StepZen is now part of IBM. For the most recent product information and updates go to
https://www.ibm.com/products/stepzen
Last Updated: March 2023

Privacy Policy

StepZen Privacy Policy

As of February 08, 2023 StepZen Inc. has been acquired by IBM (https://www.ibm.com). Stepzen has developed a GraphQL server with a unique architecture that helps developers build GraphQL APIs quickly and with less code.

Founded in 2020, StepZen provides an easier way for developers to build GraphQL APIs. StepZen was also designed to be highly flexible. It is compatible with other API approaches and is available as-a-Service (SaaS) while also supporting deployments in private clouds and on-premises data centers.

Integrated into the IBM organization. StepZen, an IBM Company ("StepZen") is committed to protecting the privacy of visitors to the website https://StepZen.com/ ("Website") and others who request information about StepZen. During this integration phase, if you have any questions about StepZen handling of your Personal Information you can contact IBM Chief Privacy Office Helpdesk.

Any Personal Information (defined below) we collect, use, and disclose through our Services is only processed on our customers' behalf and as authorized and directed by those customers. It is the StepZen customer's responsibility to ensure that the data it collects or directs us to collect through StepZen can be legally collected. It is also the customer's responsibility to provide its employees and customers the appropriate level of notification that information, potentially including Personal Information, will be collected, and maintained.

Introduction

At StepZen we value your privacy and are committed to protecting and processing your personal information responsibly.

This privacy statement describes how StepZen collects, uses and shares your information.

Where we provide products, services, or applications as a business-to-business provider to a client, the client is responsible for the collection and use of personal information while using these products, services, or applications. This collection and use is covered by the client's privacy policy, unless otherwise described. Our agreement with the client may allow us to request and collect information about authorized users of these products, services, or applications for reasons of contract management. In this case, this privacy statement, or a supplementary privacy notice, applies.

We may provide additional data privacy information by using a supplementary privacy notice.

Personal Information We Collect and Use

This section describes the various types of information that we collect and how we use it.

It includes information on StepZen account, StepZen Websites, Marketing, Contractual Relationships, Support Services, Protecting You and StepZen, StepZen Locations, Recruitment and Former Employees, Conducting our Business Operations, Cookies and Similar Technologies, and Children.

The information that we collect and use may include profile information, interactions on webpages, marketing preferences, information to investigate malicious activities, recordings or transcripts of your conversations with us for support purposes, information to improve ourbusiness operations, and more.

StepZen Account

You can create an account with StepZen. This account provides StepZen with your name, email address, and country or region of residence..

We may also store your details from business contact information that you provide to us, or that we collect from your organization, our Business Partners, or our suppliers.

StepZen Applications, and Online Services

Our online services include "as-a-service" and desktop applications, mobile applications (or apps). We collect information about the use of these services, such as pages you view or your interactions on that page, to improve and develop our services and to generate technical and market insights.

StepZen Websites

Our websites offer ways to communicate with you about us, our products, and services. The information that we collect on websites is used to provide you with access to the website, to operate the website, to improve your experience, and to personalize the way that information is provided to you. If you visit our websites without logging in with an account, we may still collect information that is connected to your website visit.

For more information on the technologies that we use to collect website information, and setting your preferences, see Cookies and Similar Technologies.

We collect information about your use of our websites, such as:

  • the webpages you view,
  • the amount of time you spend on pages,
  • the website URL that referred you to our pages,
  • your geographic information derived from your IP address,
  • and any hyperlinks you select.

We use this information to improve and personalize your experience with our websites, provide you with content that you may be interested in, create marketing insights, and to improve our websites, online services, and related technologies.

We also collect the information that your browser or device automatically sends, such as:

  • your browser type and IP address,
  • operating system, device type, and version information,
  • language settings,
  • crash logs,
  • and passwords.

We use this information to provide you with access to our webpages, improve the webpage view on your device and browser, adapt to your settings and language, and adapt content for relevancy or any legal requirements for your country. We also use this information to comply with system and network security requirements, and to provide support.

We also provide platforms and forums that enable online sharing, support, and collaboration among registered members. Any information that you submit to these platforms may be made available to others on the internet, or removed by us, as covered in the platform privacy notice or terms. We are not responsible for any content that you make available through your use of our products or services.

