Privacy Policy

By ZEST

Zest Security – Website – Privacy Policy

Last updated: March 24, 2024

This privacy policy (“Privacy Policy“) explains how Zest Security Inc. and its affiliates (“Company “) collect, process and share personal data of you (“Users”) in connection with the Company website available at zestsecurity.io (“Site“). This Privacy Policy is an integral part of the terms of use of the Site, which are available at https://zestsecurity.io/terms  (“TOU” together with the Privacy Policy, the “Terms”). For the purpose of this Privacy Policy “Personal Data” shall mean personal data or personal information pursuant to the applicable data protection law. 

  • APPLICABILITY.
      1. User is not under any legal obligation to submit personal data to Company. However, if User chooses not to do so, certain Services (as defined in the TOU) might not be available to User. 
  • By attempting to use or access, or by using or accessing the Site, User agrees to be bound by the Terms. If User does not agree with the Terms, User must not access and/or use the Site. 
      1. Company may change this Privacy Policy from time to time, therefore User should check back periodically. Any amended Privacy Policy will come into effect when posted on the Site. Company will seek User’s prior consent to any material changes, if and where this is required by applicable data protection law.
      2. Capitalized terms not defined herein shall have the meaning assigned to them in the TOU.
  • PERSONAL DATA COLLECTED BY COMPANY. 
  • Information provided by User. Company may collect any information User provides Company with, including but not limited to information provided by User voluntarily when using the Site, e.g., when User submits the User’s contact information User when registering for the waiting list on the Site by pressing the “submit” button (or any other similar button on such page), including but not limited to User’s name, surname, email address, phone number company and job title. 
  • Information collected automatically. Company may automatically collect data when User visits, interacts with, or uses the Site, including but not limited to by:
        1. Identifiers and information contained in cookies; 
        2. User’s settings preferences, backup information; 
        3. Content User viewed or searched for, page response times, and page interaction information (such as scrolling, clicks, and mouse-overs);
        4. Network and connection information, such as the Internet protocol (IP) address and information about User’s Internet service provider; 
        5. Device information, such as browser type and version, operating system, or time zone setting; location of the device, encounters with other devices using the Site. 
  • COMPANY’S USE OF PERSONAL DATA.
      1. Company may process User’s personal data to operate, provide, and improve the Site, including but not limited to: 
        1. contacting User and communicating with User with respect to the Site and/or Company’s services; 
        2. identifying User’s interests and recommending offers that might be of interest to User; 
        3. marketing and promoting Company’s services;
        4. providing assistance, notification and support; 
        5. fulfilling User requests; meeting contractual or legal obligations; 
        6. protecting Users security, e.g. preventing and detecting fraud;
        7. internal purposes, e.g. trouble shooting, data analysis, testing and statistical purposes. 
      2. Except as provided herein, Company does not use any personal data obtained hereunder, without obtaining User’s prior consent. 
  • COOKIES AND THIRD-PARTY SERVICES.
      1. Company may use tracking mechanisms such as cookies on the Site so that Company may: 
        1. facilitate and customize the User’s experience of the Site, 
        2. track User’s use of the Site, 
      2. A cookie is a small text file that is stored on a User’s computer for record-keeping purposes which contains information about that User. Most browsers automatically accept cookies, but User may be able to modify its browser settings to decline cookies. Please note that if User declines or deletes these cookies, some parts of the Site may not work properly. This Privacy Policy does not apply to any products, services, websites, links or any other content that may be offered by third parties on the Site (e.g., pop-up additions). 
      3. By clicking on a link to a third-party website or service on the Site, a third party may also transmit cookies to User. This Privacy Policy does not cover the use of cookies by any third parties, and Company is not responsible for such third parties’ privacy policies and practices. Company does not have any control over any third parties’ privacy practices, or the technology used by any third parties in order to collect any personal data. Each User is advised to thoroughly review such third parties’ privacy policies before making any use of such third party’s products and services.
  • SHARING PERSONAL DATA OF USER. 
      1. Company may be required to retain or disclose personal data in the following cases:
        1. Provide User’s with the Services;
        2. comply with applicable laws or regulations;
        3. comply with a court order, subpoena or other legal process;
        4. respond to a lawful request by a government authority, law enforcement agency or similar government body; 
        5. engage with third-party service providers and/or sub-contractors which provide services for Company’s business operations, a list of which can be received upon request;
        6. disclose and/or transfer data to another entity if Company is acquired by or merged with another entity, if Company sells or transfer a business unit or assets to another entity, as part of a bankruptcy proceeding, or as part of any other similar business transfer;
        7. Company believes release is appropriate to comply with the law, enforce or apply Company’s terms and other agreements, or protect the rights, property, or security of Company, Users, or others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction.
  • When Company shares User’s data with third parties as specified above, Company makes reasonable efforts to require such recipients to agree to only use the personal data Company shares with them in accordance with this Privacy Policy and Company’s contractual specifications and for no other purpose than those determined by Company in line with this Privacy Policy.
  1. SECURITY. 

