Privacy Notice

Privacy Notice

Welcome to Zou Global Services. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit, access, or use any features or services connected to https://zouglobalservices.com ("Company," "we," "our," or "us").

This notice is prepared in compliance with General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act, 2023 of India (DPDP Act).

In this privacy notice certain terms have specific legal meanings:

• Personal Data: Under the GDPR, this means any information relating to an identified or identifiable natural person. The DPDP Act defines it as any data about an individual who is identifiable by or in relation to such data.
• Processing: This refers to any operation performed on personal data, such as collection, recording, organization, storage, use, disclosure, or destruction.
• Data Controller / Data Fiduciary: The entity that determines the purposes and means of processing personal data.

Under the GDPR, we are the Data Controller. Under the DPDP Act, we are the Data Fiduciary.

Information We Collect

We collect the following categories of your personal data for specified, explicit, and lawful purposes. We ensure that we only process data that is necessary for those purposes and to provide seamless services along with enhance user experience:

How we use your data

We process your personal data for the specific, legitimate, and transparent purposes outlined below, in strict compliance with General Data Protection Regulation (GDPR) of the European Union and the Digital Personal Data Protection Act, 2023 of India (DPDP Act). We adhere to the core principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation and integrity and confidentiality.

Legal Basis for Data Processing

Under GDPR

We process your personal data based on the following legal grounds, in accordance with applicable data protection laws including but not limited to the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

• Consent - Where required by law, we will obtain your consent fulfilling all its required essentials such as freely given, specific, informed, and unambiguous consent before processing your personal data for specific purposes. You have the right to withdraw your consent given to us at any time and we will make it easy for you to do so. When asking for your consent we will give you clear and simple information about the data we are using and purpose for which we will be using it.
• Contractual Necessity - We will process your personal data when it is necessary for the performance of a contract to which you are a party. This also includes processing that is necessary to take steps at your request before entering into a contract. This includes the processing that is needed to give you our services, like when you apply for a job, we look over your resume and contact information, communication, fulfilling orders, and managing your account.
• Legal Obligation - We may need to process your personal data to comply with a legal or statutory obligation to which we are subject. This could include, court orders, or other legal obligations imposed by governmental authorities or regulatory bodies in various jurisdictions, processing data for tax purposes, financial reporting or responding to any other legal requests.
• Legitimate Interests - We may process your personal data when we have a legitimate interest in doing so, provided these legitimate interests are not overridden by your fundamental rights and freedoms. Before relying on this basis, we conduct a balancing test to weigh our legitimate interests with your rights. Few of legitimate interest upon which we may rely are:
  • Ensuring the security and integrity of our systems, networks, and data.
  • Preventing fraud, unauthorized access, and other illegal activities.
  • Improving our services, developing new features, and personalizing your experience, where permitted by law.
  • Direct marketing activities will only be undertaken upon the receipt of explicit client approval, documented within the governing contract, Statement of Work (SOW), or via formal written email confirmation.
  • Internal research and analysis to enhance our operations and offerings.
  • Protecting our legal rights and interests.
• Other Lawful Basis: We may also process your personal data based on other lawful bases as permitted under applicable data protection laws, such as for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Under the Digital Personal Data Protection Act, 2023 (DPDPA)

• Consent - Where required by law, we will obtain your consent fulfilling all its required essentials such as freely given, specific, informed, and unambiguous consent before processing your personal data for specific purposes. You have the right to withdraw your consent given to us at any time and we will make it easy for you to do so. When asking for your consent we will give you clear and simple information about the data we are using and purpose for which we will be using it.
• Certain Legitimate Uses
  • When you give us your personal information voluntarily for a specific purpose (for example, filling out our contact form) and have not indicated that you do not consent to its use, we may process it for that purpose.
  • We can use your data for fulfilling any obligation under any law for the time being in force in India on any person to disclose any information to the State or any of its instrumentalities, subject to such processing being in accordance with the provisions regarding disclosure of such information in any other law for the time being in force.
  • We can use and process personal data if it is necessary for fulfilling an obligation under Indian law or for complying with any judgment, decree, or order.
  • We may process data for work-related reasons, like protecting our employer's interests by keeping trade secrets private or stopping corporate espionage.