We prepare reports on the use of our websites to derive insights into trending topics and general market knowledge. These reports may be provided to third parties with details on how users interacted with or showed interest in the third-party products or services that were presented on our websites.

We accept no responsibility for the content provided on, or privacy practices, of third-party websites or applications.

Marketing

Subject to your preferences, we use the information that we collect to communicate with you about relevant products, services, and offerings. We also use this information to personalize your online experience with our content and advertisements and to develop internal marketing and business intelligence. You may also submit an opt-out request, or select Unsubscribe at the bottom of each marketing email. To review or set your preferences regarding the information that we collect about you online on our websites, select Cookie Preferences in the website footer.

We use information that we collect for marketing purposes. This may include information:

  • Collected directly from you through your interactions with StepZen, such as attendance at events or submission of online registration forms,
  • Received from third-party data providers, subject to controls confirming that the third party legally acquired the information and has the right to provide the information to StepZen for use in our marketing communications,
  • Collected on our websites or from your interactions with StepZen emails and content, including content on third-party sites.

Subject to your preferences, we may use this information to market to you regarding StepZen products, services, and offerings. For example, we may:

  • Contact you by using email, telephone, or postal mail
  • Personalize your experience with StepZen products and services, such as sharing more relevant content or pre-filling registration forms on our websites.
  • Deliver targeted StepZen advertisements on third-party websites based on information we or authorized third parties collect about your interactions with StepZen websites, our content, emails, or, in select geographies, activity linked to your hashed email address.

To opt out of the use of your hashed email for personalization or targeted advertising, you can withdraw your email consent by using any of these options.

To review or set your preferences regarding the information that we collect about you online on our websites, select Cookie Preferences in the website footer.

We also use this information to develop marketing and business intelligence, which is essential for our business operations. For example, we may:

  • Combine the information we collect to better understand your interests and potential business needs,
  • Use aggregated data to measure effectiveness of our marketing campaigns and events, and to proceed to informed business decisions and investments,
  • Aggregate the information that is collected about StepZen website visitors for the purposes of developing and modelling marketing audiences.

Contractual Relationships

A contractual relationship is created when you order a trial, or a product or service from us. While we mainly provide our products and services to businesses, individuals may also enter into an agreement with us directly as a client. We may collect any information that is reasonably necessary to prepare for, enter, and fulfill, the contractual agreement.

The information collected in a contractual relationship may include the business contact information of the requester, a StepZen account, and the order details. Information that is required for shipment and payment, for the implementation of services, or to grant access to the product or service may also be collected.

This information may be collected for various purposes, depending on the nature of the products or services, for example, for contractual management and compliance, to provide support, for the improvement or development of our products and services, to contact you for customer satisfaction surveys, and to generate technical and market insights.

The information collected in a contractual relationship is not used for the purposes of marketing and advertising without obtaining consent before processing.

Support Services

When you contact us to request support, including through LiveChat, we collect your contact information, problem description, and possible resolutions. We record the information that is provided to handle the support query, for administrative purposes, to foster our relationship with you, for staff training, and for quality assurance purposes.

The information that we collect may include any information exchanged during our phone conversations or provided during Live Chat support sessions on our websites. This may include a recording or transcript of your conversations with us. We may use this information to inform you of products or services that are related to your support request. This can include product updates or fixes, and we may combine the information that is collected through other interactions with you or your organization to provide more valuable suggestions in relation to product support, such as any available training regarding the issue.

While we handle the support case, we may have incidental access to information that you have provided or information that is on your system. This information may contain information about you, your organization's employees, customers, or other relevant parties. The conditions regarding the handling and processing of this information is covered by the applicable Terms of Use or other agreements between your organization and StepZen, such as the Terms of Use for Exchanging Diagnostic Data.

Protecting You and StepZen

We may collect and use information to protect you and StepZen from IT security threats and to secure the information that we hold from unauthorized access, disclosure, alteration, or destruction. This includes information from our IT access authorization systems, such as log-in information.

The security solutions we use to protect your information, our infrastructure, and our networks may collect information such as IP addresses and log files. This is necessary for the functionality and utility of security programs to enable the investigation of any potential security incidents and generate insights on security threats.

