Zotabox Privacy Policy for Merchant’s Website Visitors

General

• By using Zotabox website tools, the Merchant or website owner (controller) is authorizing Zotabox (the processor) to store and forward personal customer data that customers freely enter on the merchant’s website directly to the merchants email address and/or to an service provider such as Mailchimp, Shopify, Zapier, Google Sheets etc that merchants choose and authorize to receive and store such data.

Email Collection Tools

• Zotabox may also collect the email, name, ip address, time stamp and record of consent (depending on merchant settings) when customers enter their name and/or email address using Zotabox tools on the merchant website.
• Zotabox will store this information for 90 days on our secure servers for access by merchants only, after which it will be permanently deleted.
• Zotabox employees will not access this data except in extreme cases of bug fixing or data recovery when an error log will not suffice.

Contact Forms

• Our contact forms allow merchants to collect additional information using custom fields. The merchant can choose to send this information directly to their own email address and/or store this data on Zotabox servers for 90 days. Customized information is encrypted and unaccessible to Zotabox employees except in extreme cases of bug fixing or data recovery.

 Social Accounts

• Tools such the facebook live chat and social buttons tools allow website visitors to ‘login’ to their social account (if they are not already logged in in their browser) to ‘chat’ with the merchant OR ‘share’ or follow Merchant’s social account.
  • ALL sharing/following/live chat etc is completed ‘within and by the social account’. No personal data is shared with Zotabox or stored on Zotabox servers.
  • Please refer to the GDPR compliance policies of each social network.

Push Notification Unsubscribe

• Website visitors may unsubscribe from Push Notifications from merchants from the following browsers. Zotabox does not store any personally identifiable information on it’s servers in relation to the Push Notification tools.
• Chrome
• Firefox

Cookies

• Zotabox also places non-identifiable cookies on Merchant website visitor’s browsers to ensure the proper functioning our tools. For example to ensure popups only display once per customer visit/session and not on every page load or not display again if customer has already entered their email via one of our tools.
  • Some tools may check your IP address to ensure the proper display of tools for example to EU visitors only. Zotabox only ‘checks’ the IP address in these cases and does not ‘store’ this information.
• Zotabox does not track customer browsing history when visiting a merchant website using our tools.
• Here is a list of our cookies:
  • _ZB_STATIC_ are essential cookies to handle and display Zotabox tools properly.
    _ZB_STATS_ are used for Zotabox tool tracking (impression, click, submission, email sign ups..)
    _ZB_ADMIN_ are used to refresh Zotabox tool cache on visitor website

IP Addresses

• Zotabox anonyimizes the last octet of IP addresses with our EU Cookie and Push Notification tools.

Time Limitations

• All personal customer data is automatically removed from Zotabox servers after 90 days and is no longer accessible by Zotabox or the merchant.

Backups

• Zotabox continually backs up all customer data for 30 days to ensure reliable service and in case of damage or loss to the main server. If a request is made to remove data, data on primary servers will immediately be removed but data on backups will remain for 30 days and then permanently and automatically deleted.

Request removal or edit of personal data

• Website visitors may contact Zotabox directly to remove or edit personal customer data on our servers.
  • Please send email to customerservice@zotabox.com FROM the email you wish to delete/edit from our servers (for verification purposes) and the name of the website you entered this information.
  • Important Note: Zotabox can ONLY delete or edit information on Zotabox servers only. Customer may need to contact merchant directly to remove/edit information on merchant servers or other 3rd party data processors authorized by the Merchant.
• In some cases, the merchant may voluntarily delete their Zotabox account including ALL customer data permanently from Zotabox servers. Zotabox can provide the customer the date when this was requested and completed.

Security and Privacy

• Customer data is always transferred from merchant websites via secure https protocol and is stored on secure servers in the United States for 90 days and then permanently deleted. Zotabox or the merchant can not access customer data after this time.
• Zotabox will never share personal data but will provide information to third parties when legally required to do so.
• Zotabox only stores personal customer data for the benefit of the merchant and is NOT used or shared by Zotabox for any reason other than debugging or recovery purposes for the Merchant’s benefit.
• Zotabox STRONGLY recommends merchant website customers do not submit sensitive and financial information using our contact form. We recommend merchants redirect customers to their secure payment page or submit sensitive information directly through email.
• Zotabox is committed to complying with standard data protection requirements when transferring data from the EU to the United States. You may review our full GDPR policy here.

Breach Notification

• In cases of data breaches, Zotabox will report to the merchant within 72 hours if it is determined the privacy of customer data is at risk.

Contact

If you have any questions or comments, please contact Zotabox at customerservice@zotabox.com providing your email address and website where your personal information was entered.