At ZOLEO, your privacy is of great importance to us. ZOLEO is committed to the protection of the personal information of all customers, prospects, website visitors and other individuals whose personal information is entrusted to ZOLEO, such as emergency contacts.
Accountability for Your Privacy
ZOLEO takes full responsibility for the management and confidentiality of personal information. Personal information is collected, used, shared and stored in accordance with the privacy laws in which ZOLEO operates, such as the Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5 in Canada, and the EU General Data Protection Regulation 2016/679 (“GDPR”). ZOLEO respects the privacy best practice principles contained in the Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96, the OECD Privacy Principles and the Generally Accepted Privacy Principals recognized globally.
ZOLEO has appointed a Privacy Officer who oversees information-handling practices and ZOLEO’s privacy management program. The Privacy Officer’s duties include:
- Developing and, on a regular basis, reviewing the implementation of internal procedures to protect personal information;
- Ensuring all staff are trained on privacy best practices and are aware of the importance of safeguarding any personal information that they are privy to;
- Ensuring that all inquiries and complaints relating to privacy are appropriately handled; and
- Ensuring all third parties to whom ZOLEO provides access to personal information commit to protecting such information.
Personal Information and How We Collect It
‘Personal information’ is any factual or subjective information, recorded or not, about an identifiable individual. This includes your name, contact information, payment card information credit scores, text messages, GPS coordinates, and any identifiable on-line activity. It also includes information found on ZOLEO invoices such as dates and times of a call and termination numbers. Product or service usage information, or information relating to a dispute or claim would also be considered personal information. Personal information does not include aggregate information that cannot be linked to a specific individual.
Personal information is collected by ZOLEO with your knowledge and consent in several ways, such as through account creation, product registration/support, as well as when records are provided by third parties. For example, with your authorization, ZOLEO may obtain a credit report on you to assess creditworthiness. We identify when information may be provided optionally and when it is necessary in order to service you. Your consent can be withdrawn at any time, subject to legal or contractual restrictions, by providing us with written notice. Upon receipt of a notice to withdraw consent, we will inform you of the consequences of withdrawing your consent, which may include the inability to remain a ZOLEO customer.
Note however that there may be instances where the law permits the collection, use or disclosure of your personal information without your consent, for example for debt collection, fraud investigations, and where necessary to protect our legal interests or the safety of others.
Using Your Information
We collect and use personal information for the following specific purposes:
- To establish and maintain a business relationship with you, including to provide you with the products and services you purchase;
- To verify your identity or contact you;
- To process your application for an account, determine eligibility and suitability for certain products and services, and to provide on-going service;
- To assess your needs and enhance ZOLEO’s products and services;
- To inform you about ZOLEO initiatives or products/services that may be of interest to you, and to provide you with important updates regarding your products/services;
- For data analytics and to compile aggregate statistics for internal reporting purposes;
- To assess and manage risk, including detecting and preventing fraud or error; and
- To meet auditing, legal and regulatory processes and requirements.
Our Website Practices
When you visit ZOLEO’s websites, we automatically receive and record information in our server logs from your browser or mobile platform, including the date and time of your visit, your IP address, unique device identifier, browser type and other device information (such as your operating system version and mobile network provider). By setting cookies, ZOLEO is able to enhance a user’s on-line experience (e.g. once you are logged in to your account, you are able to move between webpages without having to re-enter your credentials). You can disable cookies through your website browser, but this may affect your user experience.
ZOLEO also uses third party advertising partners to provide on-line visitors with relevant ads across the Internet. You may also opt out of interest based advertising by visiting the opt-out tool made available by the Digital Advertising Alliance of Canada at https://youradchoices.ca/choices/
For a complete list of cookies used on our website, click here.
Sharing Your Information
ZOLEO takes all reasonable steps to protect the interest of individuals when disclosing personal information. We do not disclose personal information for purposes other than those for which it was collected, unless you have provided consent to do so or we are required/permitted by law to disclose the information.
We may also share your personal information with business partners, affiliates and service providers who assist us in delivering satellite communications and SOS emergency services to you; credit agencies; IT service providers; professionals such as financial auditors and marketing partners. We take reasonable steps to ensure that any such third parties who we entrust with your personal information are reputable, and have safeguards in place to protect this information. In working with business partners, affiliates and service providers, your personal information may be transferred to a foreign jurisdiction to be processed or stored. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws.
Keeping Your Information Safe
ZOLEO has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful access to the personal information we manage and store. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by ZOLEO significantly reduce the likelihood of a data security breach.
Here are some examples of the security controls we have in place:
- Secure office premises;
- Locked filing cabinets and a secure shredding practice for paper records;
- The use of encryption, such as secure portals for document transfers and tokenization for payment card information;
- Robust authentication processes, including complex passwords for access to electronic records;
- Limited access to personal information by employees who need the information to perform their work-related duties; and
- The use of data centers with effective physical and logical data security controls.
In addition, we recommend that you do your part in protecting yourself from unauthorized access to your personal information. For example, ensure your account login credentials are not shared with anyone. ZOLEO is not liable for any unauthorized access to your personal information that is beyond our reasonable control.
