Privacy policy

This Privacy Policy applies to the use of Zelo, Inc.’s website and employee communication platform (“Platform”), which enables a company (“Customer”) to communicate more effectively with you, other employees, or authorized individuals (“Recipients”) through your preferred channel of communication. This Privacy Policy describes how we collect, use, disclose, transfer and store personal data on our website and through our Platform.

Information We Collect

We collect different types of personal data through our Platform and website. Recipients and Customers may share personal data with the Platform during registration and communications or by uploading content to our Platform.

Account registration: Basic account information that you or Customer provide to us to initiate an account, include your name and email address, browser type, and IP address. This information is also collected for anyone visiting Zelo by logging in. Other information collected may include your language, subscription, or notification preferences, assigned privileges, your role or job title within Customer and dates, such as your work anniversary or birthday. Some of this information may be optional, collected or added at a later date, or not collected at all.

Other optional information: You may, optionally, choose to provide additional information.

Platform content: You can post, upload and share content through the Platform and provide other information such as when you fill out a form, respond to a survey, or use the Platform to send emails or other communications. In addition, Customer can create communications campaigns and share content with you through the Platform.

Metrics, maintenance and analytics: When you access or use the Platform, we may collect certain information automatically about your device and your use of the Platform.  This will include IP addresses, browser types, log files, and other information regarding your system and connection. We collect information about how you access and use the Platform, such as what pages are viewed, when the profile was registered and what portions of the Platform are used. We also collect metrics related to comments, total posts that you viewed, shared, and submitted, and other activities you conduct through the Platform. This information is collected automatically through the use of various commonly used information-gathering technologies, including cookies and web beacons.  Some of these cookies and web beacons can be turned off through your website browser; however, on a mobile device, including our mobile apps, you may not be able to turn them off.

Our Platform, by default, does not process sensitive data and you should not provide information regarding an individual’s financial, medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other legally protected sensitive or special categories of data.  In specific situations the Customer may direct us to process sensitive data.


‍If a User uploads files, they are stored on servers handled by AWS in Frankfurt and are encrypted with Secure Sockets Layer (SSL) / Transport Layer Security (TLS) during transfer.

Use of Information

We use your personal data is to provide and improve the Service, and to develop new products and services. Some examples of these uses, as part of our legitimate interests to provide, operate and maintain the Platform, include:

  • To manage the Platform, system administration, and account management.  The Platform’s administrative tools allow our employees involved in the support and maintenance of the Platform to view content in a network in order to troubleshoot specific issues, maintain and improve the Platform or perform other Platform-related functions, or as may be required by law.  We also use third party analytics services for our web and mobile applications.  We use these services for quality assurance, product interaction analysis, product improvement, and trouble-shooting.
  • To process and complete transactions, including billing to a designated contact at an Customer;
  • To handle Customer and Recipients’ inquiries and support requests, and to provide information and access to resources or services that they have requested from us;
  • To compile aggregated data about the operation and use of the Platform and to better understand the preferences of Customers and Recipients;
  • To Conduct Quality-Assurance, and to carry out research and development to improve our products and services;
  • To send Customers and Recipients communications including technical alerts, reports, updates, security notifications and other service-related communications – according to their notifications preferences;
  • To our relevant business contacts at Customer, such as the Platform systems administrator or designated contact person (but not to general Recipients), which may also include marketing messages related to new product features, promotions or other information about our products or services; however you can opt-out of receiving these communications at any time;
  • To investigate and prevent fraud, unauthorized access or use of the Platform, breaches of terms and policies, and other wrongful behavior;
  • To enforce our agreements, and as required by applicable law.

In addition, Customer’s specific privacy policy (if one exists) will determine how information collected through the Platform may be used.

Information We Share

We will only share and disclose your information according to the Customer’s instructions or in furtherance of your request, for instance when you decide to share information within or outside the Platform. Examples include:

  • With Customer (e.g. your employer) and according to their instructions. We will share information collected with Customer (e.g. your employer) or other entities, according to their instructions, and the customer agreement signed with us.  In most instances this will include information you choose to actively provide (such as a comment to a posted article) and certain general broad-based usage analytics, if requested by Customer.
  • With other Recipients within and outside the Platform: if you choose to submit comments, post or upload content, you will share this content with others within your Community.
  • Within the Zelo group of companies, for the purposes outlined in this Policy.  For clarity, Zelo is based in California, USA and has one wholly-owned subsidiary in Norway, but may include other offices that may be established in the future.
  • To vendors and other third-party service providers who may have access to your personal data to assist in the provision of the Platform service and other business-related functions such as cloud storage, mobile phone push data, email provisioning and usage analytics.
  • To law enforcement authorities, government agencies, or judicial courts. We may be required to disclose personal data that we handle in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, in connection with the sale, transfer, merger, bankruptcy, restructuring or other Customer of our business; to protect or defend our rights, interests or property, or that of third parties; to investigate any wrongdoing in connection with the Website, our Platform or our services; in connection with a subpoena, warrant, discovery or other legal order; or  to protect the vital interests of an individual.
  • With your consent. We may share other information with third parties when we have your consent to do so.

