertake to comply with the CCPA insofar as it may be applicable to a Singapore company not targeting California as the primary place of business and subject to other relevant limitations.

13. Direct marketing

We may send to representatives of our current or prospective customers, business partners, suppliers, consultants, collaborators direct marketing and informational communications relating to our Services. In most cases, we will send such communications subject to a proper consent given, whether expressly or impliedly depending on the applicable data protection and marketing communication laws. Nonetheless, from time to time, we may send communications without such consent when and if consent is not necessary, specifically when the recipient or recipient’s company previously purchased similar Services from us. At all times, you may choose to stop receiving our newsletters or other marketing or informational communications and withdraw your consent accordingly by following the unsubscribe instructions included in our communications or by sending us e-mail to privacy@zokusuite.com.

14. Retention periods

We will retain your Business Personal Information only for as long as we maintain an ongoing relationship with you or the company you work for or otherwise relate to. We do not ordinarily retain any Services Personal Information unless such retention is transitory or constitutes part of our Services. At any case, we may retain Personal Information where it is necessary in connection with the lawful purposes as set out in this Privacy Policy, for which we have a valid legal basis such as in for the duration necessary to be able to respond to any questions or complaints which may be addressed to us, to comply with all applicable laws; to establish, exercise or defend any legal rights or preserve integrity of communications or protection of rights and interests. Once the retention periods have concluded, we will either permanently delete or destroy the relevant Personal Information, or anonymize it.

XII. Rights of Data Subjects

Singapore Data Subject Rights. As a Singapore company, we respect Data Subjects’ rights to request access to their Personal Information in our possession or control and to request correct any error to such information. Please, note, however, that we are not required to provide information in respect of the matters specified in the Fifth Schedule of the PDPA, or comply with any correction request in respect of the matters specified in the Sixth Schedule of PDPA. For the most part, Services Personal Information falls into those exceptions.

European (EEA, Switzerland, UK) Data Subject Rights. Pursuant to Art. 3 GDPR, Company is not under direct application of the GDPR. Nonetheless, should we be found under such application in specific instances and with respect to specific Personal Information, we inform that you will have a set of rights which may or may not be applicable to you depending on particular circumstances of your case, including the legal basis of processing of particular data:

• Right of access. You may have the right to obtain from us confirmation as to whether or not your personal data are being processed, and access to those personal data and other relating information.

• Right to rectification. You may have the right to obtain from us the rectification of inaccurate personal data concerning you.
• Right to erasure. You may have right to obtain from us the erasure of personal data concerning you unless we are under a legal duty or have a legitimate ground to retain certain data.

• Right restriction of processing. Under relevant conditions set out by the law, you may have the right to obtain from us restriction of processing of your data.

• Right to object to processing. You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you.

• Right to data portability. You may have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format as well as the right to transmit those data to another controller without hindrance.

• Right to lodge a complaint. You have the right to lodge a complaint regarding our processing of your personal data with a data protection authority which can be any of the data protection authority of the EU Member State in which you live or work, or in which the alleged infringement occurred.

With regard to any of the rights above, you can address us via a written request, accompanied with all necessary information, sent to the address as set out in Section XV. If such feature is available on the Website, you can also request specific compliance thorough your account.

California Residents Safeguards. At this moment, Company is not a CCPA covered business pursuant to Cal. Civ. Code § 1798.140(c)(1). Nonetheless, depending on the business circumstances of our customers, we may be deemed a CCPA covered service provider regarding specific Services Personal Information unless exempted from the application of the CCPA. In case we are deemed a service provider under the CCPA, we employ the following measures:

• We enter into a written contract with businesses covered by the CCPA concerning our Services and the Personal Information to be disclosed;

• We do not retain, use, or disclose the Personal Information for any purpose other than for the specific purpose of performing the Services to businesses covered by the CCPA;

• We delete the Personal Information from our records subject to our customer’s demand to this effect based on a verifiable consumer request from a Data Subject;

• We implement Reasonable security practices based on the guidelines applicable in California.

All questions, comments, requests, and other communications related to the compliance with the CCPA can be sent to privacy@zokusuite.com.

15. Miscellaneous

Links to Third Party Sites. Our Website or Services may include links to other websites whose privacy practices may differ from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any other website you visit or service you order.

Our Contacts. You may contact us for any reason in connection with this Privacy Policy to:

Zoku Pte. Ltd.

410 North Bridge Road,

Singapore 188726

E-mail: privacy@zokusuite.com