Privacy Notice

Effective Date: July 1, 2024

At Zasio Enterprises, Inc. (“Zasio,” “we,” “our”), we value your data privacy. We created this Privacy Notice to be transparent about how we collect, use, protect, share, store, dispose of, or otherwise process information about you.

About Us. Zasio provides other businesses with records and information management (“RIM”) SaaS, on-premises software, and related services, as well as RIM consulting services. We are a California corporation headquartered in Boise, Idaho, USA. To learn more about Zasio, please click on the About Section of our website.

This notice describes the categories of personal data we have collected and our disclosure practices from the 12 month period preceding the date at the top of this notice.

You may print a copy of this Privacy Notice by clicking here.

What’s In This Privacy Notice? This notice describes the kinds of personal data we collect from:

Our customers (including their end users) through use of our cloud services, on premises software, consulting services, and their related services and trainings;
website visitors;
webinar and event attendees;
prospective customers (or those just interested in learning more about our company and RIM software and services); and
those with whom we otherwise interact, including on any social media platform where Zasio has a presence.

By engaging with Zasio in any of these ways, you acknowledge, consent to, and accept the practices and policies described in this Privacy Notice. If you do not agree with any of our privacy practices and policies, please do not use any of the Zasio offerings subject to this Privacy Notice. For our customers and their end users, as well as our service providers, please see your organization’s applicable agreement with Zasio, which may apply in lieu of, or in addition to, this notice.

As Zasio grows and improves its practices, we update this Privacy Notice from time-to-time. To stay current on our privacy practices, we encourage you to regularly review this page. Any changes to this Privacy Notice will become effective on the date posted.

What’s not Covered by this Privacy Notice?

Mobile Application. This Privacy Notice does not govern our privacy practices concerning our mobile application. For users of our mobile app, please see the privacy terms included with the end user agreement presented upon downloading and accessing the app. The terms of our master agreement with your organization may also apply.

Data About You Provided By Our Customers. Our customers control any data about you, as a third party, that a Zasio customer may provide to us through their use of Zasio’s services (such as by uploading data to our cloud environment). This includes data you may have provided to us on behalf of your employer as an end-user of our SaaS, on-premises software, and related services. For this kind of data, Zasio is a “processor” or “service provider” for our customers. For questions about any personal data a Zasio customer may have provided to us, or to exercise any associated applicable legal rights, please contact the customer who has provided us with your data.

Hiring Applicants. If you work for, have worked for, or apply for work at Zasio, please see our HR Privacy Policy for data on how we use your personal data.

How To Contact Zasio. We value your feedback and do our very best to get privacy right. If you have any questions about our privacy practices, please do not hesitate to email us at privacy@zasio.com, or see the end of this notice for additional ways you can get ahold of us.

For additional information regarding our privacy practices, click on the sections below:

What is Personal Data?

In this Privacy Notice, when we say “personal data,” we broadly mean anything that identifies, relates to, or reasonably could be linked or associated with you. Personal data, personal information, and like terms are defined differently across the many different data privacy laws in the U.S. and around the world. The term “personal data” in this notice includes data covered under any such applicable privacy law definitions.

What Personal Data Do We Collect and How Do We Collect It?

We collect, process, and share personal data primarily to provide our customers with industry-leading RIM software and services. The below describes the kinds of personal data Zasio may collect when you interact with Zasio and our offerings:

Zasio’s website. When you interact with Zasio’s website, we may collect information you enter into any web form, such as your first and last name, work email address, job title, work phone number, employer, physical address, industry, and any other information you chose to provide. We may also automatically collect data such as the IP address of the device you’re using, general location data, web browser type, the source that referred you to our website, and other information about how you use and interact with our website. We may collect this information using our own, as well as third-party, cookies and related tracking technologies. For more information about our cookie practices, please visit Zasio’s Cookie Notice. Our website allows you to manage which cookies are active when you interact with it, and thereby control the kinds of personal data that we may collect. We collect, process, and share this data with your consent and for our legitimate interest in offering our services to you.

