PRIVACY POLICY

 

INTRODUCTION

Zennio Avance y Tecnología S.L. (“Zennio”, “We”, “Us”) is committed to protecting the privacy of users (“You”, the “User“) of the ZenCom mobile application services (“ZenCom Services, “Service(s)“). This Privacy Policy explains our practices regarding the use of personal data collected and processed through ZenCom mobile application (“ZenCom“) and forms part of our Terms and Conditions of Service.

We collect certain personal data in order to communicate with you and to offer and provide you with our Services. We maintain the security and confidentiality of your data in accordance with applicable law and do not disclose your personal data except as necessary to provide our Services. Without limiting the foregoing, you expressly and unambiguously consent to the collection and processing of your personal data (as identified below) by us in accordance with the stated purposes.

Please read the following text carefully to learn all the details of this Privacy Policy.

 

1. RESPONSIBLE FOR TREATMENT.

The entity responsible for your data is Zennio Avance y Tecnología S.L. CIF B45586724, with address at Río Jarama, 132. Nave P-8.11, 45007, Toledo, Spain . All communications regarding the processing of your personal data should be addressed to info@zennio.com.

 

2. PERSONAL DATA THAT WE PROCESS ABOUT YOU.

A. For the provision of the Services, we process the following data as Data Controller:

Data collected Legal basis Purposes
User Data: When you register for the ZenCom Services, we will collect the following personal data about you: ID code and email address. These details are mandatory and, if not provided, your account cannot be created.

Perform our contract with you (i.e., our License Agreement) to provide our Service to you, or take action at your request prior to entering into such a contract.

 

Legitimate interest for our business, in conducting and managing our business to give you the best service/product and the best and safest experience. We consider and balance any potential impact on you (both positive and negative) and your rights before processing your personal data for our legitimate interest, and we do not use your personal data for activities where our interests are outweighed by the impact on you (unless we have your consent or are required or permitted by law).

Fulfillment of our contract. Communications with you, Manage your account.

To provide you with our services.
Connection data. To fulfill our contract with you. Provision of services to active users. Improve our services and user

 

For intercommunication and remote control of the video door phone through ZenCom we process:

 

A. GETFACE IP ZENNIO video door entry system:

ID, device type, connection code, display usage, configuration and parameters (IP, SW version or connection status).

 

B. Mobile Phone linked to the Video Door Station:

IP address, operating system information, device model, version and App User preferences.

 Legitimate Interest in performing the necessary safety checks and making the necessary improvements. experience.

B. For the provision of the Services, we process the following data as Processors:

When You use ZenCom, We may also process personal data that You enter for which You act as a Data Controller, (i.e. Zennio acts as a Data Processor). In this case, our Data Processing Annex I will apply.

 

3. DATA ACCURACY

It is important that the personal data we hold about you is accurate and up to date. You are responsible for the accuracy of the information you provide to us, and you are expected to update the information you provide to us.

 

4. USE OF DATA

General. We use your personal data to:

  • To provide you with the
  • Perform an internal analysis of operations and users to improve our service based on the preferences of Users who use ZenCom. This analysis is
  • Comply with legal, administrative or judicial obligations to which we are

 

5. DATA DISSEMINATION

We treat your personal data confidentially in accordance with current legislation. Unless otherwise stated, your personal data will not be disclosed to third parties.

Specifically, we disclose your information as follows:

  • We may give access to your personal data to our service providers under contracts for the provision of services in favor of Zennio. Among them:

o Amazon Web Services as an infrastructure service provider (IaaS).

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes and in accordance with our instructions.

  • We may make personal data available to any company interested in buying or acquiring the company or a part of its business and, consequently, give access to any national or international auditor to perform its due diligence.
  • We may make data available to authorities to investigate suspected fraud, harassment or other violations of any law, rule or regulation, or of ZenCom’s

6. DATA RETENTION

We only retain your personal data for as long as necessary to fulfill the purposes for which we have collected it, including to comply with legal, accounting or reporting requirements.

In determining the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve those purposes by other means, and applicable legal requirements.

 

7. INTERNATIONAL TRANSFERS (THIRD PARTY SERVICE PROVIDERS)

We use third party technology services to provide our Services. These entities may be located in jurisdictions that generally do not provide adequate safeguards regarding the processing of personal data. For all entities that are not part of the European Economic Area (EEA), we have entered into contracts with those entities that do include such safeguards, including the European Commission’s model clauses.

