Privacy Policy
(Updated May 2023)
Zerto Ltd. and its wholly owned subsidiaries, Zerto, Inc., Zerto UK Limited, Zerto Germany GmbH and Zerto AUS Pty.
Ltd. (together, “we” or “Zerto”) respect the privacy of our customers, visitors, and users of our websites (“you”)
and are committed to maintaining the privacy and confidentiality of personal information we collect. By using our
products and/or services, including without limitation the Zerto mobile applications (the “App”)
and our websites, including without limitation www.zerto.com , www.zerto.com/myzerto, zap.zerto.com and pages.zerto.com
(the “Websites”), you accept the practices described in this Privacy Policy. To make this Privacy Policy
easier to read, the App, the Website and our related services are referred to as the “Services”.
This privacy policy covers the following chapters:
-
User of our Websites and App
-
Contacts from events and offline activities
-
Billing and licensing information
-
CCPA information for individuals residing in California
-
GDPR information for individuals from the EU or UK
-
Miscellaneous
A. Users of our Websites and App
Information you provide when you visit our Websites as a prospective or current Zerto customer or
partner
Our Websites will allow you to contact us, request a free trial or demo, join our mailing list, or to request or
enquire about support services. When you contact us through our Websites, we will collect limited personal
information about you, such as your name, company name, address, phone number, email address, demographic
information and how you came to our Websites. We will use the information outlined above:
- to review and respond to any query you submit to us, or provide the support services you request;
- to provide you with a free trial or demonstration of the Services;
- when requested, to add you to our mailing list and contact you periodically with information about products
and services offered by Zerto (see “Communications” section below); - to monitor and improve our Services, to comply with obligations that we are subject to under applicable
laws, and to enforce and protect our rights.
If you request a free trial or demonstration of the Services, or submit a query to us, our legal basis for
processing your personal information is that it is necessary for our legitimate interests in conducting and
developing our business and meeting and anticipating the requirements of our current and prospective
customers.
Information you provide if you log on to a Zerto portal
If you log on to the ZAP, myZerto and support portals (together the “Portals”) we will collect personal
information about you, including your name, company name and email address. You will also be required to create
a password to protect your account. We will use this information:
- to create and maintain your account, and to provide the services you request;
- to allow you to log in to your account on our Services, which may involve running authentication security
procedures; - to administer your use of the Services;
- to monitor, review and improve the Services;
- to contact you about your use of the Services, or updates to the Services (see “Communications” section
below or the Subscription Center); - to comply with obligations that we are subject to under applicable law, and to enforce and protect our
rights.
If you log on to a Portal, our legal basis for processing your personal information is that it is necessary for
the performance of the Terms of Use between you and us. The legal basis for processing your personal information
to monitor and improve the Services, to contact you about the Services, to comply with obligations and enforce
and protect our rights, is our legitimate interest in enhancing the Services, interacting with you and
safeguarding our interests.
Information you provide through public forums
We may provide bulletin boards, blogs, user-editable documents or chat rooms on our Websites. Any personal
information you choose to submit in such a forum may be read, collected, or used by others who visit these
forums, and may be used to send you unsolicited messages. We are not responsible for the personal information
you choose to submit in these forums. You should exercise caution when deciding to disclose your personal
information. Each participant’s opinion expressed is his or her own and should not be considered as reflecting
the opinion of Zerto. We will use the information we collect through these public forums:
- to review and respond to queries;
- to monitor, review and improve the Services.
Our legal basis for processing personal information that we gather through public forums is that it is necessary
for our legitimate interests in conducting and developing our business and meeting and anticipating the
requirements of our customers.
Information we collect about how you navigate our Websites and Apps
We also use commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as
you navigate our Websites, including technical information that your mobile device sends when you use our Apps,
such as the device model and the operating system of your device (“Web Site Navigational
Information”). Web Site
Navigational Information includes standard information from your web browser (such as browser type and browser
language), your Internet Protocol (“IP”) address, and the actions you take on our Websites
(such as the web
pages viewed and the links clicked). We use Web Site Navigational Information to operate and improve our
Websites. We may also use Web Site Navigational Information in combination with visitor information to provide
personalized information about Zerto.
Our legal basis for processing this information is that it is necessary for our legitimate interests in
conducting and developing our business and meeting and anticipating the requirements of our customers.
