Privacy Shield Privacy Policy

Last Updated: July 17, 2018

Zoomforth Inc. (“Zoomforth” or “we” or “us” or “our”) complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield.  Zoomforth has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit

A. Definitions

“Data Subject” means the individual to whom any given Personal Data covered by this Privacy Shield Policy refers.

“Personal Data” means any information relating to an identified or identifiable individual residing in the European Union and Switzerland that can be used to identify that individual either on its own or in combination with other readily available data.

“Sensitive Personal Data” means Personal Data regarding an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, physical or mental health, or sexual life.

B. Scope and Responsibility

This Privacy Shield Policy sets forth the privacy principles that Zoomforth follows when processing Personal Data received in the United States of America (“U.S.”) from customers or prospective customers located in the European Economic Area (“EEA”) and Switzerland, while providing services to such customers.  This Privacy Shield Policy does not apply to information collected by Zoomforth from visitors to its websites and from Zoomforth sponsored sales and marketing activities.  This Privacy Shield Policy also does not apply to Personal Data collected through Zoomforth’s recruiting process.  

This Privacy Shield Policy applies to Personal Data transferred from European Union member countries and Switzerland to Zoomforth’s operations in the U.S. in reliance on the respective Privacy Shield framework and does not apply to Personal Data transferred under the EU Standard Contractual Clauses or any approved derogation from the EU Directive.

Some types of Personal Data may be subject to different or additional privacy-related requirements and policies. For example:

  • Personal Data regarding and/or received from a Zoomforth’s customer or prospective customer is also subject to any specific agreement with, or notice to, the customer, including without limitation, data processing agreement or data processing addendum, as well as additional applicable laws.
  • Employee Personal Information is subject exclusively to internal Zoomforth’s employment policies.

All employees of Zoomforth that have access in the U.S. to Personal Data covered by this Privacy Shield Policy are responsible for conducting themselves in accordance with this Privacy Shield Policy.  Adherence by Zoomforth to this Privacy Shield Policy may be limited to the extent required to meet legal, regulatory, governmental, or national security obligations, but Personal Data covered by this Privacy Shield Policy shall not be collected, used, or disclosed in a manner contrary to this policy without the prior written permission of Zoomforth’s Chief Executive Officer. 

Zoomforth employees responsible for engaging third parties to whom Personal Data covered by this Privacy Shield Policy will be transferred are responsible for obtaining appropriate assurances that such third parties have an obligation to conduct themselves in accordance with the applicable provisions of this Privacy Shield Principles, including any applicable contractual assurances required by Privacy Shield.

C. Zoomforth's Role as a Service Provider to its Business Customers

Zoomforth is the creator of certain software applications, tools and products, and in connection with these software products, Zoomforth provides software as a service and platform as a services to enable enterprise customers to build and operate micro websites for their internal and external needs and certain other services, such as professional technical services, data tracking and analytics services, and technical support services (collectively “Services”) to its hosted business customers and prospective customers in the EEA and Switzerland through U.S. offices and employees who may be located in the U.S. These U.S.-based employees may process Personal Data to provide Services to customers and prospective customers located in the EEA or Switzerland.

Business customers using Services through Zoomforth's cloud solutions and platforms are responsible for managing the data that they cause to be inputted, processed or temporarily stored on Zoomforth's platforms.  Generally, Zoomforth’s customers determine the categories of Personal Data and other information that are processed and/or temporarily stored by Zoomforth, how that information will be used, to whom it will be disclosed, and for what purposes.  Similarly, Zoomforth's hosted customers who share data with Zoomforth in connection with any of its Services determine which categories of Personal Data will be shared and for what purposes.  Consequently, Zoomforth does not know the categories of Personal Data to be processed or the purpose(s) of the processing unless and until Zoomforth receives instructions from its customers.  Such Personal Data may include, for example, names, email addresses, home addresses, telephone numbers and other information pertaining to our customers’ employees and employee candidates as well as employees of their respective customers, partners, agents, service providers, suppliers, and licensors.  Many of Zoomforth’s Services provide automated workflows and processes which are not controlled by Zoomforth as a provider of software as a service and platform as a service solutions.  The Services may be controlled by or customized for Zoomforth’s customers and/or may contain menus, dashboards or panels through which Zoomforth’s customers may set certain preferences with respect to processing, retention and deletion of Personal Data and other functions.

