This Zebra GDPR Addendum supplements the Privacy Policy to the extent you use Zebra's website and the GDPR is applicable to you. Zebra is committed to GDPR compliance.
As used in this GDPR Addendum:
“controller,” “data subject,” “personal data”, “process”, and “processor” will each have the meaning given to them in Article 4 of the GDPR;
“GDPR” means the General Data Protection Regulation (EU) 2016/679, together with any national implementing laws in any Member State of the European Union, as amended, repealed, consolidated or replaced from time to time including the UK version of the GDPR as defined in Section 10(3) of the Data Protection Act 2018;
"Privacy Policy” means Zebra’s privacy policy located on Zebra.com.
As a controller and processor of data, including personal data, Zebra collects, processes, and uses personal data fairly and lawfully.
Annex 1 (below) contains the list of Zebra entities in the European Economic Area (“EEA”) that may collect and process your personal data.
Zebra is focused on implementing the appropriate technical and organizational measures to ensure that Zebra meets the requirements of the GDPR. Where the GDPR is applicable, Zebra commits to follow all the requirements of the GDPR, including to:
Zebra collects, uses and shares data for the purposes as set out in its Privacy Policy.
To process your personal data, Zebra relies on at least one of the following legal bases:
The processing may also be pursuant to other applicable legal basis for data processing, especially provisions set out by Member State law. To the extent that a legal ground described above would not apply to processing of your personal data by Zebra, Zebra will seek your consent for such specific purpose in accordance with applicable law.
The GDPR treats some types of personal data as special categories of personal data. This includes information about racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data, and criminal records. Zebra will not collect or use these types of data without your consent unless allowed by applicable law. If Zebra does use such data, it will only be when it is necessary; for example:
Zebra uses a select number of website processors or sub-processors to provide customers with products and services, and to operate Zebra’s business. Each website processor and sub-processor has been assessed for their ability to provide appropriately secure services and provision of relevant assurances, policies and data processing agreements. Personal data is processed for the purposes described in this GDPR Addendum and in the Privacy Policy and Zebra's Terms of Service.
Zebra's current list of sub-processors for its website are:
Name | Services |
Adobe, Inc | Website analytics |
Hero Digital, LLC | Marketing, automation services and online chat. |
OneTrust, Inc | Privacy consent and preference management |
Oracle Corporation | Email subscription management and form processing services |
Salesforce, Inc. | Interface for contact management and task management. |
Zebra affiliates located in the United States of America ("USA") | Applicable website data processing services as described in the Privacy Policy. |
Zebra affiliates located outside of the EEA and the USA | Applicable website data processing services as described in the Privacy Policy. |
Zebra’s Workcloud solutions may use sub-processors, including Zebra affiliates, for the processing of personal data from time to time in accordance with the GDPR. Zebra's current Workcloud solutions’ sub-processors can be found under the following links:
If you are a member of the Zebra PartnerConnect Program, please click on the following link to see Zebra’s PartnerConnect Sub-processor Schedule.
For the purposes set out in the Privacy Policy and any applicable product or solution documentation, your personal data may be transferred outside of the country in which it was collected to Zebra Technologies Corporation (“Zebra US”), the parent company of Zebra located in the USA, its subsidiaries, affiliates and third party service providers located in other jurisdictions.
Zebra will ensure that all transfers are lawful and that there are appropriate legal and security arrangements, including implementing supplementary measures to achieve a level of protection equivalent to GDPR.
To meet the conditions of Chapter 5 of the GDPR, Zebra primarily relies on Standard Contractual Clauses approved by the European Commission in its decisions 2004/915/EC and 2010/87/EU or 2021/914/EC and 2021/915/EU for any new agreement entered into with or by Zebra on or after the 28 September 2021 ("SCCs"). This shall ensure the lawful transfer of personal data outside of the UK and European Union. Furthermore, Zebra as a group of companies has entered into an intra-group data transfer agreement, which incorporates the SCCs as the GDPR Chapter 5 transfer mechanism. This agreement ensures appropriate and suitable safeguards with Zebra US, Zebra UK, Zebra's subsidiaries, affiliates and third-party service providers.
Zebra's sub-processors commit to using approved methods to ensure the controlled transfer of data outside of the EU. Additionally, Zebra’s providers make strong commitments to Zebra related to limiting access to the data that is stored with them.
Zebra products, services and websites are not for use by children under the age of 16 years and Zebra does not knowingly collect, store, share or use the personal data of children under the age of 16 years. If you are under the age of 16 years, please do not provide any personal data, even if prompted by Zebra's website to do so.