Data Retention

We will retain information collected according to the Customer’s instructions, and as required by applicable law. Upon termination of our contractual relationship with Customer, we will delete all personal data stored in our servers and backups within 90 days.  If you stop working for or with the Customer, the Customer may suspend your User account and/or delete any information associated with your User account, in accordance with such Customer’s own data retention policy. 

California Privacy Rights

The California Consumer Privacy Act, (Cal. Civ. Code § 1789.100 et seq., “CCPA”) gives California residents certain data rights, with regard to how their personal information is collected and used. Zelo upholds the requirements of the CCPA for California residents including (and in addition to the descriptions of how we handle your data described elsewhere in this Policy) the following:

  • We do not sell personal data to third parties as contemplated by the CCPA. As such, we do not provide an opt-out mechanism.
  • We do not distinguish different levels of service or cost based on an individual’s exercise of their right to opt-out or delete data.
  • We generally collect, use, and disclose personal information at the instruction of either the Customer or the individual themselves. All other exceptional collection, use, and disclosure is pursuant to what is permitted under the law.
  • We provide you with access to and right to delete your personal information as described under Your Choices.

We are committed to collecting and processing personal data responsibly and in compliance with the applicable data protection laws in all countries in which we do business. Our goal is to apply data protection standards established on the basis of internationally accepted data protection principles supporting an effective protection of personal data we process. In addition to upholding your rights set forth under the GDPR and CCPA, we will consider other applicable data privacy laws and comply where necessary. We reserve the right to evaluate any request against the governing data privacy law.

Third Party Websites

Zelo contains links to other websites. We are not responsible for the privacy practices of other websites. We encourage Recipients to be attentive as they leave our pages and to read the privacy policy of all websites that collect personally identifiable information. This Privacy Policy applies only to information collected by Zelo.

Our Security

Zelo operates according to industry standards with strict security measures to protect against loss, misuse, and alteration of the information stored with us. We conduct information risk assessments and work to ensure that our staff understands the importance of protecting personal data. We include both physical security and IT security in our overall data security procedures. We will provide support to Customers in their duty to notify Recipients and regulatory authorities, as required by law, when personal data has been stolen, disclosed, altered or infringed by an unauthorized person. Please be aware that email and instant messaging are not considered secure communications, we ask that you do not send sensitive personal information to us via email or through messaging services. If you have questions or concerns regarding this policy or if you are aware of a potential breach, please contact us at notice@zeloapp.com.

International Data Transfers

When using the platform your personal data may be stored and processed by us in the United States, if you are a Zelo Inc customer. To provide appropriate safeguards for personal data we receive from the European Economic Area (EEA), United Kingdom (UK), and Norway, we are certified under the Privacy Shield framework.

Currently our primary production data center is located in the European Economic Area.  Our staff that oversee, manage, and support those data centers (including having access to the data) are located primarily in the European Economic Area.

For personal data we receive from the EEA, UK and/or Switzerland, Zelo stores the personal data within the European Economic Area and does not transfer the data out from that area.

Zelo acknowledges its commitment to comply with the EU – U.S. and Swiss – U.S. Privacy Shield Principles (“Principles”) for all Personal Data received from the EU, UK, or Switzerland in reliance on the Privacy Shield. Zelo will collect, use, and disclose Personal Data received from the EU, UK, or Switzerland only in accordance with this Privacy Policy and the Principles, or as required by law. For Purposes of Privacy Shield compliance enforcement, Zelo acknowledges that it is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC). Zelo also complies with the Privacy Shield Principle regarding liability for onward transfers. To learn more about the Privacy Shield program, and to view Zelo’s certification, please visit https://www.privacyshield.gov.

Your Rights Over Your Personal Data

If you are located in the EEA, UK, or EU you have certain privacy rights recognized under the General Data Protection Regulation (GDPR), for instance the right to request access to information, rectification, or erasure.

This section explains how Zelo assists Customer in fulfilling your privacy rights established under the General Data Protection Regulation (GDPR). We only complete the actions below when they are approved by Customer.

You have the right to demand access, rectification or deletion of the Personal Data we process about you. You also have the right to demand limited processing, object to the processing and demand the right to data portability. You may at any time withdraw your consent to the processing of Personal Data with us. You can read more about the content of these rights on the Norwegian Data Protection Authority´s website: https://www.datatilsynet.no/en/  Your consent to the processing of Personal Data is a prerequisite for the use of our services.

Customer controls the information collected when you interact with the Platform, and accordingly is the entity responsible for attending to your data privacy rights and defining the legal grounds for the processing. To that end Customer will provide you with its specific privacy policy defining what are your choices and how you can exercise your rights. Once Customer approves your request, we will support in completing the following actions:

Right to access and correct your personal data: You and Customer may access, or correct, information you have uploaded to the Platform by using the tools within the Platform. If you do not see the tools within the Platform, you should contact Customer directly. Changes on the Platform take immediate effect on your specific network, but data will be retained by us in our backup systems for a commercially reasonable amount of time, typically 90 days.

