3. TRANSPARENCY/NOTICE — Types of Personal Information We Collect and How We Use It
The types of Personal Information we may collect (directly from you or from Third-Party sources) and our privacy practices depend on the nature of the relationship you have with Zeplin and the requirements of applicable law. Some of the ways that Zeplin may collect Personal Information include:
- You may provide Personal Information directly to Zeplin through interacting with the Services, participating in surveys or events, registering for sweepstakes, and requesting Services or information.
- As you navigate the Services, certain passive information may also be collected about your visit, including through cookies and similar technologies as described below.
We endeavor to collect only that information which is relevant for the purposes of Processing. Below are the ways we collect Personal Information and how we use it.
3.1 Types of Personal Information We Collect
Zeplin collects Personal Information regarding its customers, users, and visitors to the Services (collectively “Individuals”).
- Information You Provide Directly to Us. When you use the Services or engage in certain activities, such as registering for an account with Zeplin, responding to surveys, requesting Services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:
- Account Creation. When you create an account, we will collect Personal Information including your name and email address.
- Communications with Us. We may collect Personal Information from you, such as your email address, when you choose to request information about our Services, provide us with feedback about our Services, register for Zeplin’s newsletter or a loyalty program that we may offer from time to time, request to receive customer or technical support, or otherwise communicate with us.
- Surveys. From time to time, we may contact you to participate in online surveys. If you do decide to participate, you may be asked to provide certain information which may include Personal Information. All information collected from your participation in our surveys is provided by you voluntarily. We may use such information to improve our products and/or Services and in any manner consistent with the policies provided herein.
- Posting on the Services. Zeplin may offer publicly accessible pages, blogs, private messages, or community forums. You should be aware that, when you disclose information about yourself on these pages, blogs, private messages, and community forums, the Services will collect the information you provide in such submissions, including any Personal Information. If you choose to submit content to any public area of the Services, such content will be considered “public” and will not be subject to the privacy protections set forth herein.
- Registration for Events, Webinars or Office Visits. Zeplin and its trusted business partners may invite you to register for events or webinars, or to visit our offices. We ask those guests to provide contact information (e.g., an email address). If you register for events or webinars, or visit our offices, your contact information may be used for promotional, marketing and business purposes. All such follow-on communications will provide a way for participants to opt-out of any further communications.
- Registration for Sweepstakes or Contests. Occasionally, Zeplin may run sweepstakes and contests. We ask those who enter the sweepstakes or contests to provide contact information (e.g., an email address). If you participate in a sweepstakes or contest, your contact information may be used to reach you about the sweepstakes or contest, and for other promotional, marketing and business purposes. All sweepstakes/contests entry forms will provide a way for participants to opt-out of any communications that are not related to awarding prizes.
- Automatic Data Collection. We may collect certain information automatically through our Services or other methods of web analysis, such as your Internet protocol (IP) address, cookie identifiers, mobile carrier, mobile advertising identifiers, MAC address, IMEI, Advertiser ID, and other device identifiers that are automatically assigned to your computer or device when you access the Internet, browser type and language, geo-location information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Services, and other actions taken through the use of the Services such as preferences. If you are not an account-holder when this information is collected, we may subsequently ascribe this information to your account if and when you create one.
- Feedback Submitted Via Services. You agree that Zeplin is free to use the content of any communications submitted by you directly to Zeplin via the Services, including any ideas, inventions, concepts, techniques, or know-how disclosed therein, for any purpose including developing, manufacturing, and/or marketing goods or Services. Zeplin will not release your name or otherwise publicize the fact that you submitted materials or other information to us unless: (i) you grant us permission to do so; (ii) we first send notice to you that the materials or other information you submit to a particular part of a Service will be published or otherwise used with your name on it; or (iii) we are required to do so by law.
- Information from Other Sources. We may receive information about you from other sources, including through Third-Party services and organizations to supplement information provided by you. For example, if you access our Services through a Third-Party application, such as an App Store (including the Apple App Store, Google Play App Store, or Amazon App Store) or Social Networking Site (“SNS”), we may collect information about you from that Third-Party application that you have made available via your privacy settings. Information we collect through App Stores or SNS accounts may include your name, your SNS user identification number, your SNS user name, location, sex, birth date, email, profile picture, and your contacts on the SNS. This supplemental information allows us to verify information that you have provided to Zeplin and to enhance our ability to provide you with information about our business, products, and Services.