Data Sharing and Third-party disclosure

• We do not sell your personal data to third parties. We conduct regular audits and assessments to ensure our third-party partners adhere to our privacy standards and applicable data protection laws. To deliver essential services and maintain the security of your data we carefully share only trusted partners who are bound by legally-binding contracts to protect your data in compliance with the GDPR and the DPDP Act.

The categories of third parties we may share data with include:

• Secure Cloud Infrastructure, Advanced Security Measures, and Service Analytics: We use third-party services to store your data securely, implement robust security protocols, and analyse service usage to improve your experience. These partners are committed to keep your data safe and follow all privacy laws that apply. We use Google Analytics to gather aggregated performance and diagnostic data. These partners act as Data Processors on our behalf, and include tools like Google Analytics. Standard Contractual Clauses (SCCs) govern GA4 data sharing, and it doesn't collect IP addresses by default when configured correctly. Unless you give your explicit permission,
• Legal Compliance and Law Enforcement: We will disclose your information when legally required to do so, such as in response to a valid legal requests from law enforcement or regulatory authorities in the jurisdictions where we operate.
• Business Restructuring: In the event of a merger, acquisition, or other business transfer, your data may be part of the transferred assets. You will be notified in advance and provided options to manage their data preferences.

International Data Transfers

Your personal data may be transferred to and processed in countries outside of your jurisdiction. International data transfers are subject to stringent legal requirements to protect personal data. We ensure all such transfers are lawful and secure.

• For transfers of data outside the European Economic Area (EEA), we rely on:
  • Legal Framework through Standard Contractual Clauses (SCCs): By using SCCs, we make sure that data transfers are legally sound. These contractual clauses are meant to make sure that data transferred outside of the originating jurisdiction is subject to data protection principles and safeguards equivalent to those required by laws like GDPR (General Data Protection Regulation) or other relevant rules.
  • Compliance through Binding Corporate Rules (BCRs): We ensure compliance through reliance on BCRs that our third-party providers have adopted. These rules, which have been approved by data protection authorities, show that the provider is committed to upholding data protection standards across their global network. They also provide a legally recognised way for data to be transferred between groups.
  • Technical and Organizational Measures: We use technical and organisational measures like encryption, pseudonymization, and strict access controls in addition to contractual and organisational measures. These steps are very important for maintaining the security and confidentiality of data during international transfers, aligning with the requirements of data protection laws and minimizing the risk of unauthorized access or disclosure.
  • Google Analytics: Google Analytics may store and process data on servers in places located outside your jurisdiction, such as the United States. We make sure that these kinds of transfers are safe by using Standard Contractual Clauses (SCCs) and other mechanisms provided under GDPR and DPDP acts.
• Under DPDP Act we will follow Section 16 of the DPDP Act, which lets the Central Government limit the transfer of personal data to some countries or regions outside of India. Any transfer will be conducted in accordance with the legal framework.

Children's Privacy

We do not provide our services to children.

• According to DPDP Act a "child" is anyone under the age of eighteen. We will not process a child's personal data without first obtaining verifiable consent from their parent or lawful guardian. We do not process children's personal data that could cause any detrimental effect on a child's well-being and from engaging in tracking, behavioural monitoring, or targeted advertising directed at children.
• Under the GDPR for online services, parental consent is necessary for children under 16 years of age.

Your Rights

Under GDPR:

• Right to be Informed: You have the right to get clear, transparent, and easily accessible information about how your personal data is collected, used, and processed. This includes the purpose for processing, the types of data, the people who will get the data, how long the data will be kept, and how to contact the data controller.
• Right to Access: You have the right to obtain from us confirmation that your personal data is being processed and, if so, to get access to that data along with supplementary information. This allows you to verify the accuracy of your data and know how it will be used.
• Right to Rectification: If the personal data held about you is inaccurate or incomplete, you have the right to request its correction or if it is incomplete personal data then to be completed, including by means of providing a supplementary statement.
• The Right to Erasure ('Right to be Forgotten'): You have the right to request the erasure of your personal data without undue delay under conditions which often include instances where the data is no longer necessary for the purpose it was collected, you withdraw your consent, or the processing is unlawful.
• Right to Restrict Processing: In certain circumstances like the accuracy of the data is being contested, the processing is unlawful, or the data controller no longer needs the data but you require it for legal claims., you can request the restriction of processing.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another data controller with ease, where technically feasible.
• The Right to Object: You have the right to object for specific purposes, such as direct marketing, profiling, or processing based on legitimate interests at any time of processing of your personal data and we will cease processing unless they demonstrate compelling legitimate grounds that override your interests.

