- Information You Share with Us
- Other Information We Collect
- How We Use Your Information
- Information We Share and Disclose
- How We Protect Your Information
- Managing Your Personal Information
- International Users
INFORMATION YOU SHARE WITH US
With your consent through our ZoomShops or website, we may collect Personal Information, such as your name, phone number, mailing address, and email address. This enables us to give you the best service and provide you with functionality that benefits you and is common in retail experiences, such as providing you with a receipt via email or providing you with loyalty discounts by identifying you.
If you make a purchase from a ZoomShop, we collect non-PCI DSS protected card data such as the first six and last four digits of your card number and your name. This information is required to perform and complete your purchase transaction. We also collect your email or phone number if you wish to receive a receipt via these methods.
PCI-DSS data we collect is managed by and sent directly to our Service Providers. In some cases, our Service Providers may tokenize that card data to register a uniquely identifiable token (unique user ID) and provide that to us.
Unique user IDs or digital codes that may be used to uniquely identify you may also be collected, such as a membership number to a retail loyalty program. In some cases, you may also submit a scan of your Driver’s License, Passport or Identity Card that is used to verify your identity in order for us to deliver a product registered in your name, or complying with local and federal regulations around dispensing regulated products.
In the past twelve months, we collected the following categories of Personal Information from our website and ZoomShops:
- Phone numbers
- Email addresses
- Unique User IDs
- Scans of identity records such as Driver’s Licenses or Passports
- Non-PCI DSS protected card data
If you submit Personal Information to us when applying for a position with our company, the information is solely used in connection with considering and acting upon your application.
OTHER INFORMATION WE COLLECT
We use demographic analysis software in our ZoomShops to capture Non-Identifiable Information in order to improve the quality of our Service. We use a camera, which does not record any imagery, but instead temporarily transfers pixels to a volatile memory (RAM) for a period of between 66 and 200 milliseconds. The pixels are compared against a database and then completely erased from volatile memory. We do not capture, convert, store, or share any Personal Information through this process. The resulting data that is captured, converted, stored or shared is only aggregated data that is completely anonymous.
In some rare cases, we use security cameras in our ZoomShops. Where security cameras are recording constant streaming video, cameras will be visible and accompanied by a clear notice advising you that security surveillance video recording is in progress.
The ZoomShop also automatically records Non-Identifiable Information such as:
- Date of Use
- Interaction Data
- Transaction Information
- So that you do not have to re-enter it during your visit to zoomsystems.com
- To provide custom, personalized content and information
- To monitor the effectiveness of our website and aggregate metrics, such as total number of visitors, traffic, and demographic patterns
- To diagnose or fix technology problems reported by our users or engineers that are associated with certain IP addresses
- To help you efficiently access your information after you sign in
- To track content and users to the extent necessary to comply as a service provider with the Digital Millenium Copyright Act
- To automatically update any ZoomSystems applications on your system and related devices
HOW WE USE YOUR INFORMATION
In general, Personal Information you provide to us is used to complete purchase transactions in the ZoomShop. With your consent, we may also use your Personal Information to, for example:
- Manage your account and provide you with customer support
- Communicate with you by email, postal mail, telephone, and/or mobile devices about products or services that may be of interest to you
- Personalize your experience
- Improve the quality of our service
- Administer a contest, promotion, survey, or other feature
- Provide technical support
We also engage with several Service Providers to process your information on our behalf so that we can provide you the best user experience, as well as for our internal purposes. These Service Providers allow us to, for example:
- Connect you with the proper department when you contact us
- Manage PCI-DSS data
- Communicate with you via email
- Securely process your payment information
- Aggregate Non-Identifiable Information to improve our service
- Collect, maintain, and analyze candidate submissions for employment
We use Non-Identifiable Information to help us improve our Service. We also aggregate anonymous Non-Identifiable Information in order to track trends and analyze use patterns at our ZoomShops.
We will only retain your information for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. We consider the amount, nature, and sensitivity of your Personal Information, the potential risk associated with an unauthorized disclosure of your Personal Information, and our purposes for processing your Personal Information when assessing the appropriate retention period for your information.
We may share information with Swyft, Inc. (“Swyft”), our parent company, in order to provide innovative and consistent experiences across our ZoomShops and Swyft’s SwyftStores. We also may process information about you between us and Swyft for these purposes, as permitted by applicable law.
INFORMATION WE SHARE AND DISCLOSE
In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred.
HOW WE PROTECT YOUR INFORMATION
We implement security measures designed to protect your information from unauthorized access in compliance with the European Union’s General Data Protection Regulation. These security measures include:
- Secure socket layer technology
- PCI DSS compliance for financial information
In the event that Personal Information is compromised as a result of a breach of security, we will promptly notify you if we deem the breach material, or as otherwise required by law.
MANAGING YOUR PERSONAL INFORMATION
You may opt-out of future messages from us by sending an unsubscribe request to us at firstname.lastname@example.org.
You may request and obtain from us twice a year, free of charge, upon the receipt of a confirmation of identity:
- Categories of Personal Information collected about you
- Categories of sources from which that Personal Information is collected
- Our purposes for collecting your Personal Information
- Categories of third parties with whom we share your Personal Information
- Specific pieces of Personal Information that we have collected about you
We are not required to reidentify or link Non-Identifiable Information.
If the Personal Information you provided to us is incorrect, you may request we fix it for you. You may request and obtain from us the rectification of inaccurate Personal Information by providing a supplementary statement to our privacy team.
You may request your Personal Information be deleted, unless:
- Your Personal Information is required to complete a transaction
- Your Personal Information is used to detect and protect against security incidents
- Your Personal Information is used to identify and repair errors that impair ZoomShop functionality
- Your Personal Information is used for our internal uses
- Non-deletion is required by law
You may also request that we stop processing your Personal Information if:
- It is inaccurate
- We no longer need it
- You want us to stop but do not want your Personal Information deleted
- When you have provided relevant and reasoned objection to your local supervisory authority if you are a resident of the European Union
If you are a resident of the European Union, you have a right to lodge a complaint with a local supervisory authority when you have any objection to our processing of your Personal Information. However, we would appreciate the opportunity to first address your concerns—so please contact us first!
Our privacy team is responsible for your Personal information. You may contact our privacy team by:
ZoomSystems Privacy Team
601 Montgomery Street, 16th Floor
San Francisco, CA 94111
+1 800 xxx-xxxx
Our website is maintained in and our business is operated in the United States. By providing us with your Personal Information, you acknowledge and agree that your Personal Information may be processed for the purposes identified in this policy. You freely and specifically give us your consent to export and use your information within the United States. You understand Personal Information stored in the United States may be subject to lawful requests by the courts or law enforcement authorities in the United States. If you are located in the European Union, whenever we transfer your Personal Information to Service Providers outside of the European Union, we ensure appropriate safeguards are used in such transfer.
Protecting the privacy of children is especially important to us. For that reason, we do not knowingly collect or solicit Personal Information from individuals under the age of 13. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 13 is allowed to provide any Personal Information to us. If you are over 13, you must be old enough to consent to the processing of Personal Information in your country.
In the event that we learn we have collected Personal Information from an individual under the age of 13 or under the age of consent to processing without verification of parental consent, we will delete that information as quickly as practicable. If you believe we might have any information from or about an individual under the age of 13, or who is unable to legally consent in his or her country, please contact the Data Controller.
Last Updated: July 5, 2019