Where requested and lawful to do so, Zebra may communicate with you about Zebra products, services and solutions, subject to your consent where required. If you wish to unsubscribe from receiving marketing communications, please visit http://online.zebra.com/Preferences-enu to manage communications preferences. As is common with most websites, Zebra gathers certain information and stores it in log files when you interact with Zebra’s website. Zebra uses this information to personalize information presented to you, to monitor the effectiveness of Zebra's website-based marketing campaigns and to improve the functionality of the website. In such cases, Zebra will process such information in accordance with Privacy Policy.
Zebra has implemented a range of policies, procedures and controls to ensure personal data is secure. Zebra has implemented policies in compliance with the GDPR and frequently re-assesses such policies to ensure the continued support of privacy requirements applicable to personal data under the GDPR. In assessing the appropriate level of security, Zebra takes account of the risks that are presented by the processing, and in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to data transmitted, stored or otherwise processed.
Zebra has implemented and maintains at least the following minimal technical and organizational security measures to protect the personal data:
Server Operating Systems. Zebra infrastructure utilizes industry standard enterprise level Operating Systems which are regularly patched in accordance with the software vendors recommendation. All systems are protected with anti-virus, anti-malware and anti-ransomware software, as appropriate.
Businesses Continuity. Zebra maintains cloud-based systems hosted with third parties that provide business continuity/disaster recovery procedures.
Data Transmission. To prevent data from being read, copied, altered or removed without authorization, Zebra encrypts and/or password protects all transmissions containing personal data.
Encryption Technologies. Zebra uses AES and/or HTTPS encryption (also referred to as a SSL or TLS connection).
Please visit the Preference Center page to understand the options available to you regarding unsubscribing to any communications you have subscribed to via Zebra's website. To invoke a data subject request under GDPR for access to and rectification or erasure of personal data or restriction of processing or to object to processing and rights to data portability, send an email detailing your specific request to privacy@zebra.com. Zebra also retains personal data no longer than is necessary to carry out the purposes described in the Privacy Policy. In considering how long to keep a particular category of personal data Zebra will have regard to the purposes for which it is processed, and any purposes which continue to apply even when Zebra has delivered a product or service (for example, because Zebra needs to keep records for audit purposes or in the event of a legal claim or threatened claims). Data subjects have the right to lodge a complaint with the appropriate supervisory authority if the data subject considers that the processing of personal data relating to the data subject infringes the GDPR. Please refer to Annex 2 below to find your local supervisory authority in the EEA.
This Zebra GDPR Addendum is subject to change from time to time, so you should check it periodically.
Country | Controller |
Austria | Zebra Technologies Austria GmbH Albertgasse 35 1080 Wien, Austria |
Belgium | Zebra Technologies Belgium S.P.R.L. Uitbreidingstraat 84 2600 Antwerp, Belgium |
Czech Republic | Zebra Technologies CZ s.r.o. Plzeňská 3350/18 150 00 Prague 5-Smíchov, Czech Republic Zebra Technologies CZ s.r.o. Vlnena Business Park, Vlnena 526/7 602 00 Brno, Czech Republic |
Denmark | Psion ApS Borupvang 3 2750 Ballerup, Denmark |
Finland | Zebra Technologies Europe Limited Laajalahdentie 23, 6th Floor, Room #674 00330 Helsinki, Finland |
France | Zebra Technologies France SAS Immeuble le Copernic, 405 Av. Galilée 13290 Aix-en Provence, France Zebra Technologies France SAS 40 Rue d'Arcueil 94150 Rungis, France |
Germany | Zebra Technologies Germany GmbH Unter den Linden 10 10117 Berlin, Germany Zebra Technologies Germany GmbH Ernst-Dietrich-Platz 2 40882 Ratingen, Dusseldorf, Germany Reflexis Kokkolastraße 5, 4439 Ratingen OST 40882 Ratingen, Dusseldorf, Germany |
Greece | Zebra Technologies Hellas Loukianou 6 106 75 Athina, Greece |
