(Last Update May 21, 2018 and Effective Date May 24, 2018)
This Policy applies to individuals that subscribe to and use any Zix service, as well as individuals that do not subscribe to or use any Zix service but may have sent or received emails to or from users or subscribers of Zix services or who visited the Site. This Policy applies to all information collected through the Site, regardless of how you access the Site. That is to say, this Policy applies whether you are accessing our Site on a computer, mobile device like a tablet, or phone. We may also speak with you face to face (for example at a conference) or by telephone (for example when you make a support call). Those conversations are also covered by this Policy. By providing information to us when subscribing, contacting or communicating with us, or using the Site, you expressly agree to this Policy.
This Policy does not apply to information collected through the use of ZixOne, any other Zix mobile applications or any third party products or services, even if resold by Zix. For more information regarding ZixOne, click here.
Information collected by Zix through its password protected sites, such as zixmessagecenter.com, control.greenviewdata.com, and manage.erado.com, and through customer use of the Zix, Greenview Data, and Erado services is also governed, to the extent applicable to the relevant services, by Zix’s Terms and Conditions, Zix’s License and Services Agreements for the applicable services, Zix’s End User License Agreements, the Greenview Data Services Agreement, Erado’s Terms and Conditions, the SpamStopsHere Specific Terms and other applicable Services Agreements (collectively, “Terms”). Please carefully review those Terms.
Zix collects information that you voluntarily provide when: using the Site, our products or services; participating in our surveys, contests, and other promotions; registering for our events or resources; subscribing to our email listings; applying for a job; communicating with us; or requesting that we contact you. The information we collect includes information relating to identified or identifiable natural persons. Examples of information we collect include contact information, such as names, mailing addresses, email addresses, and phone numbers; financial information, such as credit card number numbers; credentials, such as passwords, password hints, and authentication data; content data, such as the content of the messages you send to us; and resume data, such as your employment history, transcript, writing samples, and references. We also collect broad demographic and statistical information, such as your state and county of residence.
Zix collects your email address when you register to use the Zix services. Zix also receives and records your name and the credit card information that you supply if you pay to use the Zix services. In addition, Zix collects a variety of information about users and subscribers to Zix services and about other individuals that send or receive email to or from such users and subscribers. That information includes, without limitation, email address, Zix services passwords and passphrases, email message content, and information about Zix email accounts. We also collect metadata about emails, such as header information (e.g., sender, recipient, time sent, to, from, cc, date, subject line), file structure, operating systems used, system components, and hardware used. These types of metadata information are not encrypted by Zix because they are required for email delivery and analysis. The content of email messages and attachments (including non-spam messages) will not always be encrypted if you use the advanced threat protection services, including but not limited to during spooling for delivery and on the way to quarantine. Further, if you choose to use manual review, you understand that message content will not be encrypted so that we can perform the requested manual review of the email content, which may include some non-spam messages.
If you use the Erado services, we collect communications information for archival purposes on behalf of, and as directed by, our customers. This information may include emails, texts, websites, social media messages or posts, and other forms of data or electronic communications. This information includes data about our customers and the third parties they correspond with.
If you choose to refer a friend or business entity to Zix, we will ask you for certain information about your friend or a contact at the business entity. We may contact the referred party using the contact information you provide (such as by email, postal mail, landline phone, and mobile phone, as applicable). Zix stores this information for its marketing purposes, to track the success of the referral program, and to determine our obligations under the referral program. Individuals referred through our consumer referral program may contact us at email@example.com to request that we cease contacting the individual in connection with the referral program.
When you request technical support, Zix collects your name, employer, email address, mailing address, and phone number in order to provide this requested service to you. You have the option of providing additional information to support including your demographic information (such as your state and country of residency), operating system, browser, Internet service provider (“ISP”), connection type and email program that you are using. We encourage you to provide the additional information so that we can determine specific regional problems (such as natural disasters or power outages caused by cuts through fiber optic cable) or isolate problems relating specifically to your particular operating system, email program or browser, thus enabling us to provide a more accurate response to your support requests.