Let us know right away if your contact information changes or you find any errors in your account statements or invoices. If you have reason to believe that the security of your account has been compromised, you must immediately notify ZOLEO of the problem in order for us to resolve the issue in a timely manner.
Accessing Your Information
We make every effort to ensure that the personal information we hold is accurate, complete and up-to-date for the purposes for which we collect it. You can make a written request for access to your personal information at any time if it is for information that you are unable to access yourself through your account. You will need to provide as much information as you can to help us process your request and locate the information you require.
If you need assistance in preparing your request, please contact us and we would be pleased to help you. Upon your request, ZOLEO will also inform you of how your personal information has been or is being used, and who your personal information has been shared with. We may charge a fee to cover any expenses related to responding to your access request.
ZOLEO responds to access requests within 30 days, unless an extension of time is required. However, there may be contexts where access is refused or only partial information is provided, for example, in the context of an on-going investigation or where another individual’s personal information or identity must be protected.
How Long We Keep Your Information
ZOLEO retains personal information for as long as necessary to fulfill legal or business purposes. Once your information is no longer required by ZOLEO to meet business, legal or regulatory requirements, it is securely destroyed, erased or made anonymous. Keep in mind however that information may be retained for a lengthier period of time due to an on-going investigation or legal proceeding, and that residual information may remain in back-ups for a period of time after its destruction date.
GDPR Compliance at ZOLEO
Under the GDPR a Data Controller determines the purposes and means of the processing of Personal Data. ZOLEO remains the Controller of all Personal Data provided to us by our customers. Thus, we take accountability for the use and security of such data when sending confirmations, administering accounts, processing payments and generally servicing our customers directly or through one of our business partners, associates or service providers. Under the GDPR, a Data Processor processes Personal Data on behalf of the Controller. Every ZOLEO Data Processor is bound by a Data Processing Agreement.
ZOLEO’s legal grounds for processing Personal Data include the provision of consent, contractual commitments as outlined in ZOLEO’s Terms & Conditions, and ZOLEO’s legitimate interest in providing effective global satellite communication services.
EU data subjects permanently residing in the European Union may have supplementary statutory rights with respect to their Personal Data as outlined in the GDPR. This includes the right to access their Personal data, have it deleted, have it corrected, or object to/restrict processing of such data. If you would like to make such a request, please e-mail email@example.com. ZOLEO has developed an EU Data Subject Rights Procedure to ensure your request is responded to in a timely manner. In the context of a request for erasure, ZOLEO will scramble or pseudonymize the data subject’s information to make it anonymous.
ZOLEO has required our service providers who we entrust with ZOLEO user data to commit to the continued protection of such data as a Data Processor. If at any time in the future we plan to share Personal Data with additional third parties to deliver ZOLEO services, we will ensure that they too maintain a high standard of care for such data.
ZOLEO operates through its Canadian and U.S. establishments. Canada was the first country outside of Europe deemed adequate by the EU Commission in 2001, under the EU Data Protection Directive 95/46/EC (the GDPR’s predecessor). An adequacy finding allows the flow of data from the EU to Canada as a trusted country in data protection. In addition, ZOLEO uses data hosting providers who have made GDPR commitments of their own. Where data is stored in the U.S. by ZOLEO or its service providers, these entities comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the EU to the United States. To learn more about the Privacy Shield program or the Privacy Shield Principles, please visit www.privacyshield.gov.
Our Privacy Complaint and Breach Management Process
ZOLEO takes privacy complaints very seriously and has a procedure in place for escalating and managing any privacy related concerns to ensure that they are responded to in a timely and effective manner. ZOLEO’s Privacy Officer oversees the containment, investigation and corrective actions for all privacy breach situations.
As required by law, privacy breaches may be reported by ZOLEO or its business partners to the regulators of the relevant countries in which affected individuals reside.
External Links and Social Media
We may offer links from our website to the sites of third parties, such as affiliated organizations, that may be of interest to you. ZOLEO makes no representations as to such third parties’ privacy practices and we recommend that you review their privacy policies before providing your personal information to any such third parties.
ZOLEO’s use of social media serves as an extension of our presence on the Internet and help us build a positive brand image as well as provide useful information to the public. Social media account(s), such as ZOLEO’s Facebook and Twitter accounts, are not hosted on ZOLEO’s servers. Users who choose to interact with ZOLEO via social media should read the terms of service and privacy policies of these services/platforms.
Changes to this Policy
Getting in Touch
Any inquires, concerns or complaints regarding privacy should be directed to ZOLEO’s Privacy Officer at:
7A Taymall Avenue
Customer Care: 1-300-496-536 (1300 4 ZOLEO)
Your concerns will receive prompt attention. Our Privacy Office can also provide you with more detailed information about ZOLEO’s policies and practices. Keep in mind however that e-mail or text messaging are not secure forms of communication, so never send confidential personal information to us this way. Thank you for continued trust in ZOLEO.
LAST UPDATED: July, 2019