3.2 How Zeplin Uses Your Information
We acquire, hold, use, and Process Personal Information about Individuals for a variety of business purposes, including:
To Provide Products, Services, or Information Requested. Zeplin may use information about you to fulfill requests for products, Services, or information, including information about potential or future Services, including to:
- Generally manage Individual information, Workspaces and accounts;
- Respond to questions, comments, and other requests;
- Provide access to certain areas, functionalities, and features of Zeplin’s Services;
- Contact you to answer requests for customer support or technical support;
- Allow you to register for events or visit our offices.
Administrative Purposes. Zeplin may use Personal Information about you for its administrative purposes, including to:
- Measure interest in Zeplin’s Services;
- Develop new products and Services;
- Ensure internal quality control and safety;
- Verify Individual identity;
- Carry out audits;
- Communicate about Individual accounts and activities on Zeplin’s Services and systems, and, in Zeplin’s discretion, changes to any Zeplin policy;
- Send email to the email address you provide to us to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance;
- Process payment for products or services purchased;
- Process applications and transactions;
- Prevent and prosecute potentially prohibited or illegal activities;
- Enforce our agreements; and
- Comply with your legal obligations.
Marketing Zeplin Products and Services. Zeplin may use Personal Information to provide you with materials about offers, products, events, and Services that may be of interest, including new content or Services via the email address you provide. Such uses include:
- To tailor content, advertisements, and offers;
- To notify you about offers, products, events, and services that may be of interest to you;
- To provide Services to you;
- For other purposes disclosed at the time that Individuals provide Personal Information; or
- Otherwise with your consent.
You may contact us at any time to opt-out of the use of your Personal Information for marketing purposes, as further described in Section 5 below.
Research and Development. Zeplin may use Personal Information to create de-identified information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and Services or develop new products and Services. From time to time, Zeplin may perform research (online and offline) via surveys. We may engage Third-Party service providers to conduct such surveys on our behalf. All survey responses are voluntary, and the information collected will be used for research and reporting purposes to help us better serve Individuals by learning more about their needs and the quality of the products and services we provide. The survey responses may be utilized to determine the effectiveness of our Services, various types of communications, advertising campaigns, and/or promotional activities. If an Individual participates in a survey, the information given will be used along with that of other study participants. We may share de-identified Individual and aggregate data for research and analysis purposes.
Third Party Marketing. Individuals who provide us with Personal Information, or whose Personal Information we obtain from Third Parties, may receive periodic emails from us with information on Zeplin’s or our business partners’ products and services or upcoming special offers/events we believe may be of interest. We offer the option to decline these communications at no cost to the Individual by following the instructions in Section 5 below.
De-identified and Aggregated Information Use. Zeplin may use Personal Information and other information about you to create de-identified and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Zeplin’s Services, or other analyses we create. De-identified and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. De-identified or aggregated information is not Personal Information, and Zeplin may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. We may share this information within Zeplin and with Third Parties for our or their purposes in a de-identified or aggregated form that is designed to prevent anyone from identifying you.
Sharing Content with Friends or Colleagues. Zeplin’s Services may offer various tools and functionalities. For example, Zeplin allows you to provide information about your friends through our referral services, such as “Tell a Friend.” Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services. Email addresses that you may provide for a friend or colleague will be used to send your friend or colleague the content or link you request, but will not be collected or otherwise used by Zeplin or any other Third Parties for any other purpose.
Other Uses. Zeplin may use Personal Information for which we have a legitimate interest, such as direct marketing, individual or market research, anti-fraud protection, or any other purpose disclosed to you at the time you provide Personal Information or with your consent.
3.3 Cookies, Pixel Tags/Web Beacons, Analytics Information, and Interest-Based Advertising
- Cookies. Cookies are small text files placed in visitors’ computer browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Site may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the Site that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement.
- Google Analytics. We may also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics on some of our Services, and to develop website content. For more information about Google Analytics, please visit https://www.google.com/policies/privacy/partners. You can opt out of Google’s collection and Processing of data generated by your use of the Services by going to https://tools.google.com/dlpage/gaoptout or, if you are not a web user of the Services (i.e., a user of the macOS version of the Services), by visiting the Zeplin support page at https://support.zeplin.io/en/articles/3413009-opt-out.