Other Sites: Please note that Zasio’s website may offer links to other sites (such as other websites and social media). Zasio’s website also may be accessible through other sites. Zasio may receive information that’s stored or processed by social media sites with whom Zasio has a presence. Zasio has no control over the privacy practices of third-party sites. Accordingly, Zasio encourages you to refer to the privacy policies of any such third-party sites to see how each site collects and uses your data, as well as to understand your rights and the platform’s obligations to you.

Cloud Services and SaaS subscribers. When you, as a customer or a customer’s end user, interact with one of our SaaS or other cloud services, we collect certain data identifying you and about your access and use of the service. For example, we automatically record the identity of the user based on the user’s log-in information, the time of use, how they’ve interacted with the service, the features they use, and other information about a user’s activities concerning these services.

We also collect information such as your IP address, browser type and settings, system configuration information, operating system, location, time zone, referring page, and device identification information. This information is created and automatically logged in our systems, and we may collectively refer to it as ‘log information.’ We collect this log information primarily for security and customer services purposes, or to improve our offerings.

Where a customer accesses and uses one of our cloud services, the customer controls what information, including any personal data, is uploaded using the service. Please note though, that while Zasio has logical access to any data a customer may upload using our cloud services, we do not monitor the content of a customer’s hosted data. Hosted data is stored with our third-party cloud hosting service provider. We collect, process, and share this hosted data to perform the agreement between the customer and Zasio.

Zasio also shares data about how customers interact with our cloud services with our log and security information and event management (SIEM) provider. We do this to fulfil the agreement with you and to keep the cloud environment secure.

Zasio customer service portal: End users of Zasio’s on-premises software and cloud services may be able to submit personal and other data to Zasio through Zasio’s customer service portal. This includes data such as your name, user identity and password, IP address, your employer, and how you’ve interacted with the portal and the services it provides. Zasio only stores and uses personal data provided through these channels for verification and security purposes and to provide our customers with RIM services. You may not be able to utilize all portions of our customer support portal, support services, or professional services if you decline to provide personal data that is necessary for Zasio to perform the services you have requested. We collect and process this information based on consent and to fulfil the agreement between you (or your company) and Zasio.

Business relationship data. When you or your company pursue or form a business relationship with us, we collect and process personal data in the form of business contact information such as your name, company’s name, job title, job duties, work email and phone number, and department. This includes when you interact with members of our support, technology, sales, marketing, or consulting teams, or participate in a training purchased from Zasio.

When you interact with our sales or marketing teams, the personal data you provide may be shared with our third party customer relationship management providers.

When you attend one of our online end-user training sessions on behalf of a customer, these trainings may be recorded, and the recordings may be shared with our third party provider so that we can provide the recording for the customer’s future use. If you provide financial data in connection with ordering one of our offerings (such as bank account details), we may collect and process this for processing payment. We collect, process, and share this information to perform the agreement between you (or your company) and Zasio.

Other collections: Zasio also may collect personal data from or about you in other ways, such as through your contact with us when you respond to a survey, sign up for a webinar or event, request information about Zasio’s offerings, sign up for newsletters and updates, post a comment to a Zasio blog article, interact with us on social media, or when you otherwise interact with Zasio personnel.

Zasio may also collect personal data about you that is publicly available, is provided by a third-party business, or that you voluntarily provide through a third party (such as a third-party platform we use to present one of our webinars). When you participate in one of our webinars or other events, Zasio may process your interactions with the relevant service to organize and put on the event (including for things like polls, surveys and other interactions with participants). Zasio may also collect audio and video recordings of these events, but will notify you if the event is being recorded. Zasio may additionally process any personal data you provide in connection with one of these events (such as feedback) to improve and plan future events. To the extent necessary, we additionally share such data with any event cosponsors. We collect, process, and share this information with your consent and for our legitimate interest in offering our RIM software and services to you.