When Zoomforth processes Personal Data received from its customers, Zoomforth does so only for the purpose of providing Services pursuant to the customer's instructions.

D. The Customer's Responsibilities with respect to Personal Data

Zoomforth's customers may choose to include Personal Data among the data stored on Zoomforth’s online platforms or shared with Zoomforth in connection with its provision of Services.

Zoomforth processes only the Personal Data that its customers have chosen to share with Zoomforth.  Zoomforth has no direct or contractual relationship with Data Subjects.  As a result, when a customer shares Personal Data with Zoomforth, the customer is primarily responsible as a data controller for satisfying all legal obligations owed directly to each Data Subject under applicable data protection laws.

It is the customer's responsibility to ensure that Personal Data it collects can be legally collected in the country of origin.  The customer is also responsible for providing to the Data Subject any notices required by applicable law and for responding appropriately to the Data Subject's request to exercise his or her rights with respect to Personal Data.  In addition, the customer is responsible for ensuring that its use of Zoomforth’s software products, cloud solutions or platforms or Zoomforth's Services is consistent with any privacy policy the customer has established and any notices it has provided to Data Subjects.

Zoomforth is not responsible for its customers’ or prospective customers’ privacy policies or practices or for the customers’ compliance with such policies or practices. Zoomforth does not review, comment upon, or monitor its customers’ privacy policies or their compliance with such policies.  Zoomforth also does not review instructions or authorizations provided to Zoomforth to determine whether the instructions or authorizations are in compliance with, or conflict with, the terms of a customer's published privacy policy or of any notice provided to Data Subjects.  Customers are responsible for providing instructions and authorizations that comply with their policies, notices, and applicable laws.

E. Privacy Shield Principles

Consistent with the provisions of Sections C and D hereof, Zoomforth commits to subject to the Privacy Shield’s Principles all Personal Data received by Zoomforth in the U.S. from EEA member countries and Switzerland in reliance on the respective Privacy Shield framework. 

1. Notice

Data Subjects covered by this Privacy Shield Policy have the right to be notified about Zoomforth’s data practices regarding Personal Data received by Zoomforth in the U.S. from EEA member countries and Switzerland in reliance on the respective Privacy Shield framework.  This includes the types of Personal Data it collects about them, the purposes for which it collects and uses such Personal Data, the types of third parties to which it discloses such Personal Data and the purposes for which it does so, the rights of Data Subjects to access their Personal Data, the choices and means that Zoomforth offers for limiting its use and disclosure of such Personal Data, how Zoomforth’s obligations under the Privacy Shield are enforced, and how Data Subjects can contact Zoomforth with any inquiries or complaints.  Zoomforth’s customers are responsible for providing this notice to Data Subjects whose Personal Data they collect.  

2. Choice

Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.  Zoomforth’s customers are responsible for informing Data Subjects when they have the right to opt out of such uses or disclosures.  

Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to Zoomforth’s customer that controls the use and disclosure of their Personal Data.  Zoomforth will cooperate with its customers’ instructions regarding Data Subjects’ choices.

3. Accountability for Onward Transfer

Zoomforth will not disclose Personal Data to a third party, except as stated below:

Zoomforth may disclose Personal Data to subcontractors and third-party agents who assist Zoomforth in providing Services to its customers and to business partners who offer products, services, promotions, contests and/or sweepstakes. Before disclosing Personal Data to a subcontractor or third-party agent, Zoomforth will obtain assurances from the recipient that it will: (a) use the Personal Data only to assist Zoomforth in providing the Services; (b) provide at least the same level of protection for Personal Data as required by the Privacy Shield Principles; and (c) notify Zoomforth if the recipient is no longer able to provide the required protections.  Upon notice, Zoomforth will act promptly to stop and remediate unauthorized processing of Personal Data by a recipient.  Zoomforth remains liable under the Privacy Shield Principles if its agent processes Personal Data covered by this Privacy Shield Policy in a manner inconsistent with the Privacy Shield Principles, except where Zoomforth is not responsible for the event giving rise to the damage.