- Mixpanel. We use a service provided by Mixpanel, Inc. (“Mixpanel”) to provide us with analytics data regarding users’ interactions with our Site and Services. You may opt-out of Mixpanel’s automatic retention of data that is collected while using the Services by visiting https://mixpanel.com/optout or, if you are not a web user of the Services (i.e., a user of the macOS version of the Services), by visiting the Zeplin support page at https://support.zeplin.io/en/articles/3413009-opt-out. To track opt-outs, Mixpanel uses a persistent opt-out cookie placed on your device. Please note that if you get a new computer, install a new browser, erase or otherwise alter the browser’s cookie file (including upgrading certain browsers), you may delete the Mixpanel opt-out cookie.
Our uses of such Technologies fall into the following general categories:
- Advertising or Targeting Related. We may use first-party or third-party cookies and web beacons to deliver content, including ads relevant to your interests, on our sites or on third party sites. This includes using technologies to understand the usefulness to you of the advertisements and content that has been delivered to you, such as whether you have clicked on an advertisement.
If you would like to opt-out of the Technologies we employ on our sites, services, applications, or tools, you may do so by blocking, deleting, or disabling them as your browser or device permits.
3.4 Third-Party Websites, Social Media Platforms, and Software Development Kits
The Zeplin Services may contain links to other websites and other websites may reference or link to our Services. These other domains and websites are not controlled by us, and Zeplin does not endorse or make any representations about Third-Party websites or social media platforms. We encourage our users to read the privacy policies of each and every website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.
Zeplin’s Services may include publicly accessible blogs, community forums, or private messaging features. The Services may also contain links and interactive features with various social media platforms (e.g., widgets). If you already use these platforms, their cookies may be set on your device when using our Services. You should be aware that Personal Information which you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online, or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your information when interacting with a social media platform, and by using such services you assume the risk that the Personal Information provided by you may be viewed and used by third parties for any number of purposes.
3.5 Third-Party Payment Processing
When you make purchases through the Services, we process your payments through Stripe (https://stripe.com), a Third-Party application. The Third-Party application may collect certain financial information from you to process a payment on behalf of Zeplin, including your name, email address, address and other billing information.
3.6 Data Storage and Processing
We use infrastructure and storage services from Third-Party infrastructure providers to provide you with Zeplin services. Zeplin uses Amazon Web Services (https://aws.amazon.com) for processing, data storage and other additional services as needed.
4. Onward Transfer — Zeplin May Disclose Your Information
4.1 Information We Share
Our Customers (Your Employer / Organization). If you use the Services on behalf of your employer or another organization, including by accessing their Workspace, you acknowledge and agree that we may provide your Personal Information to that employer or organization, including to their Administrator, in order to provide the Services.
We Use Vendors and Service Providers. We may share any information we receive with vendors and service providers. The types of service providers (processors) to whom we entrust Personal Information include service providers for: (i) provision of IT and related services; (ii) provision of information and services you have requested; (iii) payment processing described above; (iv) customer service activities; and (v) in connection with the provision of the Services. These third parties (https://zeplin.io/subprocessors) will access your Personal Information to perform tasks on Zeplin’s behalf, and we’ll remain responsible for their handling of your Personal Information per our instructions. Zeplin has executed appropriate contracts with the service providers that prohibit them from using or sharing Personal Information except as necessary to perform the contracted services on our behalf or to comply with applicable legal requirements.
Some of the service providers we use include:
- Intercom. We use Intercom (https://www.intercom.com) to facilitate communications with, maintain information about, and collect publicly available information about our customers and users. You may opt-out of Intercom informational emails by using the unsubscribe link included in every email. For more information on Intercom’s services, please visit https://www.intercom.com.
Displaying to Other Users. The content you post to the Services may be displayed on the Services, including to Workspace Administrators. Other users of the Services may be able to see some information about you, such as your name if you submit a review or collaborate on a project with another user. We are not responsible for the privacy practices of the other users who will view and use the posted information.
Marketing – Interest-Based Advertising and Third Party Marketing. Through our Services, Zeplin may allow Third-Party advertising partners to set tracking tools (e.g., cookies) to collect information regarding your activities (e.g., your IP address, page(s) visited, time of day). We may also share such de-identified information as well as selected Personal Information (such as demographic information and past purchase history) we have collected with Third-Party advertising partners. These advertising partners may use this information (and similar information collected from other websites) for purposes of delivering targeted advertisements to you when you visit non-Zeplin related websites within their networks. This practice is commonly referred to as “interest-based advertising” or “online behavioral advertising. We may allow access to other data collected by the Services to facilitate transmittal of information that may be useful, relevant, valuable or otherwise of interest to you. If you prefer that we do not share your Personal Information with Third-Party advertising partners, you may opt-out of such sharing at no cost by following the instructions in Section 5 below.