Under DPDP Act

• Right to Access: You have the right to obtain from us confirmation that your personal data is being processed and, if so, to get access to that data along with supplementary information. This allows you to verify the accuracy of your data and know how it will be used.
• The Right to Correction and Erasure: If the personal data held about you is inaccurate or incomplete, you have the right to request its correction or if it is incomplete personal data then to be completed, including by means of providing a supplementary statement. You have the right to request the erasure of your personal data without undue delay under conditions which often include instances where the data is no longer necessary for the purpose it was collected, you withdraw your consent, or the processing is unlawful.
• Right of Grievance Redressal: You have right to recourse for grievance redressal provided by us for any act or omission regarding our obligations with your personal data. It is important to note that you must first exhaust this opportunity to resolve your grievance with us before approaching the Data Protection Board of India.
• Right to Nominate: You can nominate any other individual who shall, in the event of your death or incapacity, exercise your rights on your behalf. For the purposes of this right, "incapacity" means the inability to exercise your rights due to unsoundness of mind or infirmity of body.

Data Security, Retention, and Breach Notification

Robust Security Measures: We use the best security measures in the business to keep your data safe from being accessed, lost, misused, or alterations without your permission. These steps are:

• Encryption: We use standard encryption methods to keep your data safe while both in transit and at rest to protect the confidentiality of your data.
• Access Controls: We use strict access controls, such as role-based access and multi-factor authentication, to make sure that only authorised people can see personal data.
• Fraud Prevention: We advanced fraud prevention tools to find and stop unauthorised access and possible data breaches.
• Regular Security Audits: We do regular security audits and vulnerability assessments to make sure our security measures are still working and to find and to identify and address any potential weaknesses.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and once this purpose is served, and unless retention is necessary for compliance with any law, we will securely erase the personal data.

Secure Data Disposal and Anonymization: When personal data is no longer need personal data, we make sure it is safely disposed of by using methods like permanent deletion and data anonymization. Anonymization techniques are used to render data non-identifiable, allowing us to retain data for analytical purposes while protecting individual privacy, in accordance with global privacy standards. We keep detailed audit logs of all data processing activities to make sure we follow the rules and are responsible.

How We Use Cookies: Empowering Your Choices

We utilize cookies and similar tracking technologies to enhance your experience and provide essential functionalities. Cookies are small text files stored on your device, to function effectively.

Categories of cookies:

• Essential/Necessary Cookies: These cookies are crucial for the basic operation of our services and are required for core operations like user authentication, security, and ensuring network stability. Without them, our services cannot be provided.
• Functional/Preferences Cookies These make your experience better by remembering things like your language, region, or login information so you don't have to enter them again the next time you visit.
• Analytics & Performance: We use cookies to gather insights into user behaviour on how users interact with our website. They help us understand which pages are most popular and identify areas for improvement.

Your Rights and Control:

We are committed to respecting your privacy and empowering you to o control your cookie settings. You can choose which cookies are used.

Cookie Management Page: You can manage your cookie settings and preferences at any time through our dedicated Cookie Management Page: [Insert Link]. You can control the different types of cookies we use on this page.

Transparency: We aim to be transparent about how we use cookies and the data we gather. This policy gives you a clear picture, and our Cookie Management Page has more information.

By using our services, you consent to the use of cookies as described in this policy. However, you can withdraw or modify your consent at any time through our Cookie Management Page.

Updates to This Privacy Notice

We may periodically update this notice to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will make reasonable efforts to notify you of significant updates, typically via email, and may also provide notifications through our platform. We recommend that you periodically review this policy to stay informed about our data practice.