Zix automatically receives certain information about your device and how your device interacts with our Site. Examples of such information include your device’s IP address and other device identifiers, device type, browser type (such as Chrome®, Firefox®, Internet Explorer® and Safari®), referring page, pages visited, and time spent on our Site. We use various current – and later – developed tracking technologies to collect this information, including cookies, web beacons, and embedded scripts. Zix may combine such information with other types of data it collects about you, such as your email address, and will treat that combined information in accordance with this Policy.
When your Web browser or email application requests content from another device on the Internet, it automatically gives that device the address where the requested information should be sent. This is called your device's “IP address.” (IP stands for “Internet Protocol.”)
Zix and our service providers receive your IP address each time you obtain content from the Site. We may use your IP address for various purposes, including diagnosing service or technology problems that are associated with your IP address, conducting analytics, and estimating the total number of users visiting the Site from specific locales, countries or regions of the world. An IP address may generally indicate a user’s physical location. We do not, however, collect precise location data (such as GPS or mobile device coordinates). IP addresses and access times may be linked to your email address, but this combined information is for our internal use only and is not shared with third parties.
When you request content from the Site, information related to that request is collected and stored in log files on our servers. That information includes the date and time of the request, and the IP address of the device that requested the content. We use log files for debugging and troubleshooting purposes.
If you do not accept cookies or disable these technologies, you may not be able to use all portions or functionality of our services.
Small graphic images or other web programming code called web beacons (also known as "clear GIFs"), which may be invisible to you, may be included in our web pages and e-mail messages. Web beacons may be used for a number of purposes, including, without limitation, to count visitors to the Site, to monitor how users navigate the Site, to count how many e-mails that were sent were actually opened or to count how many particular links were actually viewed.
An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on. The code is temporarily downloaded onto your device from our server or a third party service provider, is active only while you are connected to the Site, and is deactivated or deleted thereafter.
We receive information about you from third parties who are lawfully permitted to share your information with us. For example, if you are on another web site and you provide information that the website operator indicates will be provided to Zix, that website operator will typically forward the information you provide. We may contact you using the information you provided, in accordance with your communication preferences. We may also combine the information we receive from third parties with information we collect or already maintain in order to ensure the records we hold about you are accurate and up to date. In those cases, we will apply this Policy to the combined information, plus any additional restrictions imposed by the source of the data.
In addition, we supplement the information we collect with outside records from third parties in order to provide you with information, services or goods you have requested, to enhance our ability to serve you, and to tailor our content to you. These third party sources vary over time, but have included data brokers from which we purchase demographic data, third party partners and resellers, our customers, social media platforms, lead generation providers, content sponsors, and publicly-available sources such as open government databases or data in the public domain. We may combine the information we receive from those other sources with information we collect through the Site. In those cases, we will apply this Policy to the combined information, plus any additional restrictions imposed by the source of the data.
Zix uses information about you for our legitimate interests, including as follows:
We also use information about you with your consent, including as follows:
Some of our lawful bases for processing your information stem from our customers on whose behalf we provide services.
Zix uses email message and attachment content in order to provide and improve our products and services. For example, if you request Zix to host and operate a ZixGateway appliance on your behalf (the Zix™ Hosted Services), we may automatically scan outbound email and attachments to determine whether they should be encrypted in accordance with your policies, to provide you with usage reports and to improve our email filters, and we may collect and retain the content and attachments of outgoing email messages until they are delivered or the messages expire in accordance with your policies. Likewise, if you subscribe to our advanced threat protection service, we may automatically and manually (with your consent) scan inbound email and attachments to protect you against advanced threats, to provide you with usage reports and to improve our email filters, and we may collect and retain the content and attachments of inbound email messages until they are delivered or the messages expire in accordance with your settings.