7.1 Amazon

The global structure of the servers and the location of the services offered by Amazon is categorized in 4 (four) different areas, where each one consists of different regions, i.e. physical locations where its data centers are installed. Each region is supported by multiple edge locations, data centers that do not belong directly to Amazon, but to a trusted partner of the entity. These servers are directly connected to the Amazon Network Services network.

The use of the Services implies the processing of Amazon through an AWS Lambda, a server where the code is executed only when it is used. Zennio cannot know with certainty where Amazon stores the information, we can only know the different servers that compose it and their locations. A map with the different regions and a more complete map with the regions and edge locations is shown at https://aws.amazon.com/es/about-aws/global-infrastructure/?p=ngi&loc=0.

Entity Service Territory Legal
Amazon (Amazon EU Core Sarl) Infrastructure services (IaaS).

EU, USA

and others

• Privacy Policy Amazon Privacy Policy

• Data Processing Agreement (here)

 

8. SECURITY MEASURES

We implement security measures and personal data protection plans required by law to maintain the confidentiality, availability and integrity of your data and to protect against unauthorized access, modification or destruction.

 

9. YOUR RIGHTS

You have rights under data protection laws in relation to your personal data. In particular, you have the right to access, rectify, request erasure, object to processing, request portability and restrict processing and, in the case of any processing that is based on your consent, you may withdraw your consent.

You also have the right to file any complaint with the competent authority, in this case the Spanish Data Protection Agency (AEPD), C/. Jorge Juan, 6, 28001 Madrid, Spain, but please contact us first.

The above rights may be exercised by contacting us at info@zennio.com.

 

10. GENERAL

We reserve the right to change the terms of this Privacy Policy and will notify you by providing clear notice of these changes by email or on ZenCom, and in this Privacy Policy. If you continue to use our Services after such update, you will be deemed to accept the new terms. If you do not accept the update, please cancel your account, or notify us, and we will terminate your Account and delete all of your personal data (except as required to be maintained for legal reasons), and you will no longer be able to use our Services.

Unless a specific local regulation provides otherwise, the Privacy Policy is governed by the laws of Spain.

Version 2nd: August 30th, 2023

 

ANNEX I

DATA PROCESSING AGREEMENT

Introduction

When you use ZenCom, Zennio processes certain data (“Content”) as a Processor under your instructions as the Controller. This Addendum indicates the processing conditions under which Zennio will process the Content.

1. OBJECT, NATURE AND PURPOSE OF THE PROCESSING

  • Purpose of processing: Access control requested by the User required by the

In order to fulfill the aforementioned purpose, it is necessary for Us to access the Content

entered by You as Data Controller. In our capacity as Data Processors, We will only process such Content for the aforementioned purpose and will not carry out any other processing activities beyond this.

  • Duty to inform the data subject of the processing: it shall be the sole responsibility of the User as Data Controller to inform data subjects about such

2. TYPE OF PERSONAL DATA AND CATEGORY OF DATA SUBJECTS.

  • Type of personal data to which we will have access as Data Processors: (Content) Includes images, voice recordings and other audiovisual content generated in the use of the GETFACE IP ZENNIO video door phone and communicated through ZenCom.
  • Stakeholder categories: Third parties, Users .
  • Authorized processing operations: Transmission of personal data, instant reproduction, instant deletion or destruction, depending on what is necessary for the provision of the

Services and the instructions of the “Data Controller”.

 

3. DEADLINE

The term of validity of the processing carried out shall be subject to the continued use of ZenCom and the maintenance of the User account.

In particular, the Content storage period is limited to the duration of the transmission and instantaneous reproduction of the Content, after which no storage is performed.

 

4. COMPLIANCE WITH DATA PROTECTION LEGISLATION

Each Party shall comply with all applicable laws relating to privacy and data protection, including (without limitation) the EU Data Protection Directive (95/46/EC) as of May 25, 2018, as implemented in each jurisdiction, the EU General Data Protection Regulation ( 2016/679) as of May 25, 2018, the EU Privacy and Electronic Communications Directive (2002/58 / EC) as implemented in each jurisdiction, and any modifications or amendments to legislation from time to time (collectively and individually, “Data Protection Laws”).

 

5. RIGHTS AND RESPONSIBILITIES OF THE USER AS DATA CONTROLLER

As required by applicable law, you, as a ZenCom User and Data Controller, shall:

  • Inform and obtain, when necessary, the consent of third parties for the processing of their personal
  • Implement appropriate technical and organizational measures to ensure and demonstrate that processing is carried out in accordance with applicable
  • Respond to the legal rights of the Stakeholders under applicable personal data protection legislation and comply with the provisions set forth in clause 6.

