What is GDPR?

GDPR stands for General Data Protection Regulation. The GDPR regulates how companies collect and process personal data, what they can and cannot do with that data, and stipulates certain penalties for non-compliance.

Companies that collect and/or process personal data from EU data subjects must be compliant with GDPR by 25th May 2018.

This document is not intended to act as legal advice, or even to dictate the steps our clients and partners should take to be in compliance with the GDPR. Rather, our goal is to share how Zaius plans to be GDPR compliant and enable our clients to be GDPR compliant. GDPR will necessitate a significant amount of cooperation across the digital media marketplace, and Zaius stands ready to be a privacy safe partner.

What is Privacy Shield?

Privacy Shield is one mechanism that enables companies to address the cross-border data transfer requirements imposed under GDPR. Privacy Shield is a framework for US companies to transfer data easily from the EU.

Zaius is an active participant in Privacy Shield.

In compliance with the Privacy Shield Principles, Zaius commits to resolve complaints about our collection or use of personal information. Any questions you receive from customers in regard to this policy may be forwarded to compliance@zaius.com.

Zaius has additionally committed to refer unresolved Privacy Shield complaints to BBB EU Privacy Shield, an alternative dispute resolution provider. If your users do not receive timely acknowledgment of their complaint from us, or if we have not addressed their complaint, they may contact:

Council of Better Business Bureaus, Inc.
BBB EU Privacy Shield
3033 Wilson Boulevard, Suite 600
Arlington, VA 22201

Is Zaius a data processor or a data controller?

Zaius is a data processor and Zaius clients are data controllers. A data controller is the entity which determines the purposes and means of processing Personal Data. A data processor is an entity that processes personal data on behalf of a data controller.

Do you have any updates to your Terms of Service? 

Zaius will prompt all customers to agree to an updated ToS with a Data Processing Agreement (DPA). A DPA is an amendment to the Zaius Platform Agreement that outlines the usage of Personal Data.

For those clients that have not requested a custom Data Processing Agreement, we will prompt you on login to accept the updated agreement with the DPA.

If your team has any questions about our standard DPA, please contact compliance@zaius.com.

When: The updated ToS and Privacy Policy will be provided in early May 2018.

What companies does Zaius send PII to (who are your sub-processors)?

Sub-processors are companies used by Zaius for processing of personal data. You can access our tentative list of sub-processors within the Zaius app.

Just visit Account Settings -> Compliance -> GDPR Sub-Processors

Should I ask for consent to collect personal data or to send messages?

Zaius customers are generally data controllers under GDPR. Accordingly, it is our customers (and not Zaius) who determine the legal basis for processing. And Zaius (as a data processor) will process the data as directed by each customer. We strongly recommend that our customers determine the legal basis with the help of legal counsel and after having conducted a data protection impact assessment.

Two of the most common (but not the only) grounds for processing EU personal data in a marketing context under GDPR are: a) consent and b) legitimate interest.

For Zaius customers seeking consent, we offer a consent API which may be helpful.

How do I handle Deletion, Access, and Opt-Out requests from my customers?

Zaius provides methods for Zaius Clients to request deletion, access, opt-out on behalf of Data Subjects and for Data Subjects to make these requests directly.

There are two methods to handle GDPR data subject requests:

Compliance API – Opt-Out

Who can use? Zaius Clients on behalf of Data Subjects
When is it available? Documentation available now and the API will be deployed early to mid-May

Request Form – Opt-Out, Access, Deletion

Who can use? Zaius Clients on behalf of Data Subjects & Data Subjects themselves
When is it available? Available Now

Who is Zaius’ Data Protection Officer (DPO)?

The DPO is an individual retained by Zaius for the purposes of audits, training, and privacy consultation.

Zaius is utilizing the services of ePrivacy as our Data Protection Officer:

ePrivacy GmbH
Große Bleichen 21
20354 Hamburg • Germany

Phone +49 40 60 94 518 – 10
Fax +49 40 60 94 518 – 20
Mobile +49 151 23 44 99 00


I missed your GDPR webinar, are you doing another one?

No problem! You can access our GDPR webinar here.

For any other questions, please contact compliance@zaius.com.