Zenvoy.com is GDPR compliant

At zenvoy.com, nothing to us is more important than the success of our customers and the protection of their personal data. With customers in nearly every country in the world, we adhere to the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) and to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to the European market) or monitor the behavior of European individuals. We’re here to help our customers in their efforts to comply with the GDPR.

What is GDPR?

In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation commonly known as the GDPR. It’s a mandatory ruling that applies to all companies that collect the data and information of EU individuals and meet certain territorial requirements. The GDPR is designed to strengthen the security and protection of personal data in the EU, as well as provide businesses with a structured framework on how to collect, process, use, and share personal data. Under the GDPR, the concept of “personal data” is very broad, and covers almost any information relating to a specific individual.

When are these regulations starting to be enforced?

All companies collecting or processing the personal data of EU individuals must be GDPR compliant by May 25, 2018.

Controllers & Processors

The GDPR defines and distingue between two types of parties and responsibilities when it comes to collecting and processing personal data: data controllers and data processors. A data controller determines the purposes and ways that personal data is processed, while a data processor is a party that process data on behalf of the controller. That means that the controller could be any company or organization. A processor could be a SaaS, IT or other company that is actually processing the data on behalf of the controller, zenvoy.com is a Data Processor, zenvoy.com customers (the organizations who use zenvoy.com) are Data Controllers. The controller is responsible to make sure that all processors with whom it deals will be GDPR compliant and the processors themselves must keep records of their processing activities.

Zenvoy’s GDPR compliance steps

We welcome the arrival of GDPR and view the regulations as raising the bar for data protection, security, and compliance. We will continue to be committed to our customers and users to help them comply with the GDPR while using zenvoy.com as their data processor.

We worked with our engineering, product, security and legal teams to make both our product and our legal terms in line with the GPDR and will continue to ensure they keep in line continuously. As part of zenvoy.com GDPR readiness project we’ve taken the following steps:

• Reviewed and strength our security infrastructure and practices, data encryption in transit and at rest, backup, logs and security alerts.
• A risk assessment and data mapping process were made to make sure any data that may be stored or processed is processed and managed according to the GDPR instructions.
• We delete or anonymize analytics data of users after user’s deletion
• We’ve self-certified under the EU-US Data Privacy Framework to comply with data protection requirements when transferring personal data.
• We’ve made sure we have the appropriate contractual terms in place, to perform our role as a data processor for our customers while complying with the GDPR.
• We’ve put on place all the internal procedures, processes and controls and recurring training sessions for the team, to ensure our on-going compliance with the GDPR
• We’ve revised our Terms of Service and Privacy Policy to support the GDPR requirements. Performed security and privacy assessment to our sub-processors to ensure they are all complying with the GDPR requirements.

We’ll continue to monitor the guidance around GDPR compliance and will ensure that our product and processes are complying with those guidance when they become effective.

GDPR Notifications

Does the GDPR prevent a company from storing data outside of the EU?

Nothing in the GDPR prevents businesses from storing data outside of the EU, provided that the data processors adhere to the necessary regulations and protections. At zenvoy.com, we store our data with Amazon Web Service (AWS), which is based in the US. Like zenvoy.com, AWS has announced that it is GDPR ready.

Where can I learn more about GDPR?

Additional information is available on the official GDPR website of the European Union.

I have more questions. Who should I contact?

If you have any additional questions about the GDPR you are welcome to contact us at gdpr@zenvoy.com, +1 (888) 936-8696

GDPR Statement

Zenvoy recognizes and will comply with GDPR and those rights, except as limited by applicable law. The rights under GDPR include:

Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.

Right to Correction. This is your right to request correction of your personal information.

Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfillment of your request may prevent you from using Zenvoy’s services and may result in the closing of your account.

Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.

Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.

Right to Object. This is your right, in certain situations, to object to how or why your personal information is processed.

Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.

Right to not be subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable European law, or is based on your explicit consent. Many of these rights can be exercised by signing in and directly updating your account information. If you have questions about exercising these rights or need assistance, please contact us at gdpr@zenvoy.com.

Processors we use. Zenvoy uses external processors, all of which are GDPR compliant. The full list of external processors we use is available to any entity that provide a lawful request to gdpr@zenvoy.com.