6. ZENNIO’S RIGHTS AND RESPONSIBILITIES AS DATA PROCESSOR

As established in the applicable laws and regulations, Zennio is committed to:

  • Process the Content solely on the basis of instructions from the User, including transfers to a third country or international organization, unless otherwise provided for under applicable Union or Member State law; in such a case, Zennio will inform you as a ZenCom User of this legal requirement prior to processing, unless prohibited by law or in the public
  • Ensure that persons authorized to process the Content have undertaken to respect confidentiality or are subject to a legal obligation of confidentiality.
  • Adopt all appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing.
  • Respect the conditions of use of another Data Processor, established by current legislation on the protection of personal
  • Assist the User, considering the nature of the processing, through appropriate technical and organizational measures, whenever possible, to enable the User to fulfill its obligation to respond to requests to exercise the rights of data subjects.
  • To assist the User in ensuring compliance with its obligations, considering the nature of the processing and the information available to
  • At the User’s option, destroy or return all personal data as soon as the processing services are terminated and destroy existing copies, unless applicable Union or Member State law requires the retention of personal
  • To provide the User with all information necessary to demonstrate compliance with the obligations set forth herein, as well as to allow and contribute to the performance of audits,

including inspections, by the Data Controller or other auditors authorized by the User.

  • Process the Content of the Application Data made available to Zennio to ensure that the responsible personnel follow the User’s
  • Ensure that DPD (if applicable) or, in his or her absence, the Privacy Officer is involved in an appropriate and timely manner in all matters relating to the protection of
  • Adhere to a Code of Conduct approved by the European Commission or other competent
  • Maintain a record of processing activities in the case of processing of personal data that may involve a risk to the rights and freedoms of the data subject and/or on a non-occasional basis, or which involves the processing of special categories of data and/or data relating to

convictions and offences.

  • Respond to the legal rights established by the applicable legislation and comply with the stipulations indicated in clause 7.

7. EXERCISE OF DATA SUBJECTS’ RIGHTS

If the Stakeholders exercise any of the rights set forth in the General Data Protection Regulation, the User shall provide the requested information and take the necessary measures without delay and at the latest within one month of receipt of the request, which may be extended for another two months if necessary, considering the complexity of the request and the number of requests.

Furthermore, in the event that the User does not act on the request, it shall inform the data subject without delay and, within a maximum of one month from receipt of the request, inform the data subject of the reasons for its failure to act and inform him/her of his/her right to lodge a complaint with a competent authority and to seek judicial remedy. The reply to the request shall be in the same format as that used by the interested party, unless otherwise requested by the interested party.

8. SUBPROCESSOR

Zennio may subcontract its obligations and/or give access to the Content to third party service providers without additional authorization from the User. To this effect, the User expressly agrees that Zennio may subcontract to the entities indicated in section 5 and possibly section 7 of the ZenCom Privacy Policy.

 

9. INTERNATIONAL TRANSFER OF DATA

International transfers of Application Data may only be carried out if they comply with the requirements of applicable national or EU laws and regulations. Zennio uses third party technology services for the provision of the Services, whose providers may process the Content collected in the course of providing theirs, as sub-processors. These entities may be located in jurisdictions that generally do not provide adequate safeguards with respect to the processing of personal data. However, we enter into contracts with these entities that include such safeguards, including the Model Contractual Clauses approved by the European Commission. For more information, please contact info@zennio.com .

10. BREACH OF PERSONAL DATA SECURITY

To the extent that there is an instruction from a competent supervisory authority, a development of national legislation or a delegated act, in the event of a breach of security of personal data, Zennio shall notify the competent supervisory authority of such breach without undue delay and, if possible, no later than seventy-two (72) hours after the occurrence.

11. TERMINATION AND EXPIRATION

In case of termination or expiration of the contractual relationship between the User and Zennio, Zennio will not retain the Content, unless it is legally obliged or desirable to do so. Otherwise, in the event of termination, resolution or expiration, or when it is no longer legally obliged to retain the data, Zennio will destroy or return to the User all personal data and any copies thereof, as well as any media or other documents containing personal data. This is without prejudice to Zennio’s right to continue processing the Content when required by Zennio for the defense of its legal interests.