ZOOM TELEPHONICS, INC. & MTRLC LLC
VERSION: 1.3
VERSION DATE: 3 Feb 2020
DESTINATION URL: https://www.motorolacable.com/privacy
“Account” means a record in systems controlled by Zoom that enable the use of the Zoom Solution.
“Compartmentalized Digital Access” means that information subject to this protection protocol may not be accessed in its entirety by a single privilege set.
“Cookies” are small text files that are placed on a customer device by a web server when a customer or end user accesses the Zoom Solution.
“Data Controller” means the natural or legal person, public authority, agency or other body which alone, or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by the European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of a Data Controller.
“Data Subject” means any individual whose personal data is being collected, maintained or processed.
“Encryption at Rest” means a method of storing information where the information is encrypted.
“Encryption in Transit” means a method for sending and receiving information where the information is encrypted.
“General Data Protection Regulation” or “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
“Zoom Solution” means the combination of software and services provided by Zoom to secure and manage a WiFi network belonging to a customer or end user.
“Personal Data” means information relating to an identified or identifiable Data Subject and can refer to a Data Subject’s name, his or her home address, publications on social networks.
“Personally Identifiable Information” or “PII” means Personal Data where it, directly or indirectly, by way of particular reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to an individual (e.g., physical, physiological, genetic, mental, economic, cultural or social) can be used to identify a specific Data Subject.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Restricted Digital Access” means instances where digital access to data is restricted to certain users based on rights or privileges in a system that the user must use credentials, tokens or other such security artifacts to access.
“Restricted Physical Access” means instances where physical access to systems on which data is restricted to persons based on the rights or privileges the person uses credentials, keys, cards or other such security artifacts to gain access.
“Supervisory Authority” means an independent public authority which is established by a European Union member State pursuant to GDPR Article 51 Other terms and definitions used in this policy have the same meaning as in International standard ISO/IEC 27000 “Information technology – Security techniques - Information security management systems-Overview and vocabulary.”
Information Category | Purpose | Legal Basis | |
---|---|---|---|
1 | End User / Customer Data | Provision of services or products | Performance of contract or required proof prior to entry into contract GDPR - (point (b), Art. 6(1)) |
2 | End User / Customer Metadata | Provision of services or products | Performance of contract or required proof prior to entry into contract GDPR – (point (b), Art. 6(1)) |
3 | Personal data used for direct marketing | Direct marketing | Data subject consent GDPR - (point (a), art. 6(1)) |
4 | Prospective Customer (legal entity) | Internal administration | Data subject consent GDPR - (point (a), art. 6(1)) |
5 | Third parties (suppliers, distributors, etc.) contact data | Customer service, Provision of services or products | Performance of contract or required proof prior to entry into contract GDPR - (point (b), art. 6(1)) |
6 | Candidates for employee data | Internal administration | Data subject consent GDPR - (point (a), art. 6(1)) |
7 | Employee data | Internal administration | Legal obligation GDPR - (point (c), art. 6(1)) |
Information Category | PII Type | Retention Period | Protection Protocols In Use |
---|---|---|---|
1 | End User / Customer Account Information | For the life of the Account plus thirty (30) days, unless otherwise specified in an applicable legal agreement or by data controller for whom Zoom is processing data | Compartmentalized Digital Access, Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
1 | End User / Customer Network Information | Thirty (30) days, unless otherwise specified in an applicable legal agreement or by data controller for whom Zoom is processing data | Compartmentalized Digital Access, Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
1 | End User / Customer Website Application Use and Device Information | Thirty (30) days, unless otherwise specified in an applicable legal agreement or by data controller for whom Zoom is processing data | Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
1 | End User / Customer Mobile Application Use and Device Information | Thirty (30) days, unless otherwise specified in an applicable legal agreement or by data controller for whom Zoom is processing data | Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
2 | End User / Customer Meta data | As long as necessary to achieve the purpose set forth in Section 3.1 | Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
3 | Personal data used for direct marketing | As long as necessary to achieve the purpose set forth in Section 3.1 | Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
4 | Prospective Customer (legal entity) | As long as necessary to achieve the purpose set forth in Section 3.1 | Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
5 | Third parties (suppliers, distributors, etc.) contact data | As long as necessary to achieve the purpose set forth in Section 3.1 | Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
6 | Candidates for employee data | One year | Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |
7 | Employee data | As long as necessary to achieve the purpose set forth in Section 3.1 | Encryption at Rest, Encryption in Transit, Restricted Digital Access and Restricted Physical Access. |