Account closure and right of erasure: If you would like to stop using the Platform, you should contact Customer. Similarly, if you stop working for or with the Customer, the Customer may suspend your User account and/or delete any information associated with your User account according to its privacy policy. In addition, you can also request to Customer:

  • Account closure and delete identifiable information: In general, account closure means that your name and other identifiable information (including your photo, if provided) will be deleted and not available to us, Customer or other Recipients of the platform – your name will be changed to an “anonymous user”. Your comments and posts will not be deleted, but those will no longer be linked to you.
  • Deletion of content: Please note that content you create and share is owned by Customer and may remain on the Platform and be accessible even if Customer deactivates or terminates your account.  In this way, content you provide on the service is similar to other types of content (such as presentations or memos) that you may generate in the course of your work.  Note that we cannot manage or delete posts or comments that you or other Recipients shared or published outside the Platform, using Social Network Sites.

Information viewable by Recipients within the Platform will be deleted within 30 days upon receiving your request, in any case complete removal of data stored on our backup systems, will happen in a commercially reasonable period of time, typically 90 days.

Right of objection and restriction: You have the opportunity to elect whether you would like to receive certain correspondences from us or opt out of Zelo’s promotional emails. Please understand that if you opt out of receiving promotional correspondence from us, we may still contact you in connection with your relationship, transactions, and communications related to the Platform, unless your account is deleted.

Legal Basis for Processing Your Personal Data

Our legal grounds for collecting and using your personal data as described in this Privacy Statement fall into the following four categories.  

Consent: In some cases, we ask you for your consent to process your personal data, such as when we need your consent for marketing purposes. You can withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. If you would like to withdraw your consent, you can do so by contacting us as provided in the How to Contact Us section below.

Legitimate Interest: We process certain data for the legitimate interests of Workday, our affiliates, our partners, or our customers. These legitimate interests include, for example, contacting you to provide support or sending you marketing information (subject to applicable law); detecting, preventing, and investigating illegal activities and potential security issues; and maintaining and improving the Website and mobile applications. We will rely on our legitimate interests for processing personal data only after balancing our interests and rights against the impact of the processing on individuals.

Performance of a Contract: Sometimes we process personal data to perform our obligations under an agreement with you

Other Legal Bases: In some cases, we may have a legal obligation to process your personal data, such as in response to a court or regulator order. We also may need to process your personal data to protect vital interests, or to exercise, establish, or defend legal claims.

Dispute Resolution Procedures

If you or Customer believes that we do are not complying with our privacy policy, or have any issue or concern you can submit a complaint with us and we will respond to you within 45 days. To that end please contact us in writing and provide your identification and contact details, name or domain of Customer and a complete explanation of your concern.

In compliance with the Privacy Shield Principles, Zelo commits to resolve complaints about our collection or use of your personal information.  

EU and Norwegian individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Zelo at notice@zeloapp.com or contact us at:

Zelo, Inc.
Attn: Privacy Office
470 Ramona St
Palo Alto CA 94301
U.S.A.

Zelo has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://go.adr.org/privacyshield.html for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.

In the event that you cannot fully resolve your complaint through the Department of Commerce, it is possible that you may use binding arbitration as a final resort. For more information on how to invoke arbitration under the Privacy Shield Framework, please visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.


If applicable, you may also contact the Norwegian Data Protection Authority.  You can find information on how to contact the Norwegian Data Protection Authority on their website: https://www.datatilsynet.no/en/

Third Party Certifications

Zelo uses infrastructure services with their own governing data processing agreements with Amazon Web Services, and an array of third party vendors. All competence to administer these services exist and in the rare occasions external consultants are used the actions are logged and regulated by our internal security instructions. We only use servers governed by the European internal market and the EU-US Privacy Shield.

Children

Zelo does not knowingly solicit or collect personal data from children under the age of 13, and the Platform is not directed at children under the age of 13.

Cookies

We store specific information from your browser using cookies. Cookies are data stored on your computer that are associated with user information.  We use persistent cookies to create site usage statistics on the Service. Persistent cookies are stored on your computers for an extended period of time. This information is not personally identifiable.

Updates to this Policy

We may update this Privacy Policy from time to time. When we update this Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy online, make it available through the Platform, and when we make large changes, communicate it to the Customer. The Customer will be responsible for notifying you, and may elect to do so through the Platform, or we will notify you if the Customer instructs us to do so. Your continued use of the Service implies acceptance of these changes.

How to Contact Us

If you have any questions about this policy or concerns regarding the use or disclosure of your personal data through the Platform, you can contact us by sending an email to notice@zeloapp.com or by contacting us at:

Zelo, Inc.
Attn: Privacy Office
470 Ramona St
Palo Alto CA 94301
U.S.A.

or for Customers in the EU, EAA and Switzerland:

Zelo AS

Attn: Privacy Office

Breitorget 7

4006 Stavanger

Norway

Please provide your identification and contact details, name or domain of Customer and a complete explanation of your concern.

To communicate with our Data Protection Officer, please email notice@zeloapp.com.