GDPR

WHAT IS GDPR?

GDPR stands for General Data Protection Regulation. The GDPR regulates how companies collect and process personal data, what they can and cannot do with that data, and stipulates certain penalties for non-compliance.

Companies that collect and/or process personal data from EU data subjects must be compliant with GDPR by 25th May 2018.

This document is not intended to act as legal advice, or even to dictate the steps our clients and partners should take to be in compliance with the GDPR. Rather, our goal is to share how Zaius plans to be GDPR compliant and enable our clients to be GDPR compliant. GDPR will necessitate a significant amount of cooperation across the digital media marketplace, and Zaius stands ready to be a privacy safe partner.

IS ZAIUS A DATA PROCESSOR OR A DATA CONTROLLER?

Zaius is a data processor and Zaius clients are data controllers. A data controller is the entity which determines the purposes and means of processing Personal Data. A data processor is an entity that processes personal data on behalf of a data controller.

DO YOU HAVE ANY UPDATES TO YOUR TERMS OF SERVICE? 

The Zaius TOS includes a Data Processing Agreement (DPA) specific to the GDPR framework. A DPA is an amendment to the Zaius Platform Agreement that outlines the usage of Personal Data.

If your team has any questions about our standard DPA, please contact compliance@zaius.com.

WHAT COMPANIES DOES ZAIUS SEND PII TO (WHO ARE YOUR SUB-PROCESSORS)?

Sub-processors are companies used by Zaius for processing of personal data. You can access our list of sub-processors within the Zaius app at. 

Account Settings -> Compliance. 

SHOULD I ASK FOR CONSENT TO COLLECT PERSONAL DATA OR TO SEND MESSAGES?

Zaius customers are generally data controllers under GDPR. Accordingly, it is our customers (and not Zaius) who determine the legal basis for processing. And Zaius (as a data processor) will process the data as directed by each customer. We strongly recommend that our customers determine the legal basis with the help of legal counsel and after having conducted a data protection impact assessment.

Two of the most common (but not the only) grounds for processing EU personal data in a marketing context under GDPR are: a) consent and b) legitimate interest.

For Zaius customers seeking consent, we offer a consent API which may be helpful.

HOW DO I HANDLE DELETION, ACCESS, AND OPT-OUT REQUESTS FROM MY CUSTOMERS?

Zaius provides methods for Zaius Clients to request deletion, access, opt-out on behalf of Data Subjects.

There are two methods to handle GDPR data subject requests:

Via API – Please see our API documentation (note that Access requests are not available through API)

Who can use? Zaius Clients on behalf of Data Subjects

In-app Request – Please visit Account Settings -> Compliance

Who can use? Zaius Clients on behalf of Data Subjects

If you are a data subject looking to exercise your rights, your request must be made to the data controller (the Zaius client) in possession of your data.

WHO IS ZAIUS’ DATA PROTECTION OFFICER (DPO)?

The DPO is an individual retained by Zaius for the purposes of audits, training, and privacy consultation.

Zaius is utilizing the services of ePrivacy as our Data Protection Officer:

ePrivacy GmbH
Große Bleichen 21
20354 Hamburg • Germany

Phone +49 40 60 94 518 – 10
Fax +49 40 60 94 518 – 20
Mobile +49 151 23 44 99 00

info@eprivacy.eu
www.eprivacy.eu

FOR ANY OTHER QUESTIONS, PLEASE CONTACT COMPLIANCE@ZAIUS.COM.