Cookies
We use “cookies” to make interactions with our Websites easier and more meaningful. When you visit our Websites,
our servers send “cookies” to your computer. Standing alone, “cookies” do not directly identify you; they merely
recognize the device you are using to connect with the Websites by means of your web browser.
There are two types of “cookies”: session-based and persistent-based. Session “cookies” exist only during one
session; that is, they are erased from your computer when you close your browser software or turn off your
computer. Persistent “cookies” remain stored on your computer after you close your browser or turn off your
computer.
We use persistent “cookies” that only we can read and use to identify devices (and visitors) that have previously
visited our Websites. We may use information from session and persistent “cookies” in combination with visitors’
information to provide you with more relevant information about Zerto and our products and services.
We also use Google Analytics and other tools to track usage of our Websites. See the “Analytics” section below
for more information.
Analytics
We use third parties to track and analyze usage and volume statistical information regarding individuals who
visit our Websites or use the Services.
For example, we utilize Google Analytics, a service provided by Google, Inc., that we use to gather information
about how users engage with our Services. For more information about Google Analytics, please visit
www.google.com/policies/privacy/partners/.
If you want to opt-out of the collection of information by Google Analytics, please visit
https://tools.google.com/dlpage/gaoptout.
If you wish to opt out of the collection of information by Google Analytics on our App, you can do so in the
‘About’ section of Zerto Mobile or ZVR, respectively. If you wish to opt out of the collection of information by
Google Analytics on our Websites, please change the “Cookies Settings” on our Websites. We also utilize
FullStory which help us to understand usage patterns on our Websites, such as user clicks, mouse movements and
scrolling on our Websites. We use this information troubleshoot bugs, support our customers and build better
user experiences on our Websites. You may opt-out of us collecting and processing this data through the “Cookies
Settings” on our Websites.
Tracking Pixels
We use “tracking pixels” alone or in conjunction with “cookies” to compile information about usage
of our Websites and interaction with emails from us. “Tracking pixels” are clear electronic images that can
recognize certain types of information on your computer, such as “cookies,” when you viewed a particular website
linked to the “tracking pixel,” and a description of a website tied to the “tracking pixelacon.” For example, we
may place “tracking pixels” in marketing emails that notify us when you click on a link in the email that directs
you to our Websites.
We use “tracking pixel” to operate and improve our Websites and email communications, to try to
ensure that they are relevant and interesting to the people receiving them. We may use information from “tracking
pixels” in combination with visitors’ information to provide you with information about Zerto or its products or
services.
IP Addresses
When you visit our Websites, we collect your IP address to track and aggregate information that does
not directly identify you. For example, we use IP addresses to monitor the regions from which visitors navigate
our Websites and to direct queries to the most appropriate Zerto personnel.
If you are a prospective or current Zerto customer, your IP address will also be stored in association with your record to make certain functions
available to you, including your access to Portals.
Responding to Do Not Track Signals
Our Services do not have the capability to
respond to “Do Not Track” signals received from various web browsers.
B. Contacts from events and offline activities
Information you provide when you attend an event, or contact us offline
When you register to an event we organize, we will collect personal information about you through the
registration form, or if you contact us otherwise than through our Websites (for example by post, or telephone).
We will collect limited personal information about you, such as your name, company name, address, phone number,
email address and demographic information. We will also collect information about your attendance and
participation in the event.
If you participate in events organized by others, but in which Zerto is represented, we will receive your
information only if you opted-in to have your contact information shared with us as a third-party partner of the
event organizer.
We will use the above information:
- to review and respond to any query you submit to us;
- to provide you with a free trial or demonstration of the Services;
- when requested, to add you to our mailing list and contact you periodically with information about products
and services offered by Zerto (see “Communications” section below); - to comply with obligations that we are subject to under applicable laws, and to enforce and protect our
rights.
Our legal basis for processing your personal information is that it is necessary for our legitimate interests in
conducting and developing our business and meeting and anticipating the requirements of our current and
prospective customers.