We may use specialized tooling and other technical means to collect information at access points to, and in, IT systems and networks to detect unauthorized access, viruses, and indications of malicious activities. The information we collect may be used to conduct investigations when unauthorized access, malware or malicious activities are suspected, and to remove or isolate malicious code or content.

StepZen Locations

When you visit a StepZen location, we collect your name or business contact information and, in some cases, information from a government issued ID. This information is collected for access management and to protect the security and safety of our locations and employees.

The information that is collected at our locations is used to issue access badges. We may verify the identity of visitors where legally permissible and, for supplier personnel working on site, a badge with a photo identification may be requested for identification purposes.

Camera supervision and access management are used for reasons of security and safety of our locations, employees, and assets. More information may be available at the StepZen location.

Recruitment and Former Employees

We are constantly searching for new talent for our organization, and we collect information about job applicants or prospective candidates from several sources. When an employee leaves StepZen, we continue to process information that is related to them for any remaining business, contractual, employment, legal, and fiscal purposes, including the management of pensions to the extent handled by StepZen.

Regarding recruitment, we may look for prospective candidates with the help of recruitment intermediaries and may use publicly available information on social media platforms to identify prospective candidates for a specific function.

When an employee leaves StepZen, we retain basic information from the former employee about their employment at StepZen.

After an employee retires, we process information about the retiree for fulfilling the pension obligations toward the retiree. Information about the processing of pension information, or other retirement programs, can be found with the local organization responsible for pensions. In some countries, this may be an independent organization. In some cases, retirees may still participate in StepZen-organized initiatives or programs, such as volunteer and social responsibility programs. Such participation is voluntary, and more information is provided on the relevant websites or information pages for those initiatives.

Conducting our Business Operations

We collect and use information to improve our business operations, systems, and processes. For example, information may be used to conduct, maintain, audit, and optimize our operations, to protect our assets and employees, for product development, and to defend our rights.

We collect information about our business operations to make informed decisions about the organization, the business, and to report on performance, audits, and trends. For example, we use this information to analyze the costs and quality of our operations. Where possible, this is done by using aggregated information, but may use personal information.

We collect and use information from our business systems, which may include personal information, to:

  • protect or enforce our rights, including to detect fraud or other criminal activities (for example, by using information in payment systems)
  • handle and resolve disputes
  • answer complaints and defend StepZen in legal proceedings
  • and comply with legal obligations in the countries where we do business

We collect information from the use of our business processes, websites, cloud and online services, products, or technologies. This information may include personal information and is used for product and process development. For example, we may use this information to increase efficiency, decrease costs, or improve services by developing automated processes and tools, or to develop or improve the technologies on which these are based.

Cookies and Similar Technologies

When you visit our websites, cloud and online services, software products, or view our content on certain third-party websites, we collect information regarding your connection and your activity by using various online tracking technologies, such as cookies, web beacons, Local Storage, or HTML5. Information that is collected with these technologies may be necessary to operate the website or service, to improve performance, to help us understand how our online services are used, or to determine the interests of our users. We use advertising partners to provide and assist in the use of such technologies on StepZen and other sites.

A cookie is a piece of data that a website may send to your browser, which may be stored on your computer and can be used to identify your computer. Web beacons, including pixels and tags, are technologies that are used to track a user visiting an StepZen web page or if a web page was copied to another website. Local Shared Objects can store content information displayed on the webpage visited, and preferences. All of these technologies may be used to provide connected features across our websites or display targeted StepZen advertising (subject to your cookie preferences) on other websites based on your interests. Web beacons may also be used to track your interaction with email messages or newsletters, such as to determine whether messages are opened or links are selected.

Session cookies can be used to track your progression from page to page so that you are not asked for information that you have already provided during the current session, or information that is needed to be able to complete a transaction. Session cookies are erased when the web browser is closed. Persistent cookies store user preferences for successive visits to a website, such as recording your choice of language and country location. Persistent cookies erase their data within 12 months.

You can use the StepZen Cookie Manager to learn more about the online tracking technologies we use and to review or set your preferences regarding the information that we collect about you on our websites. The StepZen Cookie Manager is either presented as a notification window when you first visit a webpage or opened by selecting Cookie Preferences in the website footer. The StepZen Cookie Manager does not address all types of tracking technologies (for example, email pixels). When using mobile apps, use the options on your mobile device to manage settings.