If you use the Site to apply to work with us (for example via www.zixcorp.com/company/careers) we will use the information you supply to process your application and to monitor recruitment statistics. We retain de-identified statistical information about applicants to help inform our recruitment activities. Zix is headquartered in the United States and employee and recruitment data is held there and in other Zix locations worldwide. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give the employee more details about how we hold employee data.
Zix will not sell or rent your information, except in the event that Zix (or some or all of its assets) is merged with, sold to, or otherwise transferred to, one or more third parties. In such an event, customer information might be included among the transferred assets and Zix reserves the right to share information it has about you. Notwithstanding any such transfer, your information will remain subject to this Policy. Our customer database could be sold separately from the rest of the business, in whole or in a number of parts. It could be that the purchaser’s business is different from ours too. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or prominent notice on our Web site for 30 days of any change in ownership or uses of your information, as well as any choices you may have regarding your information.
Depending on the Zix service you use, Zix may share your information, or the information of your friends, family, or of others to whom you refer Zix, including but not limited to the categories of information described above in the Section entitled “Information that we collect,” public encryption codes for your email address, information about your account usage (including the number of email messages and attachments, if any, that you sent, and the list of recipients, subject and size of the combined text body of those email messages and attachments), and other information as follows:
We use testimonials from our customers, with their express consent, in order to show our customers and potential customers how Zix services have benefited others. To request removal of your information from the testimonials on our Site, contact us at firstname.lastname@example.org. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to do so and why.
Without limiting the foregoing, Zix shares with certain business partners, advertisers, and other third parties certain aggregated data that does not identify you, including usage, demographic and statistical information and analytics data collected using third party web analytics services, for various purposes except as prohibited by applicable law.
To analyze traffic to our Site (excluding zixmessagecenter.com and zixmessagecentre.com), Zix uses various web analytics services, which may independently set and access their own tracking technologies (including cookies, web beacons, and embedded scripts) and collect or have access to information about you.
In addition, Zix works with network advertisers and ad agencies to serve our advertisements on other web sites, within third party applications, and across the Internet, and to provide us with information regarding the effectiveness of our advertisements. For example, if you clicked on a Zix advertisement that led you to one of our corporate sites, our service provider(s) and we may be able to determine which Zix advertisement you clicked on and where you were viewing the advertisement. However, Zix’s advertising providers do not receive information regarding your use of the ZixMessage Center or your Greenview Data or Erado accounts, such as any URL you access within the message center or email message content you view.
Zix advertisements may be targeted to your company by our advertisers based on your IP address and your web browsing activity on non-Zix websites. Zix’s advertising providers may also attempt to store a cookie or other tracking technology on your device. While we use a variety of service providers to perform advertising and analytics services, you may wish to visit www.networkadvertising.org/managing/opt_out.asp, which provides information regarding this practice by Network Advertising Initiative (“NAI”) members, including the “opt-out” procedures of NAI members. If you are visiting this site from the European Union, you may be able to “opt-out” of certain interest-based ads by visiting www.youronlinechoices.eu. Please note this does not opt you out of being served ads. You will continue to receive generic ads. Zix does not control the information collection, use, or sharing practices of third party analytics providers or advertisers. Some of these parties may collect your information when you visit the Site or other online websites and services. We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
Some of our Sites offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to do so and why. The blog or community forums may include certain social features (also known as third-party widgets), which may permit interactions that you initiate between the blog or community forums and a third party web site or service. Social features may include enabling you to “like” or “share” our content on other web sites or services, such as Facebook, Google+, Twitter, or LinkedIn. If you use social features, Zix may receive or have access to certain information about you and your use of the social features. These social features may collect your IP address, which page you are visiting on the blog or community forum, and may set a cookie to enable the social feature to function properly. Social features are either hosted by a third party or hosted directly by us. The information we collect or receive in connection with social features is subject to this Policy. The information collected and stored by the provider of the social features remains subject to the that third party’s privacy practices, including whether the third party continues to share information with us, the types of information shared, your choices with regard to what is visible to others on that third party web site or service and whether your information can be deleted from the third party site.