C. Billing and licensing information
MSP Billing Information
On a monthly basis, managed service providers (“MSP”) submit a report to us by using the
reporting feature of our software, or alternatively, by enabling our software to
submit the relevant information to us via a secure API in order to produce such a report. These reports cover all
usage information from all data centers, and include the number of virtual machines on which our software was
operated during the applicable month, as well as other relevant information, such as the name of the protected
site, the name of the recovery site, the virtual protection group domain name, the type of virtual machine, etc. We
refer to this as the “MSP Billing Information.”
MSP Billing Information is used only for automated billing purposes.
Support and Mobile App Data
We collect data from whomever enables Zerto Analytics, the Zerto Mobile App, and/or
runs our software. Such data includes, among other things, our licensing information, version information (Zerto and
vSphere), and environment statistics (number of virtual machines, number of replicated virtual machines, number
of VPGs, etc.). The information set forth in this section shall be referred to as the “Collected
Data”.
Collected Data is used by our support team for improving the support provided to customers as well as for
enabling the Mobile App. For example: if we find a bug in a certain version of our software, we may use the
Collected Data to contact customers who are running such version with a proposed bug-fix.
D. CCPA Information for Individuals Residing in California
This section of the policy provides information pursuant to the California Consumer Privacy Act and the
California Privacy Rights Act (CCPA/CPRA).
This is the personal information we have collected over the past 12 months when we operate as a “business” under
the CCPA/CPRA:
| Categories of Personal Information under the CCPA/CPRA | Specific Types of Personal Information Collected and the source of the information | Specific business or commercial purpose for collecting personal information from consumers |
|---|---|---|
| Identifiers | Name, email address, phone number
Portals’ login information (within Contact Information) Source of the information: The consumer themselves. An event organizer, in case, if the consumer participates in an event organized by others, but in |
|
| Information that identifies, relates to, describes, or is capable of being associated with, a particular individual |
Subject of your query, demographic information.
Content of your message or comment on our bulletin boards, blogs, user-editable documents or chat Source of the information: The consumer themselves. An event organizer, in case, if the consumer participates in an event organized by others, but in |
|
| Professional or employment-related information | Company name, address, and position.
Source of the information: The consumer themselves or the Business they are associated with. An event organizer, in case, if the consumer participates in an event organized by others, but in |
|
| Commercial information, including products or services you are considering | Subject of your query expressing interest in our Services.
Information relating to providing you with a free trial or demonstration of the Services. Source of the information: The consumer themselves or the company they are associated with |
|
| Internet or other electronic network activity information | IP address from which you access the Website or Portals, time and date of access, type of browser used, language used, links clicked, and actions taken while using the Website or Portals. Your interactions with emails from us. Source of the information: The consumer themselves and their device |
|
The chart below explains about the personal information we disclosed for a business purpose to third parties in
the preceding 12 months:
| Categories of Personal Information under the CCPA/CPRA | Categories of third parties to whom we disclose your information and the specific business or commercial purpose for the disclosure |
|---|---|
| Identifiers | The Zerto group companies, and professional advisors such as attorneys, accountants, auditors, financial and other professionals: for the appropriate operation and conduct of our business.Third party companies in connection with a prospective or actual sale, merger, transfer or other organization of all or parts of our business: for business continuity purpose in case of a reorganization. regulatory authorities, including tax authorities: to comply with mandatory legal requirements imposed on us.Law enforcement agencies, courts or other relevant tribunals: to defend and enforce violations and breaches that are harmful to our business. |
| Information that identifies, relates to, describes, or is capable of being associated with, a particular individual |
|
| Professional or employment-related information | |
| Commercial information, including products or services purchased, obtained, or considered |
|
| Information that identifies, relates to, describes, or is capable of being associated with, a particular individual |
|
| Internet or other electronic network activity information |
The chart below details how we share personal information for online behaviorally targeted ads. We do not sell
your personal information and we have not done so in the preceding 12 months. We also do not have actual
knowledge that we share the personal information of consumers under 16 years of age for online behaviorally
targeted ads.
| Categories of Personal Information shared for online behaviorally targeted ads | Categories of third parties with whom Personal Information is shared for online behaviorally targeted ads |
Specific business or commercial purpose for sharing personal information for online behaviorally targeted ads |
|---|---|---|
| Identifiers and Internet or other electronic network activity information | Online advertising networks. |
|
See the section below for the notice of the right to opt-out of sharing your personal information for online
behaviorally targeted ads.