Zoomforth may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements and to comply with applicable laws, cooperate with law enforcement, investigate, prevent or take other action regarding illegal activity, suspected fraud or other wrongdoing, to protect and defend the rights, property or safety of our company, our employees, and our Customers. To the extent permitted, Zoomforth will inform its relevant customer or prospective customer before making such disclosure and provide it with a reasonable opportunity to object to such disclosure.

4. Security

Zoomforth is committed to safeguarding the Personal Data that it receives from the EEA and Switzerland.  While Zoomforth cannot guarantee the security of Personal Data, Zoomforth takes reasonable and appropriate measures to protect Personal Data in Zoomforth’s possession from loss, misuse, unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.

Zoomforth utilizes a combination of online and offline security technologies, procedures and organizational measures to help safeguard Personal Data.  Zoomforth limits access to Personal Data to employees, subcontractors, and third-party agents that have a specific business reason for accessing such Personal Data.  Individuals granted access to Personal Data are aware of their responsibilities to protect such information and are provided appropriate training and instruction.  

5. Data Integrity and Purpose Limitation

Zoomforth's customers are responsible for limiting their collection of Personal Data to that which is necessary to accomplish the purposes disclosed by Customers to Data Subjects and compatible purposes. They also are responsible for providing Zoomforth with instructions for the processing of Personal Data consistent with such purposes.  Zoomforth will process Personal Data only in accordance with the customer's instructions.

Zoomforth's customers also are responsible for ensuring that (a) Personal Data they collect is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the customer's or prospective customer's legitimate business purposes disclosed to the Data Subject and for compatible purposes. Zoomforth will cooperate with customers' and prospective customers' reasonable requests for assistance in meeting these obligations.

In the performance of Services, Zoomforth will retain Personal Data transferred by its customers only for as long as necessary to provide the Services or for compatible purposes, such as to provide additional Services, to comply with legal requirements, or to preserve or defend Zoomforth’s legal rights.

6. Access

Data Subjects have the right to access the Personal Data a data controller holds about them. If such Personal Data is inaccurate or processed in violation of the Privacy Shield Principles, a Data Subject may also request that Personal Data be corrected, amended, or deleted.  

When Zoomforth receives Personal Data, it does so on its customer's behalf.  To request access to, or correction, amendment or deletion of, Personal Data, Data Subjects should contact the Zoomforth'w customer that collected their Personal Data.  Zoomforth will cooperate with its customers' reasonable requests to assist Data Subjects to exercise their rights under the Privacy Shield

7. Recourse, Enforcement, and Liability

Zoomforth’s participation in the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework is subject to the investigation and enforcement authority of the Federal Trade Commission.

In compliance with the Privacy Shield Principles, Zoomforth commits to resolve complaints about your privacy and our collection or use of your Personal Data. EEA and Swiss Data Subjects with inquiries or complaints regarding this Privacy Shield Policy should first contact Zoomforth at:

Zoomforth has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus.  If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.  This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Privacy Shield Annex 1 at

Zoomforth agrees to periodically review and verify its compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. Zoomforth acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of Privacy Shield participants.

F. For More Information

Data Subjects with questions about how Zoomforth processes Personal Data should first contact the Zoomforth's customer that originally collected their Personal Data. Zoomforth can be contacted by emailing

G. Changes to this Privacy Shield Policy

This Privacy Shield Policy may be amended from time to time consistent with the requirements of the Privacy Shield. Zoomforth will post the revised Privacy Shield Policy at this location.

Effective Date: June 7, 2018