Law enforcement. We will not hand your data over to law enforcement unless a court order says we have to.

Security & Encryption. All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The database backups are also encrypted. Data isn’t encrypted while it’s live in our database (since it needs to be ready to send to you when you need it).

Deleted data. When you cancel your account, we’ll ensure that nothing is stored on our servers past 30 days. Anything you delete on your account while it’s active will also be purged within 30 days.

Location of Site and Data. This Site is operated in the United States and the data is stored in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our Site, participating in any of our services and/or providing us with your information, you consent to this transfer.

Data we process. When you sign up we ask for your:

• Full name*
• Age*
• Position*
• Experience (years)*
• Company name and address*
• Gender
• Email*
• Phone
• Public profile photo
• Skills & Services*
• Networking targets*
• Bio
• Commercial video
• Commercial attachments (brochure, CV)

(*) Required information

We collect this data so we can:

• Address you
• Create introductions between you and members in your community
• Send emails related to our service and product
• Display relevant ads
• Enable you to log in and perform functions such as editing your profile, preferences and resetting your password

Note that with the exception of the public profile photo, all information is retained within the walled-garden community.

Cookies. Zenvoy uses session cookies to track your sessions. It is not possible to use Zenvoy without this session cookie so by subscribing you agree to us setting this cookie. Zenvoy is a free to use (unless clearly stated when you onboard for some communities) and we cover most of our expenses by advertising. These advertisers may set cookies to track your preferences.

GDPR Statement Last Updated: February 21, 2019 v1.2. Prepared by Nick Brandt, DPO Zenvoy, LLC.

EU-US Data Privacy Framework

Zenvoy complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Zenvoy has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Types of personal data we collect and use
Our Privacy Policy and GDPR Statement above describe the types of personal data we collect in the United States and the purposes for which we use that personal data. We will only process personal data in ways that are compatible with the purpose we collected it for or any purposes you later authorize. We will provide you with the opportunity to opt out if we use your personal data for a purpose different than the purpose we collected it for.

Data transfers to third parties
Service providers and consultants: We may share your personal data with our service providers and consultants who process personal data on behalf of Zenvoy to perform business-related functions. These companies include our marketing agencies, database service providers, backup and disaster recovery providers, email service providers, and others. When we engage another company to perform such functions, we may provide them with information, including personal data, in connection with their performance of such functions.

If we have received your personal data in the United States and subsequently transferred that information to a service provider for processing, we remain responsible for ensuring that this service provider processes your personal data to the standard required by our Data Privacy Framework commitments.

Business Partners: We also provide information to our channel partners, such as distributors and resellers, to fulfill product and information requests and to provide customers and prospective customers with information about Zenvoy and its services.

Business Transfers: As part of our business evolution, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, or similar event, personal data may be part of the transferred assets.

Disclosures for National Security and Law Enforcement: Under certain circumstances, we may be required to disclose your personal data in response to valid requests by public authorities.

Legal Requirements: We will disclose your personal data if required to do so by law to respond to subpoenas or requests from law enforcement, a court, or a government agency, or in the good faith belief that such action is necessary to comply with a legal obligation, or to protect our rights, interests or property including that of third parties.

We try to minimize disclosures of personal data and are mindful of our responsibility and potential liability in case of onward transfers to third parties.

For more information about how we disclose your personal data, please see our Privacy Policy.

To learn more about the Data Privacy Framework program and to view our certification page, please visit https://www.dataprivacyframework.gov. In compliance with the EU-US Data Privacy Framework Principles, Zenvoy commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Zenvoy at:

Zenvoy, LLC
11693 San Vicente Blvd, Ste #182
Los Angeles, CA 90049 USA

In compliance with the EU-U.S. DPF, Zenvoy commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to BBB, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information or to file a complaint. The services of BBB are provided at no cost to you

Please note that if your complaint is not resolved through these channels, a binding arbitration option may be available before a Data Privacy Panel under limited circumstances. Zenvoy is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

GDPR Statement Last Updated: August 3rd, 2023 v1.2. Prepared by Nick Brandt, DPO Zenvoy, LLC.