Blocking, disabling, or rejecting StepZen cookies may cause services to not function properly, such as in connection with a shopping cart, or block the use of websites or StepZen Cloud services that require you to sign in. Disabling cookies does not disable other online tracking technologies, but prevents the other technologies from accessing any details stored in cookies.

Our websites offer the possibility to use third-party social media options. If you elect to use these options, these third-party sites may log information about you, such as your IP address, access time, and referring website URLs. If you are logged in to those social media sites, they may also link collected information with your profile information. We accept no responsibility for the privacy practices of these third-party services and encourage you to review their privacy policies for more information.

For information on cookies and how to remove these technologies by using browser settings, see https://www.allaboutcookies.org/.

Children

Unless otherwise indicated, our websites, products, and services are not intended for use by children under the age of 16.

Sharing Personal Information

We may share your personal information internally and externally with suppliers, advisors, or Business Partners for StepZen legitimate business purposes, and only on a need-to-know basis. This section describes how we share information and how we facilitate that sharing.

How We Share Personal Information

When sharing personal information, we implement appropriate checks and controls to confirm that the information can be shared in accordance with the applicable law.

If we decide to sell, buy, merge, or otherwise reorganize businesses in some countries, such a transaction may involve disclosing some personal information to prospective or actual business purchasers, or the collection of personal information from those selling such businesses.

Internally, personal information is shared for our business purposes: to improve efficiency, for cost savings, and internal collaboration between our subsidiaries. For example, we may share personal information such as managing our relationship with you and other external parties, compliance programs, or systems and networks security.

Our internal access to personal information is restricted and granted only on a need-to-know basis. Sharing of this information is subject to the appropriate intracompany arrangements, our policies, and security standards.

Externally,

  • our business with suppliers may include the collection, use, analysis, or other types of processing of personal information on our behalf.
  • our business model includes cooperation with independent Business Partners for marketing, selling, and the provision of StepZen products and services. Where appropriate (for example, when necessary for the fulfilment of an order), we share business contact information with selected Business Partners.
  • we may share personal information with professional advisors, including lawyers, auditors, and insurance companies to receive their services.
  • we may share contractual relationship information with others, for instance, our Business Partners, financial institutions, shipping companies, postal, or government authorities, such as the customs authorities that are involved in fulfillment.
  • We may share personal information with third parties, such as advertising technology partners, data analytics providers and social networks engaged by StepZen to deliver targeted StepZen advertisements on their platforms, to aggregate information for analysis, and to track engagement with those advertisements.

In certain circumstances, personal information may be subject to disclosure to government agencies in accordance with judicial proceedings, court orders, or legal processes. We may also share personal information to protect the rights of StepZen or others when StepZen believes that such rights may be affected, for example to prevent fraud.

Facilitating International Transfers** **

Your personal information may be transferred to or accessed by StepZen subsidiaries and third parties globally. StepZen complies with laws on the transfer of personal information between countries to keep your personal information protected, wherever it may be.

We have implemented various safeguards including:

  • Contractual Clauses, such as those approved by the EU Commission and accepted in several other countries. You can request a copy of the EU Standard Contractual Clauses (EU SCCs) by selecting Contact Us in the header of this page.
  • StepZen privacy practices, described in this Privacy Statement, comply with the APEC Cross Border Privacy Rules Framework. The APEC Cross Border Privacy Rules (CBPR) system provides protection of personal information that is transferred among participating APEC economies as it pertains to online information collected through Stepzen.com.

While the EU-US and Swiss-US Privacy Shield Framework can no longer be relied upon for the transfer of personal information, we continue to comply with all EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework obligations. For more information, see US Department of Commerce.

Controller and Representative Information

StepZen does business through its subsidiaries worldwide. The privacy laws in some countries consider a Controller to be the legal entity (or natural person) who defines the purposes for which the processing of personal information takes place and how that information is processed. Parties that are involved in processing operations on behalf of a Controller may be designated as Processors. Designations and associated obligations differ, depending on the jurisdiction.

Where this is relevant for the privacy laws in your country, the Controller of your personal information is StepZen´s main subsidiary in your country or region.