In connection with certain services that it provides, Zix uses Google API Services as part of an authentication and authorization framework to request access to Google user data. The Google user data we request through the Google API Services includes email addresses and basic profile information, and Zix uses such Google user data to verify user email addresses and manage the provisioning of administrator status on its domains. Any Google user data Zix collects through Google API Services is only used for such purposes and deleted after such use.
You may set or change your ZixMail PassPhrase and encryption codes, ZixMessage Center PassPhrase, Greenview Data, or Erado account password at any time. If you forget or would like to change your ZixMessage Center PassPhrase, you may create a new or ZixMessage Center PassPhrase by registering again.
You may request deletion or deactivation of your ZixMail, ZixMessage Center, Greenview Data, or Erado account by sending an email to firstname.lastname@example.org. Please see the “Data storage” section of this Policy to read about data storage after your account has been deleted. Please note that it may take up to 30 days for your deletion or deactivation request to come into effect.
Subject to certain exceptions, upon request and provided you provide us sufficient information to confirm your identity, we will provide you the information that you have submitted to us through your ZixMail, ZixMessage Center, Greenview Data, or Erado account for the purpose of enabling you to correct, amend, or delete any inaccuracies. You may make this request to us via email at email@example.com or visit the Site for online help at www.zixcorp.com/support/contact-support. If we are not able to provide the information that you are requesting within 30 days of receipt of your request, we will provide you a timeline for providing the requested information. If we deny access to your information, we will explain why access was denied and give you contact information for further inquiries regarding the denial of access. If you are unhappy with our answers you can write to our Chief Privacy Officer, who can also be reached at firstname.lastname@example.org.
If you no longer wish to receive marketing emails from Zix, you can opt-out by (1) following the instructions provided in the emails, as applicable; (2) sending an email to email@example.com; or (3) visiting the Site at www.zixcorp.com/support/contact-support.
Data subjects in Europe have additional rights as set forth in the section entitled “European Privacy Rights” below.
Zix takes reasonable precautions, including the maintenance of reasonable physical, electronic, and procedural safeguards, to help protect your information from loss, misuse, and unauthorized or illegal access, disclosure, alteration, modification, use or destruction. Zix has implemented reasonable security measures to help protect your email address and the Zix service passwords associated with your email address from unauthorized access or disclosure, alteration, unlawful destruction or accidental loss. When appropriate, Zix uses industry-standard encryption to protect certain data (e.g., credit card numbers) during transmission. The servers on which we store your information are kept in an environment that is environmentally controlled and monitored 24 hours per day, 7 days per week. Although Zix uses reasonable efforts to help protect your information, transmission via the Internet is not completely secure and Zix cannot guarantee the security of your information. In particular, it remains your responsibility:
If you think that any of your accounts has been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. You should also tell us as soon as you can so that we can try to help you keep your account secure and if necessary warn anyone else who could be affected.
Most account information (including email addresses, public keys, names, and mailing addresses, but excluding credit card information used for payment to Zix) is stored on multiple disk storage systems at our data centers in the United States or the United Kingdom, or on servers in Canada, Singapore, and Amsterdam. This means that we redundantly store data on more than one server in one of those locations. We may also store email messages on servers outside the United States and the United Kingdom, including on servers in Canada, Singapore, and Amsterdam.
Zix stores only the salted hash of a Zix service password. This means that we don’t hold your Zix service password itself but rather a unique encrypted version of it. ZixMessage Center email messages that you send or receive via Zix services will ordinarily expire from our disk storage systems based on the expiration time set by the sender at the time the email was sent (typically 1 to 21 days from the day the email message was sent). If you request deletion of your Zix service account, that account will be deactivated and your email address and information will be removed from our user registration database associated with that Zix service within 30 days, subject to any need we have to hold onto the data for longer to meet any legal, auditing or regulatory requirements and subject to any commitments we have given to third parties – for example your employer if your employer paid for your Zix services account. You may also request deletion of all your Zix service accounts. If we do delete any of your accounts, those accounts will be reinitiated if another email is sent to you using a Zix service. Email header information maintained for purposes of transaction logging, and user account information maintained for disaster recovery purposes, will be held longer than the content of email messages, as described above, in order to provide Zix services and support, including technical support and business continuity, to our customers.