Hungary | Zebra Technologies Magyarország Kft. Árpád fejedelem útja 26-28 1023 Budapest, Hungary |
Italy | Zebra Technologies Italy SRL Via Gianfranco Zuretti, 34 20125 Milan, Italy Zebra Technologies Italy SRL Piazza Guglielmo Marconi 15 00144 Rome, Italy |
Netherlands | Zebra Technologies Netherlands BV Mercurius 12 8448 GX Heerenveen, The Netherlands Zebra Technologies Netherlands BV Secoya - Gebouw A Papendorpsewg 99, Suite 2-03 Utrecht 3528 BJ, The Netherlands |
Norway | Zebra Technologies Norway AS Nedre Langgt 43 Tonsberg 3126, Norway |
Poland | Zebra Technologies Sp Z.o.o. Oxygen Park A Jutrzenki 137A 02-231 Warsaw, Poland Adaptive Vision Sp Z.o.o. Wyspa Słodowa 7/266wrocław 50-266 Wrocław, Poland Adaptive Vision Sp Z.o.o. Bojkowska 41 44-141 Gliwice, Poland Adaptive Vision Sp Z.o.o. Ozimska 72A 46-020 Opole, Poland |
Portugal | Zebra Technologies Portugal, Unipessalo Lda Quinta da Fonte, Edificio D. Pedro I. Paco D’Arcos 2770-071 Lisbon, Portugal |
Romania | Zebra Technologies Europe Limited Buckinghamshire - Sucursala Bucuresti Green Gate Business Center Bulevardul Tudor Vladimirescu, Sector 5 050883 Bucharest, Romania |
Spain | Zebra Technologies Spain SLU C. de Martínez Villergas, 52 Bloque 3 28027 Madrid, Spain |
Sweden | Zebra Technologies AB Svärdvägen 7 18 Hornafjord 1, Borgafjordsgatan 13 Stockholm 164 40, Sweden Zebra Technologies AB Industrigatan 39 Malmo 212 28, Sweden |
Country | Statutory Regulator |
Austria | Österreichische Datenschutzbehörde. |
Belgium | Commission for the Protection of Privacy https://www.privacycommission.be |
Czech Republic | Úřad pro ochranu osobních údajů. https://www.uoou.cz/en/ |
Denmark | Datatilsynet https://www.datatilsynet.dk/forside/ |
Finland | Tietosuoja http://www.tietosuoja.fi |
Greece | Commission Nationale de l’Informatique et des Libertés (CNIL). https://www.cnil.fr |
Hungary | Hungarian National Authority for Data Protection and Freedom of Information/ Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH). http://naih.hu/general-information.html |
Italy | Autorita’ Garante della Privacy http://www.garanteprivacy.it |
Norway | Datatilsynet https://www.datatilsynet.no/ |
Poland | General Inspektor Ochrony Danych Osobowych - GIODO https://giodo.gov.pl/ |
Portugal | Comissão Nacional de Protecção de Dados https://www.cnpd.pt |
Romania | National Authority for the Supervision of Processing of Personal Data http://dataprotection.ro/index.jsp?page=home&lang=en |
Spain | Agencia Española de Protección de Datos https://www.agpd.es |
Sweden | Datainspektionen https://www.datainspektionen.se |
The statutory regulation is:
Baden-Wuerttemberg | Der Landesbeauftragte für den Datenschutz in Baden-Württemberg | https://www.baden-wuerttemberg.datenschutz.de/ |
Bavaria | Bayerisches Landesamt für Datenschutzaufsicht | https://www.lda.bayern.de/de/index.html |
Berlin | Berliner Beauftragter für Datenschutz und Informationsfreiheit | https://www.datenschutz-berlin.de/ |
Brandenburg | Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht | http://www.lda.brandenburg.de |
Bremen | Die Landesbeauftragte für Datenschutz und Informationsfreiheit | https://www.datenschutz.bremen.de |
Hamburg | Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit | http://www.datenschutz-hamburg.de |
Hessen | Der Hessische Datenschutzbeauftragte | http://www.datenschutz.hessen.de |
Lower Saxony | Die Landesbeauftragte für den Datenschutz Niedersachsen | https://www.lfd.niedersachsen.de |
Mecklenburg-Western Pomerania | Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern | https://www.datenschutz-mv.de |
North Rhine-Westphalia | Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen | https://www.ldi.nrw.de/ |
Rhineland-Palatinate | Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz | https://www.datenschutz.rlp.de/de/startseite/ |
Saarland | Landesbeauftragte für Datenschutz und Informationsfreiheit | http://www.datenschutz.saarland.de |
Saxony | Der Sächsische Datenschutzbeauftragte | https://www.saechsdsb.de |
Saxony-Anhalt | Landesbeauftragter für den Datenschutz Sachsen-Anhalt | http://www.datenschutz.sachsen-anhalt.de |
Schleswig-Holstein | Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein | https://www.datenschutzzentrum.de |
Thuringia | Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit | http://www.tlfdi.de/tlfdi/ |
Data Protection Officer | Company | Contact Information |
Mr. Harald Eul | HEC - Harald Eul Consulting GmbH |
OR direct Harald Eul - h.eul@he-c.de |
This policy was last updated on June 4, 2024.