On-premises software: For Zasio software offerings that are strictly on-premises, any personal data contained in a customer’s database or in connection with the use of the software is not controlled by or accessible to Zasio, and therefore is not covered by this privacy notice. Please contact the applicable customer concerning any questions or to exercise any privacy rights with respect to such information.

Non-Personal Data: We may create aggregated, de-identified, or anonymized data from the personal data we collect. This is done by removing information that would make it personally identifiable. When this is done, we may share such data with third parties for our lawful business purposes, including to improve and develop new products and services.

Other Processing and Sharing.

Zasio may also process and share personal data:

To comply with the law, court order, or government regulations;
To enable Zasio’s business and pursue our legitimate interests, such as to:
Monitor use and improve, personalize, and protect our business offerings;
prevent, investigate, and report fraud, security incidents, or a crime, in accordance with applicable law;
conduct market research and for marketing purposes (you can opt out of marketing communications at any time); and
Exercise, establish, or defend Zasio’s legal rights or a customer’s legal rights, or protect the safety of persons or property;
During the sale or transfer of a business unit or an asset to another company, including in bankruptcy or similar proceedings. In such instances, and where we have the ability, we will require the company to protect and use your personal data in a manner that is consistent with this notice.
In any Zasio contest or giveaway in which you choose to participate. For this use, though, Zasio will only use and retain contact information that you have provided to us and only after you have agreed to participate in the contest or giveaway.

In limited circumstances, Zasio may also disclose your personal data in other ways if we expressly ask you, and you consent to, the disclosure.

Sale and Sharing of Personal Information.

Zasio does not provide your personal data to any third parties in exchange for money. However, data privacy laws like the California Consumer Privacy Act consider a “sale” to be much more than the traditional concept of exchanging a commodity for currency. Within the past 12 months, when you have done things like interact with Zasio’s website or register for a Zasio webinar, we may have provided your information to a third party service providers in exchange for services such as insights about your use of our website or attendance and participation in one of our webinars. We have written agreements with these service providers, however, that limit their use of your data to specific purposes of performing the services specified in the contract. Zasio does not “sell” personal data as that term is defined in the CCPA. Zasio also does not share your personal data with any third parties for purposes of cross-contextual behavioral advertising.

Service Providers: Zasio utilizes third-party service providers to help us provide our customers with our RIM software and services and perform activities on our behalf. Any service provider with whom Zasio provides personal data, however, is contractually limited to using and disclosing this data solely to provide services to Zasio or to comply with legal requirements, and not for its own, independent use.

Cookies: Some of the cookies we use for our website are provided by third parties for the purpose of providing Zasio with analytics about how people interact with our website. Using the cookie management feature on our website, you can opt out of these third-party cookies by limiting cookies to only those necessary for “Basic Operations.” If you elect not to enable cookies, some website functionality may be impaired. You may also need to renew your cookie choices if you use a different browser, switch provider accounts, or use a different device.

How Long Does Zasio Store Your Personal Information?

We retain your personal data for as long as we have an ongoing legitimate business need to do so (such as to provide you with a service you have requested or to comply with legal, tax, or accounting requirements). After that time, your personal data will be anonymized or deleted. Zasio, however, may retain your personal data for longer periods if we need to assert or defend against legal claims.

Opting Out of Marketing Information.

Zasio only sends marketing communications that you have consented to receive. You can choose whether to continue to receive any marketing communication from us by using the opt-out methods described in that communication. You may also submit a request to opt-out by emailing it to marketing@zasio.com.

Please note that you may not be able to opt out from receiving service- or transaction-related communications for any of our offerings that you have purchased.

Updating Personal Data.

You may request to access, update, change, correct, or delete your personal data by contacting privacy@zasio.com. Zasio responds to data subject requests in accordance with applicable data protection law. To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to any information.

Collecting Information From Children.

Zasio offers business-to-business software and services that are not directed at minor children, and we do not knowingly collect personal data from anyone under 18. If you become aware that anyone has provided us with personal data about a child under 18, please contact us at privacy@zasio.com.

