Privacy Notice

Last updated: 2023/06/25

Preamble

This is the Privacy Policy of the website: https://zk.me/. zk.me is a brand of the zkMe Technology Limited.

Please note: Separated Privacy Policies are available for the products offered by zkMe Technology Limited.

Privacy is one of our core values, so zkMe Technology Limited. (“we”,“us”,“our” or “zkMe”) respects your privacy. The Website collects and uses Personal Data as needed in order for us to provide you with top-notch websites, services, and support (collectively, our "Services").

Our Services are specifically designed to minimize the amount of data that is collected about you ("you", or "User") and to remove the need for any central data storage or data sharing requirement. In order to interact with you and improve the Services, we do collect some information. Your personal data includes information such as:

  • Name
  • Address
  • Phone number
  • Email address
  • Other data (such as IP Address, interaction time etc.) that could indirectly identify you
  • Our Website Privacy Policy will explain to you what data we collect, and how we use your personal data. It also describes how you can access, update, or otherwise take control of the personal data that we have collected from you. We (the zkMe Technology Limited), being a software-as-a-service business, take our responsibilities with regard to the requirements of CCPA and the EU GDPR very seriously.

    1. Definitions

  • CCPA
  • the California Consumer Privacy Act of 2018, Civil Code sections 1798.100.

  • EU GDPR
  • the General Data Protection Regulation 2016/679 (GDPR) is a regulation in European Union (EU) law on data protection and privacy in the EU and the European Economic Area (EEA).

  • Consent
  • any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of their Personal Data;

  • Data Processor
  • zkMe Technology Limited where it processes personal data;

  • Data Providers
  • third-party service providers or public authorities used to collect additional information necessary for the provision of the Services.

  • Data Subject
  • any Visitor whose Personal Data zkMe Technology Limited may process;

  • Personal Data
  • any information relating to an identified or identifiable Data Subject;

  • Personal Data Breach
  • a breach of data security leading to unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

  • Personal Data Processing
  • any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

  • Special Categories of Personal Data
  • Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;

  • Third-Party Processors
  • processors authorised to process data activities under the direct authority of zkMe Technology Limited;

  • Visitor
  • any individual using the Website and connected Services;

  • Website
  • https://zk.me/

    2. What data is collected?

    Your Personal Data is collected from you when:

    a. You visit our Website;

    b. You request assistance form our customer support team by filling out the 'Contact Us' form;

    c. You complete surveys, subscribe to newsletters, or request other information from us;

    d. You participate in contests, apply for a job, or participate in activities where we may require information about you.

    In order to deliver the best Services to you, we may collect the following information:

  • Visitor Personal Data may be collected upon your explicit Consent when you interact with the Website (e.g., by filling out contact forms). The information collected may include your full name, email address, job description and contact phone number. Additionally, technical data regarding the date, time and activity on the Website; IP address and domain name; software and hardware attributes; general geographic location (e.g., city, country) from Data Subject's device may be collected.
  • Job applicants Personal Data may be collected upon your explicit Consent when you interact with the Website's job application form. The information collected may include your full name, email address, contact phone number, work and education history details. Additionally, technical data regarding the date, time and activity on the Website; IP address and domain name; software and hardware attributes; general geographic location (e.g., city, country) from Data Subject's device may be collected.
  • Service Usage Data is automatically collected when you interact with our Services. This information may include data about your interactions with the features, content and links contained in our Services, time of interaction, browser type and configuration, operating system used, IP address, language preferences, and other cookie data. While none of this data will allow us to directly identify who you are, some of this data can be used to approximate your location.
  • Supplementary Data may be received about you from Data Providers. We may combine this data with the information we already have about you in order to maintain accuracy of our records, and provide products and services that you may be interested in.
  • We do not process any Special Categories of Personal Data.

    3. How we use data

    We very strongly believe in minimizing the data we collect. We will only use your data when we have been given permission to do so, when it is needed to deliver the Services or for legal compliance or other lawful purposes. These usages include:

  • Delivering, updating, and improving the Services that we provide to you. We collect various data you use and interact with our Services. We use this data to:
  • Improve and optimize the performance of our Services
  • Identify and investigate security risks, errors, problems, and needed enhancements to our Services
  • Detect and prevent fraud and abuse of our Services
  • Collect statistics about the use of our Services
  • Analyze how you use our Services and which of our Services are most relevant to you
  • Most of the data that we collect is statistical data about how people use our Services and is not linked to any Personal Data.
  • Sharing with Third-Party Processors. We may share your personal data with affiliated companies within our corporate family and with trusted Third-Party Processors in order for them to perform certain tasks on our behalf. This may include:
  • Delivering content and communications to you (such as email)
  • Analyzing Service usage and customer demographics
  • Conducting surveys or contests
  • Managing customer relationships
  • We only share what is needed for the Third-Party Processor to perform the tasks on our behalf. These third parties are prohibited from using, sharing, or keeping your personal data for any other purpose, and are bound to strict data processing terms and conditions.

  • Communicating with you. We may contact you directly regarding the Services or offers for additional services if you give us consent, or when it is allowed based on legitimate interests. The methods of contact may include:
  • Email
  • Phone calls
  • Text messages
  • You may update your newsletter subscription preferences by contacting us as described in the "Contact Us" section below.

