Privacy statement Zaurus B.V. – Add-in Microsoft Office
Version August 2020
As required by the Privacy Regulations Promulgated Pursuant to the Health Insurance Portability and Accountability Act (HIPAA) and by the Privacy Regulations stipulated in the General Data Protection Regulation (GDPR).
Thank you for selecting the Zaurus Add-In for Microsoft Office (the “Add-In”). Zaurus is a provider of secure digital consulting rooms. To protect your privacy better, Zaurus wants you to know how we collect your information, the types of information we collect, how we use and share your information and what choices you can make about the way your information is collected and used.
This privacy statement details Zaurus’ policy regarding the collection, use, storage and disclosure of and access to personal information. Zaurus is bound by both the Health Insurance Portability and Accountability Act (HIPAA – USA) and the General Data Protection Regulation (GDPR – EU) as amended from time to time. This privacy statement aims to foster and maintain public trust and confidence in the integrity and professionalism of Zaurus by ensuring that Zaurus complies with the privacy principles that protect personal information in our possession.
This statement applies to information you provide us with and any information we collect through your use of our Add-In.
ZAURUS’ PRIVACY PRINCIPLES
Zaurus considers the protection of privacy very important. Both the Health Insurance Portability and Accountability Act (HIPAA – USA) and the General Data Protection Regulation (GDPR – EU) take care of the protection of your and our personal data. Under these regulations, an organization that works with personal data has certain obligations and the person from whom the data originates from has certain rights. These regulations speak of ‘processing personal data’. This concept encompasses everything that can be done with personal data: from collection to destruction. This privacy statement is set up to inform you about your and our rights and obligations.
When processing your personal data, we comply with the requirements of both HIPAA and the GDPR. This means that we:
- state our purposes before we process personal data, by means of this privacy statement;
- limit our collection of personal data to the personal information needed for legitimate purposes;
- first ask for your (explicit) permission to process your personal data in cases where your consent is required;
- take appropriate security measures to protect your personal information and we demand the same from parties we work with who process your personal data on our behalf;
- respect your wishes with regard to the access, correction or removal of your personal data as stored by us.
COLLECTIONS AND USE OF PERSONAL INFORMATION
We collect several types of information from and about users of our Add-In, including:
HOW WE USE YOUR PERSONAL INFORMATION
To conduct our business:
- fulfill legal obligations and cooperate with law enforcement investigations;
- conduct product research for future Add-In enhancements or additional products;
- analyze product performance.
To provide you with a better user experience:
- troubleshooting and user support;
- understanding which features are most and least used to make improvements to and provide new functionalities in our Add-In.
THE RESPONSIBILITIES OF ZAURUS B.V.
Zaurus B.V. is legally responsible for the processing of personal data which takes place within Zaurus B.V. We fulfil the obligations arising from this as follows:
- Your data is only collected to support the provision of care and is used for the following purposes:
- so you can register as a user of Zaurus and can make use of the Zaurus Add-In;
- so you can use the Zaurus Outlook Add-In (a connection is made between the Zaurus Messaging Platform and the Add-In);
- so you can schedule Zaurus meetings (which automatically leads to the creation of a consulting room with the guests you have invited) in your Outlook agenda;
- When downloading the Add-In, you will be informed of the fact that personal data is processed. This is indicated by referring to this privacy statement;
- All employees of Zaurus B.V. have signed a confidentiality statement;
- Your personal data is well protected against unauthorized access;
- Your personal data is not kept longer than is necessary to provide good service and care;
- The personal data we collect through your registration for and use of our Add-In is used solely by us. We do not sell your personal information to third parties.
YOUR RIGHTS AS A STAKEHOLDER
Regarding your personal data you have the following rights:
- the right to know if your personal data is processed;
- the right to inspect and ask for a transcript of the data that is processed (insofar as this does not harm the privacy of another);
- the right to request correction, addition or deletion of your data;
- the right to block the transfer of your data to third parties (one or more of the aforementioned care providers);
- the right to request deletion of personal data. This can only be done if the retention of the data is not of significant importance to another and the data does not have to be retained on the basis of (a) statutory regulation(s);
- the right to oppose the processing of your data.
If you want to exercise one or more of your rights, you can contact the Chief Information Security Officer of Zaurus B.V., who represents your interests. Your rights can also be represented by an appointed representative.
If the Chief Information Security Officer of Zaurus B.V. refuses to execute your rights, then can you contact the Dutch Data Protection Authority (i.e. Autoriteit Persoonsgegevens). For example, the Dutch Data Protection Authority can engage by mediating in the dispute or provide advice. As a last resort, you can lodge an appeal with the Dutch civil court.
DISCLOSURE OF YOUR DATA TO THIRD PARTIES
Certain trusted third parties have been engaged by Zaurus to perform functions and provide services, such as hosting. Zaurus has a signed processor agreement with its service providers that reflect the protective measures described in this privacy statement and checks it regularly to ensure that users’ privacy is maintained.
Under no circumstances (except if we are forced by law) do we share your personal data with any companies or institutions, other than the trusted third parties mentioned in this list.
Zaurus takes precautions to protect personal information from loss, misuse, unauthorized access, disclosure, altercation and destruction. To protect your privacy, Zaurus and our contracted third parties take appropriate organizational and technical measures including:
- physical access control. Zaurus uses measures to prevent unauthorized persons from gaining access to data processing systems in which personal data is processed.
- access to personal data is protected with a username, password and, where necessary, a login token.
- using secure connections (TLS) that protects all information between you and our websites and apps when submitting personal data and sharing personal messages.
- using firewalls, intrusion detection systems, intrusion prevention systems and virus scanners to ensure your data is always safe.
- data backup.
- standard data encryption on the Zaurus communication platform: in addition to the TLS connection, we also apply standard AES-256 encryption to all data in transit as well as user information, messages and attachments at rest.
Zaurus discourages the use of unsecured WiFi-networks or other unprotected networks while using the service.
If Zaurus finds out that a vulnerability has occurred, we will notify you and, if necessary, ask you to take appropriate action.
DATA PROTECTION AUTHORITY
If you have any questions or comments about this privacy statement, Zaurus’s privacy practices, you would like to exercise your access rights, or if you would like us to update information or preferences you provided to us, please contact our Chief Information Security Officer. The CISO ensures that personal data is being dealt with in an appropriate manner and data is safe, all the time. The CISO guarantees the privacy of users and the service provided.
Zaurus B.V. (# Dutch Chamber of Commerce : 72991941)
Attn. Chief Information Security Officer
1817 MS ALKMAAR (The Netherlands)
Telephone: +31 72 – 202 9123
If you feel that we are not helping you in the right way, you have the right to file a complaint with the supervising authority. This is called the Dutch Data Protection Authority (i.e. “Autoriteit Persoonsgegevens”).
Data Protection Authority (Autoriteit Persoonsgegevens)
PO Box 93374
2509 AJ THE HAGUE (The Netherlands)
Telephone: +31 900 – 200 12 01, available on workdays from 09:30 AM to 12:30 PM (€ 0.05 per minute)
AMENDMENTS TO THIS PRIVACY STATEMENT
This Privacy Statement may be amended from time to time. Please review it periodically. Changes to this statement will be effective upon posting to this website. Your use of the Add-In following these changes means that you accept the revised statement.