Zumpul Privacy Policy

Privacy Policy

This is an important notice regarding your privacy and the way in which A & E Sistemas SA de CV (referred to as “Zumpul”, “we” or “us” in this policy) collects and makes use of your personal data. We want to be open and transparent with you, and therefore encourage you to contact us if you have any questions about this policy or the ways in which we use your personal data.

We take our privacy responsibilities seriously and are committed to protecting and respecting your privacy. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We abide by the following principles while processing your data:

  • we do not collect more information than it is necessary;

  • we do not use your data for purposes other than those specified in this Privacy Policy;

  • we do not keep your data if it is no longer needed;

  • we do not disclose your data in cases other than these specified in this Privacy Policy.

This privacy notice will inform you of:

  • your privacy rights;

  • how the law protects you;

  • and how we look after your personal data, why we hold it and what we do with it.

What information do we hold about you?

We may collect, store and use personal data about you (referred to throughout this privacy policy as personal information):

 Types of Data collected

  • Among the types of Personal Data that Zumpul collects, by itself or through third parties, there are: Cookies; Usage Data; email address; first name; last name, phone number.

  • Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using Zumpul.

  • Unless specified otherwise, all Data requested by Zumpul is mandatory and failure to provide this Data may make it impossible for Zumpul to provide its services. In cases where Zumpul specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

  • Any use of Cookies – or of other tracking tools – by Zumpul or by the owners of third-party services used by Zumpul serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

  • Users are responsible for any third-party Personal Data obtained, published or shared through Zumpul and confirm that they have the third party's consent to provide the Data to the Owner.


Google User data handling


Zumpul is designed as G Suite Marketplace application. We adhere to a set of best practices of secure enterprise application development defined by Google. We use OAuth 2.0 for G Suite authentication and authorization.


Our application doesn't work with nor doesn't access any data in consumer Google accounts (@gmail.com).


Our application is built with a single purpose: to allow companies with G Suite to centrally manage email signatures for users in their domain.


The list below contains all the scopes we use for API access to customer data. We also specify for what exact purpose we need it and as you can see, we often use only a small part of the granted access level.


View customer related information

View details (e.g., contact email, organization title etc) of the customer.

General information about a company like domain and address is used for initial setup of Company profile or timezone.


View group subscriptions on your domain

View details (e.g., memberships and roles) of group subscriptions in your domain

We currently don't load any Group related data, but functionality allowing signature assignment based on Group membership is under development.


View groups on your domain

View details (e.g., name, members) and metadata (e.g., login details) of groups on your domain

Same as the previous scope.


View organizational units on your domain

View metadata (e.g., name and description) of organizational units

We import organizational units as User Groups in Zumpul.


View and manage the provisioning of users on your domain

Provision and delete users on your domain, view and modify details (e.g., name, address, and phone number) and metadata (e.g., login details) of users on your domain

We use it only for read-only access to the list of users, user details, and OU membership. However, a functionality to sync user information back to G Suite Directory (which requires modifying user details) is under development.


View user schemas on your domain

View details (e.g., custom field names and types) of user schemas on your domain

We use this scope to load user contact information that is saved in custom schemas.


Manage your basic mail settings

View primary email address, view and manage primary Reply-To, display name and signature, view and manage vacation responder settings, view and manage filters, view and manage POP settings, view and manage IMAP settings, view forwarding settings, view mail delegates with access to your account, view "Send mail as" aliases

We use it only to load existing Send as addresses which is necessary to change users signatures using the following scope.  This is a required scope for an actual change of the signature. We need to update settings of the send as to change signatures.


View your email address

View the email address associated with your account

We use it for User identification.


View your basic profile info

View your full name, profile picture and profile URL View any publicly available information on your Google+ profile (if you have one or create one in the future)

We use it to load profile pictures for users.

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.


Generally we do not rely on consent as a legal basis for processing your personal data.


We have set out below a description of all the ways we plan to use personal data, the legal bases we rely on to do so, and whether we process that data as data controller or processor. We have also identified what our legitimate interests are where appropriate.


Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Security

We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.


We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.


We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Retention of Data

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.


To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.


Your Legal Rights


Under certain circumstances, you have rights under the data protection laws in relation to your personal data.


  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

  • Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact compliance@aeegle.com


NO FEE USUALLY REQUIRED


You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


Policy Modifications

We may change this Privacy Policy from time to time. If/when changes are made to this privacy policy, we will email users who have given us permission to do so. We will post any changes here, so be sure to check back periodically. However, please be assured that if the Privacy Policy changes in the future, we will not use the personal information you have submitted to us under this Privacy Policy in a manner that is materially inconsistent with this Privacy Policy, without your prior consent.