The following rights apply only to a California resident:
| Consumer Right | Details |
|---|---|
| Knowing the personal information, we collect about you | You have the right to know:
|
| Right to opt-out of sharing personal information for online behaviorally targeted ads | We share your personal information for online behaviorally targeted ads, as explained above. You have a right to opt-out of that sharing. If you would like to exercise your right to opt-out, please click here. |
| Right to Deletion | Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
Please note that we may not delete your personal information if it is necessary to:
We also will deny your request to delete if it proves impossible or involves disproportionate effort, |
| Right to correct inaccurate personal information | If we receive a verifiable request from you to correct your information and we determined the accuracy of the corrected information you provide, we will correct inaccurate personal information that we maintain about you.In determining the accuracy of the personal information that is the subject of your request to correct, we will consider the totality of the circumstances relating to the contested personal information.We also may require that you provide documentation if we believe it is necessary to rebut our own documentation that the personal information is accurate. We may deny your request to correct in the following cases:
We will provide you a detailed explanation that includes enough facts to give you a meaningful |
| Protection Against Discrimination | You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA/CPRA. This means we cannot, among other things:
Please note that we may charge a different price or rate or provide a different level or quality of |
| Designate an authorized agent to submit CCPA requests on your behalf | You may designate an authorized agent to make a request under the CCPA on your behalf. To do so, you need to provide the authorized agent written permission to do so and the agent will need to submit to us proof that they have been authorized by you. We will also require that you verify your own identity, as explained below. |
If you would like to exercise any of your CCPA rights as described above, you should email us to: privacy@zerto.com.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing
the
personal data requested to you, by using a two or three points of data verification process, depending on the
type
of information you require and the nature of your request.
Other disclosures to third parties
California Civil Code Section 1798.83 permits our customers who are California residents to request certain
information regarding our disclosure of personal information to third parties for their direct marketing
purposes.
To make such a request, please send an email to privacy@zerto.com. Please
note that we are only required to respond
to one request per customer each year.
E. GDPR information for individuals from the EU or UK
Data controller
The following is the contact information of Zerto Ltd. the data controller of the information covered in this
privacy policy:
15 Ariye Shankar St.
Gav-Yam Building 6, Floor L2
Herzliya, Israel 4672515
+972 (77) 9210000
+972 (77) 424 6306
Your data subject rights
If you are in the EU or UK, you have the following rights under the GDPR regarding the information we process as
a controller:
- Right to Access your personal data and receive a copy of it.
- Right to rectify inaccurate personal data about
you and to have incomplete personal data completed. - Right to data portability, that is, to receive the
personal data that you provided to us, in a structured, commonly used, and machine-readable format. You have
the
right to transmit this data to another service provider. Where technically feasible, you have the right that
your personal data be
transmitted directly from us to the service provider you designate. - Right to object, based on your particular situation, to use your personal data on the basis of our
legitimate
interest, including processing your information for marketing purposes. However, in cases other than
processing
your information for marketing purposes, we may override the objection if we demonstrate compelling
legitimate
grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to
the
use of your personal data for direct marketing purposes. - Right to restrict the processing of your personal
data (except for storing it) if: (i) you contest the accuracy of your personal data, for a period enabling
us to
verify its accuracy; (ii) you believe that the processing is unlawful and you oppose the erasure of the
personal
data and request instead to restrict its use; or (iii) we no longer need the personal data for the purposes
outlined in this Privacy Policy, but you require them to establish, exercise or defense relating to legal
claims, or if you object to processing, pending the verification whether our legitimate grounds for
processing
override yours. - Right to be forgotten. Under certain circumstances, such as when you object to us processing
your data and we have no compelling legitimate grounds to override your objection, you have the right to ask
us
to erase your personal data. However, we may still process your personal data if it is necessary to comply
with
a legal obligation, where we are subject to under laws in EU Member States or the UK, or for the
establishment,
exercise or defense of legal claims.
If you wish to exercise any of these rights, please contact us at privacy@zerto.com.
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with
information. Where we are not able to provide you the information that you have asked for, we will explain the
reason for this.
You have a right to contact the supervisory data protection authority
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If
you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory
authority, particularly in the Member State of your residence, place of work or place of an alleged infringement
of the GDPR. For a list of supervisory authorities in the EU, click
here.