Browser do not track

Certain web browsers may offer a “do not track” setting that requests that a web application disable its tracking of an individual user. Zasio’s website currently does not respond to “DNT” requests, but we will promptly update this privacy notice upon any changes to this practice.

Security

Zasio takes precautions including administrative, technical, and physical measures to help safeguard the information we collect. All information in Zasio’s possession, custody, or control is subject to the controls in our Comprehensive Information Security Management System (ISMS). To learn more about Zasio’s security practices, please visit the security page on our website.

While Zasio has implemented security mechanisms that meet or exceed industry standards, no method of storage or transmission is completely secure, and we cannot guarantee the security of your personal data.

Personal Data Storage.

Zasio is a company in the United States and its website is based in the United States. Personal data collected through our website and our hosted services, as well as for our business purposes, is stored on servers in the United States, and these servers are subject to our security policies and procedures. If you are located outside of the United States, you should be aware your personal data, once collected, will be transferred to servers in the United States, and the United States currently does not have uniform data protection laws.

California Consumer Privacy Act (CCPA) Notice.

If you are a California resident and the CCPA applies to our processing of your personal information, you have certain legal rights. The term personal information in this section has the meaning given in the CCPA, as amended by the California Privacy Rights Act of 2020 (“CCPA”). This CCPA section, however, does not apply to personal information Zasio collects, uses, and discloses on behalf of our customers as a “service provider” under the CCPA.

A person’s rights under the CCPA include:

Right to Know: You have the right to request we inform you of what personal information we collect, use, disclose, or sell, or some or all of these, during the past 12 months. This includes the (i) categories of personal information we collected about you; (ii) categories or sources from which the personal information is collected; (iii) business or commercial purpose for our collecting or selling your personal information; (iv) categories of third parties with whom we share that personal information; and (v) specific pieces of personal information we collected about you.
Deletion: You have the right to request the deletion of your personal information that is collected or maintained by us. Upon our receipt of any verifiable consumer request, California law may require us to delete and direct any applicable service providers to delete your personal information from our records that are not necessary for our business operations.
Correction: You have the right to correct inaccurate personal information that we have collected and maintained about you.
Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of these privacy rights.
Opt-Out of Sale and Sharing: You have the right to request to be opted out from the sale or sharing of your personal information, as those terms are defined under the CCPA. Zasio does not ‘sell’ your personal

Broader Opt-Out of Sale Request: In addition to selecting your cookie preferences when using this website, you can make a broader opt-out of sale request using this link and completing the included form. Should Zasio ever change its practices and “sell” personal information as defined under the CCPA, Zasio will honor any previously-received opt out of sale request in accordance with applicable information privacy law. We do not knowingly sell information about any minor under 16.

Exercising CCPA Rights. To exercise rights you may have under the CCPA, please submit a verifiable consumer request to us by emailing privacy@zasio.com or writing to: Attn. Legal Department, Zasio Enterprises, Inc., 401 W. Front St., Ste. 305, Boise, ID 83702.

Under California law, any request must be described with sufficient detail to allow us to properly understand, evaluate, and respond to it. California law limits consumer requests to twice within a 12-month period. Zasio will not discriminate against you for exercising any CCPA rights.

Verifying Your Identity. To respond to any CCPA request, we must verify you are the consumer who is the subject of the request based on the information we have about you. If we cannot verify your identity based on our records, we will not be able to fulfill your request.

Authorized Agent. The CCPA allows California residents to designate an agent to submit requests on their behalf. Zasio will respond to any verifiable request in accordance with applicable law.

Response to Your Request. Zasio will make all reasonable efforts to respond to a verifiable consumer request within 45 days of receipt, and we will inform you in writing if we need more time (up to 90 days). We will advise you of any reason for denying or restricting a request to the extent permitted by law.