The contact details of our main subsidiary of a country or region can be found by selecting your country or region and selecting Contact on the footer of StepZen website. StepZen can be contacted at 1750 Lundy Avenue PO Box 611956 San Jose, California 95161-1956. stepzen-team@stepzen.com

Information Security and Retention

To protect your personal information from unauthorized access, use, and disclosure, we implement reasonable physical, administrative, and technical safeguards. These safeguards include role-based access controls and encryption to keep personal information private while in transit. We also require our Business Partners, suppliers, and third parties to implement appropriate safeguards, such as contract terms and access restrictions, to protect information from unauthorized access, use, and disclosure.

We only retain personal information as long as necessary to fulfill the purposes for which it is processed, or to comply with legal and regulatory retention requirements. Legal and regulatory retention requirements may include retaining information for:

  • audit and accounting purposes,
  • statutory retention terms,
  • the handling of disputes,
  • and the establishment, exercise, or defense of legal claims in the countries where we do business.

We retain any contractual relationship information for administrative purposes, legal and regulatory retention requirements, defending StepZen rights, and to manage StepZen´s relationship with you. The information that is provided in a supplementary privacy notice may provide more detailed information on applicable retention terms.

When personal information is no longer needed, we have processes in place to securely delete it, for example by erasing electronic files and shredding physical records.

Your Rights

You have certain rights when it comes to the handling of your personal information. The Contact Us form in the header of this page can be used to:

  • request access to the personal information that we have on you, or have it updated or corrected. Depending on the applicable law, you may have additional rights concerning your personal information.
  • Request to obtain your personal information in a usable format and transmit it to another party (also known as the right to data portability).
  • Request to delete the personal information we hold about you.
  • Opt-out of specific personal information processing types, such as targeted advertising.
  • ask questions related to this Privacy Statement and privacy practices. Your message is forwarded to the appropriate member of StepZen Data Privacy Team, including the responsible Data Protection Officers.
  • submit a complaint to StepZen if you are not satisfied with how StepZen is processing your personal information.

Data Rights Requests Details

When you submit a Data Rights (DR) request, you provide us with personal information, including your name and contact details, which we use to respond to your request. In some circumstances, to verify your identity and to ensure we disclose the personal information to the correct individual, we may also request a copy of your photo ID, which is deleted immediately after verification of your identity.

Upon your DR request, your personal information is processed for handling and fulfilling your DR request, in line with StepZen´s legal obligations and commitments related to DRs.

Your rights may be subject to limitations and exceptions resulting from applicable laws. For example, there may be situations where we cannot share certain information that you seek if disclosing this means disclosing information about others.

You may also have the right to complain to the competent supervisory authority.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) here.

You can also submit an opt-out request, or select Unsubscribe at the end of each marketing email.

Additional Rights

Information about additional rights subject to applicable law and when they apply can be found here. StepZen appoints Data Protection Officers to ensure that we process personal information in compliance with the applicable data protection laws.

StepZen possesses de-identified data. De-identified data cannot reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable consumer, or a device linked to such person. StepZen commits to maintain and use any de-identified data without attempting to reidentify de-identified data.

For California:

  • California Consumer Privacy Act (CCPA)

  • California Privacy Rights Act (CPRA):

For additional rights you may have under CCPA or CPRA, see the

California Supplemental Privacy Statement.

If you are a California resident, you have rights under the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Acts of 2020 (CPRA), from hereon referred to as CCPA. This supplement to the StepZen Privacy Statement is an overview of the information that is required by the CCPA, and provides instructions for how to exercise the rights granted by the CCPA.

For more information on the purposes or categories of personal information that we collect and disclose, see Personal Information We Collect and Use on the StepZen Privacy Statement.

For more information about your rights when it comes to the handling of your personal information, see Your Rights on the StepZen Privacy Statement.

We may provide additional data privacy information by using a supplementary privacy notice with activity-specific or offering-specific information.

  1. Purpose

To support your relationship with StepZen, or your use of our products and services, we may have collected and disclosed information within the past 12 months for the following types of business and commercial purposes.

Personal Information:

To provide you with access to, and use of, our websites, products, and services.

To respond to your request for information, orders, or support.

As business contact information of clients, prospects, partners, and suppliers for commercial relationships.

To provide information about visitors to our sites and their locations.