Company has taken appropriate technical and organizational measures to protect the information Company collects about User from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. User should be aware, however, that no data protection and security measures can guarantee 100% protection and security of any data stored either with Company or with any third-parties.

    1. USERS IN THE EUROPEAN ECONOMIC AREA (EEA)
  • Definition. Personal Data” means data that may be used, either alone or together with other information, to identify an individual user, including, without limitation, a user’s name, address, telephone number, username, email address, city and country, geolocation, unique identifiers, picture, or other similar information and includes personal data as defined in the General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR“). 
  • Legal Basis for Processing of Personal Data

Company will only process User’s Personal Data if it has one or more of the following legal bases for doing so:

  1. Contractual Necessity: processing of Personal Data is necessary to enter into a contract with User, to perform Company’s contractual obligations to User under the TOU, to respond to requests from User, or to provide User with customer support;
  2. Legitimate Interest: Company has a legitimate interest to process User’s Personal Data;
  3. Legal Obligation: processing of User’s Personal Data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
  4. Consent: processing of User’s Personal Data with User’s consent.
  • User’s Rights regarding Personal Data
      1. Subject to applicable law, User has certain rights with respect to User’s Personal Data, including the following:
        1. User may ask whether Company holds Personal Data about User and request copies of such Personal Data and information about how it is processed;
        2. User may request that inaccurate Personal Data is corrected;
        3. User may request the deletion of certain Personal Data;
        4. User may request Company to cease or restrict the processing of Personal Data where the processing is inappropriate;
        5. When User consents to processing User’s Personal Data for a specified purpose by Company, User may withdraw User’s consent at any time, and Company will stop any further processing of User’s data for that purpose.
      2. In certain circumstances, Company may not be able to fully comply with User’s request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, however, in those circumstances, Company will still respond to notify User of such a decision.  
      3. User can exercise User’s rights of access, rectification, erasure, restriction, objection, and data portability by contacting Company at the email address set forth below. In some cases, Company may need User to provide Company with additional information, which may include Personal Data, if necessary to verify User’s identity and the nature of User’s request.
  • Transfer of User’s Personal Data outside of the EEA
    1. The data that Company processes in relation to Users may be transferred to, and stored at a destination outside the European Economic Area (“EEA“), e.g., Israel and the USA, that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who works for us or for one of our service providers: (i) in order to store it; (ii) where we are legally required to do so; (iii) in order to facilitate the operation of our businesses, where it is in our legitimate interests and we have concluded these are not overridden by User’s rights.
    2. Where Personal Data is transferred by Company or Company’s affiliates in relation to providing the services Company will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, which may include by entering into European Commission approved standard contractual clauses relevant to transfers of Personal Data and that it is treated securely and in accordance with this Privacy Policy.
  • INTERNATIONAL STORAGE

Each User is advised to be aware that personal data Company collects may be transferred to, processed and stored outside User’s jurisdiction, and that data protection laws in the jurisdiction where the information is collected stored and/or processed may differ from User’s jurisdiction including in Israel, the EU, and the US, as reasonably necessary for the proper performance and delivery of the Company services, or as may be required by law. Each User hereby gives User’s consent to this transfer, processing and storage of User’s information outside User’s jurisdiction. 

  • RETENTION

Company will retain users Personal Data for a period of time consistent with the original purpose of collection (see Section ‎3, “Company’s Use of Personal Data”). Company determines the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of Users’ Personal Data processed, the potential risk of harm from unauthorized use or disclosure of Users’ Personal Data, and whether Company can achieve the purposes of the processing through other means, as well as on the basis of applicable data protection law requirements (such as applicable minimum statutory retention requirements). After the expiration of the applicable retention periods, Company will delete Company Personal Data. If there is any data that Company are unable, for technical reasons, to delete entirely from Company’s systems, Company will put in place appropriate measures to prevent any further use of such Personal Data.

  • CHILDREN’S PRIVACY

Company does not knowingly collect or solicit any information from anyone under the age of 18. The Site is not directed at children under the age of 18. In the event that Company learns that it has collected personal data from a child under the age of 18 without consent from a parent or a guardian, Company will delete that personal data as quickly as possible. If User believes that Company might have any information from or about a child under 18, User should contact Company at the email address set forth below. 

  • QUESTIONS REGARDING USER’S PERSONAL DATA?  

If User has any questions about this Privacy Policy or Company’s privacy and/or data protection practices in general, please contact us at [email protected]