If you use advanced threat protection services, including ZixProtect and SpamStopsHere, there will be particular points in time when the content of email messages and attachments (including non-spam messages) will not be encrypted, including but not limited to during spooling for
delivery and on the way to quarantine. Further, if you choose to use the manual review option, the content of those emails and attachments will be stored in unencrypted form for purposes of manual review.
Zix’s Site, products, and services are not designed for or directed to children under the age of 13, and Zix does not knowingly collect personal information as defined by the Children’s Online Privacy Protection Act (“COPPA”) from anyone under the age of 13. If you are under the age of 13, please do not provide personal information of any kind whatsoever and please do not use Zix products and services or participate in Zix’s surveys, contests, events, and other promotions.
When California customers provide personal information as defined by California’s “Shine the Light” to a business, they have the right to request certain disclosures if that business shares the personal information with third parties or affiliates for the third parties’ or affiliates’ direct marketing purposes. Once per calendar year the customer may request that the business provide a list of companies with which it shares the personal information for the third parties’ or affiliates’ direct marketing purposes, and a list of the categories of personal information that the business shares. As stated in this Policy, we do not share personal information with third parties or affiliates for those third parties’ or affiliates’ direct marketing purposes. California customers may request further information about our compliance with this law by e-mailing firstname.lastname@example.org or contacting us by mail at 2711 N. Haskell Avenue, Suite 2200, LB 36, Dallas, Texas 75204-2960, USA. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address.
If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
If your information has been processed by us on behalf of one of our customers and you wish to exercise any rights you have with such information, please inquire with our customer directly. If you wish to make your request directly to Zix, please provide the name of the Zix customer on whose behalf Zix processes your information. We will refer your request to that customer, and will support them to the extent required by applicable law in responding to your request.
If you have any issues with our compliance, you have the right to lodge a complaint with a European supervisory authority.
We are based in the U.S. and the information we collect is governed by U.S. law. If you are accessing the Site or the Zix services from outside of the U.S., please be aware that information collected through the Site or the Zix services may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Service or Zix services therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information in the U.S. and other jurisdictions as set forth in this Policy. If your data is collected in Europe, we will transfer your personal data subject to appropriate or suitable safeguards, such as the Privacy Shield Framework discussed below.
Zix participates in the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union to the U.S. Zix has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. For purposes of this section, Zix refers to the following U.S. legal entities: Zix Corporation, ZixCorp Systems, Inc., ZixCorp Global Inc., and Greenview Data, Inc.
In accordance with our obligations under the Privacy Shield, and subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we hereby affirm our commitment to subject to the Privacy Shield Principles all personal data transferred from the European Union in reliance on the Privacy Shield. This means that, in addition to our other obligations under the Privacy Shield Principles, we shall be liable to you for any third party agent to which we transfer your personal data and that processes such personal data in a manner that violates the Privacy Shield Principles, unless we can demonstrate that we are not responsible for the resulting damages.
To learn more about the Privacy Shield Framework, and to view Zix’s certification, please visit https://www.privacyshield.gov/. A list of companies certified under the Privacy Shield Framework is available at the following link: https://www.privacyshield.gov/list.
Zix, with the exceptions of Greenview Data and Erado, is registered with the United Kingdom Information Commissioner’s Office. Our registration number is Z304946X. You can view Zix’s registration on the UK ICO website.
If you have questions, concerns or suggestions about this Policy or Zix’s privacy practices, please contact us:
By email: email@example.com
2711 N. Haskell Avenue
Suite 2200, LB 36
(Attn: Chief Privacy Officer)
By phone: +1 (214) 370-2200
For EU-specific requests, you can reach our EU representative at:
ZIX Corporation Limited