Disclosures to Protect Us or Others (e.g., as Required by Law and Similar Disclosures). We may access, preserve, and disclose your Personal Information, other Account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce Zeplin policies or contracts; (v) to collect amounts owed to Zeplin; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable. In addition, from time to time, server logs may be reviewed for security purposes – e.g., to detect unauthorized activity on the Services. In such cases, server log data containing IP addresses may be shared with law enforcement bodies in order that they may identify users in connection with their investigation of the unauthorized activities.
4.2 Data Transfers
All Personal Information collected via or by Zeplin may be stored anywhere in the world, including but not limited to the United States, the European Union, in the cloud, on our servers, on the servers of our affiliates or the servers of our service providers. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request.
5. Opt-Out (RIGHT TO RESTRICT PROCESSING)
You have the right to opt out of certain uses and disclosures of your Personal Information. Where you have consented to Zeplin’s Processing of your Personal Information, you may withdraw that consent at any time and opt-out to further Processing by contacting email@example.com. Even if you opt-out, we may still collect and use non-Personal Information regarding your activities on our Services and/or information from the advertisements on Third-Party websites for non-interest based advertising purposes, such as to determine the effectiveness of the advertisements.
5.2 Email and Telephone Communications
5.3 Mobile devices
Zeplin may occasionally send you push notifications through our App. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. Zeplin may also collect location-based information if you use our App. You may opt-out of this collection by changing the settings on your mobile device.
5.4 “Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
5.5 Cookies and Interest-Based Advertising
As noted above, you may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. Please note that cookie-based opt-outs are not effective on mobile applications, including our App. However, on many mobile devices, App users may opt out of certain mobile ads via their device settings.
The online advertising industry also provides websites from which you may opt-out of receiving targeted ads from their advertising partners that participate in self-regulatory programs. These partners may include some of our data partners. You can access these, and also learn more about targeted advertising and consumer choice and privacy, at http://optout.networkadvertising.org, or https://www.youronlinechoices.eu and http://optout.aboutads.info.
Further information may be found on the Zeplin support page at https://support.zeplin.io/en/articles/3413009-opt-out.
6. Rights of Access, Rectification, Erasure, and Restriction
For purposes of the California Consumer Privacy Act of 2018 (“CCPA”), we do not sell your Personal Information.
In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your Personal Information; (ii) obtain access to or a copy of your Personal Information; (iii) receive an electronic copy of Personal Information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) restrict our uses of your Personal Information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Information; and (vi) request erasure of Personal Information held about you by Zeplin, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us at firstname.lastname@example.org. We will process such requests in accordance with applicable laws. To protect your privacy, Zeplin will take steps to verify your identity before fulfilling your request.
7. Data Retention
8. Security of Your Information
By using the Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services or sending an email to you. You may have a legal right to receive this notice in writing.
9. International Users
If you are visiting from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and to the Processing of your data globally.
Where applicable and required, the standard contractual clauses annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021 (“Model Clauses”) will govern the collection, use, and retention of Personal Information transferred from the European Union and Switzerland to the United States.
10. Children’s Privacy
The Services are not directed to children under 13 (and in certain jurisdictions under the age of 16) years of age, and Zeplin does not knowingly collect Personally Identifiable Information from children under 13 (and in certain jurisdictions under the age of 16) years of age. If we learn that we have collected any Personal Information from children under 13 (and in certain jurisdictions under the age of 16), we will promptly take steps to delete such information.
11. Redress/Compliance and Accountability
12. Other Rights and Important Information
- New Uses of Personal Information. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will endeavor to provide information regarding the new purpose and give you the opportunity to opt-out. Where consent of the Individual for the Processing of Personal Information is otherwise required by law or contract, Zeplin will endeavor to comply with the law or contract.
12.2 California Privacy Rights
The following capitalized terms shall have the meanings herein as set forth below.
- “Administrator” means an authorized administrator of the Services for an employer or organization and its Authorized Users.
- “Personal Information” shall have the meaning assigned to the terms “personal data” and/or “personal information” under applicable data protection laws.
- “Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- “Third Party” is any company, natural or legal person, public authority, agency, or body other than the Individual, Zeplin or Zeplin’s agents.
- “Workspace” means a unique digital space designated for an employer or organization where a group of Authorized Users may use the Services.