For marketing and business intelligence, including targeted advertising.

Sensitive Personal Information:

To run secure and safe events.

To respond to data rights requests.

  1. Categories

We may have collected and disclosed the following types of information for business and commercial purposes.

Personal Information:

Identifiers such as IP address, mobile device ID and cookies.

Personal information under the Customer Records provision of the California Civil Code such as your name, postal address, email address or payment information you provide to purchase a StepZen product or service.

Commercial information that is related to purchases of IBM products or services.

Internet or network activity information relating to your interactions with StepZen websites, applications, or emails.

General geolocation data, such as information about the location of your device when you use an StepZen mobile application.

Audio, electronic, and visual information such as visitors' presence on security systems at StepZen offices or recordings of your conversations with us.

Professional information such as your employer's name and job title.

Inferences about your consumer preferences.

Sensitive Personal Information:

State or Government issued identification such as a consumer's social security, driver's license, state identification card, or passport number.

Financial Information such as a consumer's account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

Retention:

For each category of personal information, StepZen retains your personal information only for as long as necessary, based retention criteria including:

the time required to fulfill the business or commercial purposes for which personal information is processed,

the time required to comply with legal and regulatory retention requirements, and

the time required to maintain contractual and customer relationships.

For more information, see Information Security and Retention on the StepZen Privacy Statement.

  1. Sources and disclosure

We may collect Personal Information directly from you, automatically from your interactions with StepZen, from selected partners, or from your employer.

We may disclose information about you with our subsidiaries, suppliers and, where appropriate, with selected partners to help us provide you, or the company you work for, with products or services, or to fulfill your requests.

  1. Sale and Share

Sale:

We do not sell personal data as the term sell is commonly understood. In CCPA, a sale is defined to include disclosures of personal data to a third party for monetary or valuable consideration. Select third parties, such as advertising technology partners, data analytics providers, and social networks, may collect or receive information so that StepZen can provide you with targeted advertising. These third parties may benefit from the use of this data for their own purposes, such as improving their own services, which may qualify as a sale under the CCPA. Within the last 12 months, we may have sold information within each of the following categories, with these third parties:

Personal Information:

Identifiers like email address, IP address, cookies, and other user tracking information.

Internet or Other Network Activity.

Geolocation data.

Professional or employment-related information.

Inferences about your preferences.

Sensitive Personal Information:

None.

You can make choices to allow or prevent such uses.

Share:

StepZen may have shared certain personal information with third parties, such as advertising technology partners, data analytics providers, and social networks for the purpose of targeted advertising, which may qualify as sharing under the CCPA. Within the last 12 months, we may have shared each of the following categories of information, with these third parties:

Personal Information:

Identifiers like email address, IP address, cookies, and other user tracking information.

Internet or Other Network Activity.

Geolocation data.

Professional or employment-related information.

Inferences about your preferences.

Sensitive Personal Information:

None.

You can make choices to allow or prevent such uses.

Rights relating to Your Personal Information

As a California resident, you have the right to:

Know your Personal Information: You can request specific pieces of Personal Information, or information about the categories of Personal Information that StepZen holds about you.

Request Deletion or Rectify your Personal Information: You can request the deletion of or seek to rectify (correct, update or modify) the Personal Information that StepZen holds about you.

Opt out of Sale or Sharing of your Personal Information.

To opt out of the use of cookie data for the purposes of targeted advertising, select Cookie Preferences and Do Not Sell or Share My Personal Information in the footer and set your cookie preferences to Required. If you are accessing our websites while located outside of California, you can opt-out by selecting Cookie preferences in the footer and setting your cookie preferences to Required.

We also honor your opt-out preference by recognizing user-enabled Global Privacy Control (GPC) as a valid opt-out requests (on the browsers or browser extensions that support such a signal).

Limit the Use or Disclosure of Sensitive Personal Information:

We generally do not collect sensitive personal information outside of the situations described in 1. Purpose and 2. Categories. We only use and disclose your SPI in ways that are necessary to perform our services, in ways that are reasonable and proportionate to the expectation of an average consumer.

In CCPA, you have the right to limit the use and disclosure of your SPI if we are using your SPI beyond what is reasonable and proportionate to provide the requested goods or services. To limit the use or disclosure of Sensitive Personal Information, submit a data rights request, then complete the details on the form as needed.