If you are in the UK, you can lodge a complaint to Information Commissioner’s Office (ICO) pursuant to the
instructions provided here.
F. Miscellaneous
Third Party services providers
We engage third-party services providers, such as hosting service providers and data centers, to work with us to
administer and provide the Services. These third-party services providers have access to your
information only for the purpose of performing services on our behalf and are expressly obligated not to
disclose or use your information for any other purpose.
Applicability
This Privacy Policy covers the information handling practices of our Services. Our Services may
contain links to other websites and services that are owned or operated by third parties (each, a “Third-Party
Service”).
Any information that you provide on or to a Third-Party Service or that is collected by a Third-Party
Service is provided directly to the owner or operator of the Third-Party Service and is subject to the owner’s
or operator’s privacy policy. We are not responsible for the security, information practices or the content of any
Third-Party Service.
To protect your information, we encourage you to review the privacy policies of all
Third-Party Services you access to understand their information practices.
Disclosure of Collected Information
We disclose the
personal information we have about you to limited categories of third parties, including:
- Zerto group companies. The legal basis for this processing is our legitimate interests in the appropriate operation and conduct of
our business. - subcontractors, service providers and other agents (for example, providers of CRM and business
administration systems) in connection with the provision of the Services to you. These are processors
processing personal information on our behalf. - third party companies in connection with a prospective or actual sale, merger,
transfer or other organization of all or parts of our business. The legal basis for this processing is our
legitimate interests in our business continuity. - professional advisors such as attorneys, accountants, auditors,
financial and other professionals. The legal basis for this processing is our legitimate interests in the
appropriate operation and conduct of our business. - regulatory authorities, including tax authorities. The legal
basis for this processing is our legitimate interests in complying with mandatory legal requirements imposed
on us. - law enforcement agencies, courts or other relevant tribunals. The legal basis for this processing is our
legitimate interests in defending and enforcing violations and breaches that are harmful to our business.
Communications
By signing up to receive communications from Zerto, you understand that we may send you communications or data
from our Websites regarding the Services from time to time through the general operation of the Services,
including but not limited to: (i) notices about your use of our Services, including any notices concerning
violations of use; (ii) updates; and (iii) promotional information and materials regarding Zerto’s products and
services. Where required by applicable law, we will send you an email asking you to confirm that you wish to
receive promotional information from us.
We give you the opportunity to opt-out of receiving promotional communications from us by following the opt-out instructions
provided in the message you receive, or by visiting the Subscription Center.
Information Security
We strive to maintain the reliability, accuracy, completeness and currency of personal and
customer information that we collect and to protect the privacy and security of our customers and visitors. We
implement industry-standard security measures in our servers and databases designed to prevent the loss, misuse,
unauthorized access, disclosure, alteration or destruction of the information we collect, including encryption,
firewalls, password protection, and access controls. We work to protect the security of your information during
transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input. We allow you,
however, to choose a non-encrypted channel to work with our management system. It is important for you to
protect against unauthorized access to your password and to your computer. We restrict access to the information
we collect to our employees, contractors and agents who need to know that information in order to process it for
us, and who are subject to confidentiality obligations and may be disciplined or terminated if they fail to meet
these obligations. Although we make good faith efforts to store the information collected by us in a secure
operating environment that is not available to the public, we cannot guarantee absolute security or against any
loss, misuse, unauthorized disclosure, alteration or destruction of data. You understand and agree that all
information collected by us as provided herein is at your own risk and is subject to the provisions of this
Privacy Policy. If you have any questions about the security of Zerto’s services or the Websites, please contact
us at privacy@zerto.com.
Data Integrity and Storage
We keep your personal information only for as long as reasonably necessary for the
purposes for which it was collected or to comply with any applicable legal or ethical reporting or document
retention requirements. We take reasonable steps to ensure that data is reliable for its intended use, accurate,
complete, and current.
Changes to this Privacy Policy
From time to time, we may update this Privacy Policy. We will
post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more
prominent notice (including, for certain services, email notification of Privacy Policy changes).
Contact Us
If you would like to contact us regarding the use of your personal information, the types of third parties to whom
we disclose such information or ways in which you may be able to limit the use and disclosure of such information,
please send an email to privacy@zerto.com detailing your request