Sensitive Personal Information. Zasio does not use or disclose sensitive personal information (as defined by the CCPA) for restricted purposes that California residents have a right to limit under the CCPA.

Categories of Personal Information. During the past 12 months, we have collected the following categories of personal information under California Civil Code § 1798.140(o)(1), which we may share with our service providers to enable us to provide Zasio offerings to you:

Category	Examples
A: Identifiers	Name, postal address, unique personal identifier, online identifier, device ID, IP address, account name, email address or other similar identifiers.
B: Personal Information Listed in Cal. Civil Code § 1798.80(e)	A name, signature, address, telephone number, education, employment, billing and transactions information.
C: Protected Classification Characteristics	Age, ethnicity, race, languages spoken, gender, veteran or military status. We do not intentionally collect this data, but certain characteristics may be revealed when you volunteer it to us or in other information we collect.
D: Commercial Information	Records and history of products or services purchased, obtained, or considered.
F: Internet or Other Electronic Network Activity Information	Interactions with Zasio’s website or web applications.
G: Geolocation Data	Approximate geolocation data derived from an IP address.
H: Audio, electronic, visual, thermal, olfactory, or similar information	Recordings of any phone or video conference between you and Zasio.
I: Professional or Employment-Related Information	Job title, company, industry.

Processing Subject to European Privacy Law.

To the extent European Union, UK, or Swiss privacy law (“European Privacy law”) applies to your personal data, you may have the following rights in respect of your personal data:

Automated Decision Making: You may object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you. However, we do not process personal data in this manner;
Restrictions on Procession. You may request we restrict the processing of your personal data or object to our processing of your personal data pursuant to (i) a legitimate interest; or (ii) the performance of a task in the public interest;
Withdrawal of Consent. You may withdraw your consent to our processing of your personal data for a purpose to which you previously consented. Any withdrawal of consent, however, does not affect the lawfulness of processing done before you withdrew consent;
Data Portability: In certain circumstances, you may request that we provide certain personal data about you in a machine-readable format; and
Erasure: In certain circumstances, you may request we delete or remove certain personal data we process about you.

To exercise any of these rights, please email Zasio at: privacy@zasio.com. Zasio may need to request additional data from you to validate your request. Zasio will respond to any request in accordance with applicable law.

Supervisory Authority. If you are in the European Union, the European Economic Area, the UK, or Switzerland, you may raise any concern that you may have regarding our use of your personal data by making a complaint to a supervisory authority.

Cross-Border Transfers. If we export your personal data from the European Economic Area or the United Kingdom to the U.S. and are required to apply additional safeguards under European data protection law, we will do so. These include applying the European Commission or UK ICO Standard Contractual Clauses, as appropriate. You may obtain a copy of the EU’s Standard Contractual Clauses here.

Additional privacy rights

At Zasio, we’ve adopted a global approach to privacy. In addition to the rights described in this privacy notice, you may have additional rights regarding the protection of personal data pursuant to the law of your state, country, or region. Zasio is committed to complying with and securing any rights available under all applicable data protection laws and regulations.

Updates to Zasio’s Privacy Notice.

At Zasio, we regularly review and update this privacy notice. To stay up to date on our privacy practices, we encourage you to regularly review this page for any updates.

Contacting Zasio.

At Zasio, we welcome your questions, comments, and concerns regarding this privacy notice and our privacy practices. You can contact us by any of the below methods:

Email: privacy@zasio.com

Phone: 800.513.1000

Mail: Attn: General Counsel, 401 W. Front St., Ste. 305, Boise, Idaho 83702

If you have a disability and need this policy provided to you in a different format, you may also contact us by any of the above means.

Legal

Privacy Notice
Terms of use
Acceptable Use Policy
Cookie Notice
Code of Conduct
Site Map

Corporate Office

401 W. Front St.
Suite 305
Boise, ID 83702

(800) 513-1000

connect@zasio.com

A pioneer in information governance, we continue to expand our technology and consulting services to help businesses of all sizes maintain the highest records management and retention standards.