  • Website analytics. We use various third-party web analytics tools such as Google Analytics to collect information on how you interact with our website. This data may include information on which pages you visit, how much time you spend on each page, which operating system and browser you use, and geographic location information. These tools will place cookies in your browser for this purpose which can only be used by the service provider. The data collected may be transmitted to and stored by these service providers in a country other than where you reside. This information does not include personal data such as names, addresses, email addresses, etc, and will be stored and used in accordance with their own privacy policies.
  • Targeted Advertisements. Our third-party partners may use technologies such as cookies to gather information regarding your activities on our web pages and other websites in order to provide you with advertising based on your interests, and to measure the effectiveness of the advertisements.
  • Compliance with legal, regulatory, and law enforcement requests. We cooperate with law enforcement and government officials and private parties to comply with the law. We will, in our sole discretion, disclose any information about you to such parties as necessary to respond to claims and legal processes, to protect our property and rights or the property and rights of a third party, to protect the safety of the public or an individual, or to prevent or stop illegal or unethical activity.
  • We always rely on the appropriate legal grounds of Personal Data Processing, which may depend on the Personal Data Processing purposes:

  • for the cookie-file processing, consent is obtained via the cookie banner (§6(1)(a) of the GDPR) on the Website;
  • for emailing Visitors regarding compliance-related advice, news and guidelines after they have consented (§6(1)(a) of the GDPR) to it by ticking a special box in the 'Contact Us' form on the Website;
  • when the information presented by job applicants is reviewed, two legal grounds equally apply: (i) §6(1)(c) of the GDPR ("compliance with a legal obligation" based on labour laws to which zkMe Technology Limited is subject); and (ii) §6(1)(f) of the GDPR;
  • when information is collected during a business inquiry or communication, zkMe relies on §6(1)(b) of the GDPR, including carrying out due diligence.
  • We process Personal Data under §28 of the EU GDPR. We may determine the purposes and means of Personal Data Processing under §24 of the EU GDPR. We ensure that no Personal Data is used for any purposes incompatible with the aforementioned ones. If we are legally permitted to do so, we will take reasonable steps to notify you in the event we are required to provide your information to third parties as part of a legal process.

    It should be underlined that we do not sell Personal Data and strictly comply with restrictions and prohibitions under CCPA and the EU GDPR.

    4. How we secure and retain data

    We adhere to the principles of personal data protection as envisaged in CCPA and the EU GDPR. In accordance with these principles, Personal Data is:

  • Processed fairly and lawfully and in a transparent manner in relation to the Data Subject;
  • Processed for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed;
  • Kept accurate and up to date;
  • Retained in a form permitting identification of Data Subjects for no longer than is necessary for the purposes for which they are processed;
  • Not retained longer than necessary;
  • Processed in a manner that ensures their appropriate security;
  • Not transferred outside the EEA without adequate protection. follow generally accepted standards to collect, store and protect Personal Data, including the use of encryption.
  • We retain personal data for as long as it is needed to provide the Services.
  • 5. Your Data Subject rights

    You may contact our Data Protection Officer (DPO) for any reason through the "Contact Us" form or via the following e-mail address: contact@zk.me.

    If you make a request to delete your personal data, that request will be honored only to the extent where the data is no longer needed for the Services, or when it is no longer required for our business, legal or contractual record-keeping requirements. Any request to delete all or any personal data related to a visitor is fulfilled within 30 days. This period is justified by the complexity of the systems and technologies we operate to process the data.

    Where a Personal Data Breach occurs or is suspected, it is reported immediately to the DPO or the CEO and, where applicable, to the data protection authority and the individual affected by the breach. The report includes full and accurate details of the incident (including its reasons and magnitude) and sets out the planned measures intended to eliminate the breach.

    As the Data Controller, we respect and guarantee the following rights of each Data Subject:

  • Right to obtain confirmation as to whether or not his or her personal data are being processed (§15 of the EU GDPR);
  • Right to rectification (§16 of the EU GDPR);
  • Right to erase Personal Data (§17 of the EU GDPR) if one of the following applies: (i) the Personal data is no longer necessary in relation to the purposes for which was collected or otherwise processed; (ii) Data Subject objects to the Processing and there are no overriding legitimate grounds for the Processing; (iii) the Personal Data have been unlawfully processed;
  • Right to restrict personal data processing (§18 of the EU GDPR) if one of the following applies: (i) the accuracy of the personal data is contested; (ii) the processing is unlawful and the Data Subject objects to the erasure of the Personal Data and requests to restrict their use instead; (iii) zkMe Technology Limited no longer needs the Personal Data for the purposes of the processing, but they are required by the Data Subject to establish, exercise or defend legal claims; (iv) the Data Subject has objected to processing pending the verification whether zkMe Technology Limited legitimate grounds override those of Data Subject;
  • Right to be informed (§19 of the EU GDPR);
  • Right to data portability (§20 of the EU GDPR);
  • Right to object (§21 of the EU GDPR) if the processing is justified by the "public interest" or "legitimate interest" legal ground as set out in point (e) and (f) of §6(1) of the GDPR;
  • Right not to be subject solely on automated processing (§22 of the EU GDPR) unless one of the following applies: (i) such decision is necessary for entering into, or performance of a contract; (ii) such decision is authorised by the law to which zkMe is subject and which also lays down suitable measures to safeguard the Data Subject's rights and freedoms and legitimate interests, or (iii) such decision is based on the Data Subject's explicit consent;
  • Right to lodge a complaint (§77 of the EU GDPR).
  • We guarantee that making a request for receiving personal data is free unless a reasonable cost is to be charged where requests are unfounded or excessive or repetitive in character.

    6. Changes to the Privacy Policy.

    This Website Privacy Policy is constantly reviewed and amended in order to provide appropriate compliance with CCPA and the EU GDPR.