Non-Discrimination

If you choose to exercise any of these rights, we will not deny goods or services to you or provide different quality of services.

Additional Disclosure

As permitted under Health Insurance Portability and Accountability Act (HIPAA), StepZen may Sell, Share, or disclose Deidentified Patient Information (as those terms are defined in CCPA) that has been deidentified pursuant to the deidentification methods described in HIPAA.

StepZen possesses de-identified data. De-identified data cannot reasonably be used to infer information about, or otherwise be linked to, an identified or identifiable consumer, or a device linked to such person. StepZen commits to maintain and use any de-identified data without attempting to reidentify de-identified data.

StepZen does not knowingly sell or share the personal data of children under the age of 16.

How to Contact Us

Questions about this Policy or about StepZen handling of your Personal Information may be submitted by selecting the contact details of our main subsidiary of a country or region and selecting Contact on the footer of StepZen website. StepZen can be contacted at 1750 Lundy Avenue PO Box 611956 San Jose, California 95161-1956. stepzen-team@stepzen.com

.

European Economic Area and United Kingdom

General Data Protection Regulation (GDPR)

If the processing of your personal information is subject to the EU GDPR or UK GDPR, and your personal information is processed based on legitimate interests, you have the right to object to the processing on grounds relating to your specific situation. Under EU GDPR and UK GDPR you may also have the right to request to have your personal information deleted or restricted, ask for portability of your personal information, and not be subject to a decision based solely on automated processing. Where the processing of your personal information is based on consent, you have the right to withdraw this consent at any time. This does not affect the lawfulness of the processing based on consent before your withdrawal.

Contact details of Data Protection Authorities in the European Economic Area can be found here, and in the UK here.

Legal Basis

In some jurisdictions, the lawful handling of personal information is subject to a justification, sometimes referred to as legal basis. The legal bases that we rely on for the lawful handling of your personal information vary depending on the purpose and applicable law.

The different legal bases that we may use are:

-Necessary for the performance of a contract with you

We rely on this legal basis when we need to process certain personal information, such as your contact details, payment details, and shipment details, to perform our obligations or to manage our contractual relationship with you.

Examples:

  • If you intend to purchase a product or service, we require your business contact information to enter into a contract with you or you may need to create an StepZen account to access a purchased product online.
  • When fulfilling a contact, you may need to receive support services, for which we will need to collect your contact information.
  • We need personal information to consider job applicants or manage the pension entitlements of retirees.

-Necessary for the purpose of StepZen´s or a third party´s legitimate interest

Legitimate interests relate to being able to conduct and organize business, which includes the marketing of our offerings, protecting our legal interests, securing our IT environment, or meeting client requirements. Examples:

  • We capture your use of, and interaction with our websites to improve them.
  • We process your StepZen account to manage access authorization of our services.
  • Where we have a contractual relationship with the organization that you are working for, we have a legitimate interest to process your personal information used to manage this contract.
  • We process your business contact information in combination with other business-relevant information to tailor our interactions with you and promote our products and services. We may process your contact information together with details of an StepZen event you attended to develop Marketing and business intelligence.
  • We process the personal information of applicants based on our legitimate interest to source suitable talent.
  • We have to keep our general business operations functional. To this end we may, for example, processes the login information of our IT systems and networks, or CCTV footage at StepZen locations for security and safety purposes.

We may also process personal information where it is necessary to defend our rights in judicial, administrative, or arbitral proceedings. This also falls under the legal basis of legitimate interest in countries where they are not a separate legal basis.

We process personal information for credit protection, which is a specific legal basis under Brazilian law (LGPD) but is also covered under the legal basis of legitimate interest in other countries.

Consent

The processing is based on your consent where we request this. Example:

  • the optional use of Cookies and Similar Technologies or email of Marketing materials.

Legal Obligation

Where we need to process certain personal information based on our legal obligation **. ** Example:

  • We may be obliged to ask for a government-issued ID for certain transactions, such as for a financing transaction.

Privacy Statement Updates

If a material change is made to this Privacy Statement, the effective date is revised, and a notice is posted on the updated Privacy Statement for 30 days. By continuing to use our websites and services after a revision takes effect, it is considered that users have read and understand the changes.