Zebra General Data Protection Regulation (GDPR) Addendum
As used in this GDPR Addendum, the following terms shall have the following meanings:
“GDPR” means the General Data Protection Regulation (EU) 2016/679, together with any national implementing laws in any Member State of the European Union, as amended, repealed, consolidated or replaced from time to time including the UK version of the GDPR as defined in Section 10(3) of the Data Protection Act 2018; and
“Personal Data”, “Data Subject”, “Process”, and “Processor” will each have the meaning given to them in Article 4 of the GDPR.
The Controller, Processor and Purposes of this GDPR Addendum
As a Data Controller and Data Processor of data, including Personal Data, we collect, process and use Personal Data fairly and lawfully.
Annex 1 (below) contains the list of Zebra entities in the European Economic Area (“EEA”) that may collect and process your Personal Data.
We are focused on implementing the appropriate technical and organizational measures to ensure that Zebra meets the requirements of the GDPR. Where the GDPR is applicable, we commit to follow all the requirements of the GDPR, including to:
- Only Process your Personal Data in line with your instructions
- Honor your right to withdraw consent at any time
- Maintain the confidentiality of your Personal Data and ensure sufficient staff training on data protection
- Ensure appropriate security of, and access to, your Personal Data
- Provide relevant data retention and deletion policies
- Facilitating Data Subject’s rights and incident notifications
- Utilize Processors, sub-Processors and international data transfers in a GDPR-compliant manner
The Personal Data That Zebra Collects and Uses
To process your Personal Data, we rely one of the following legal basis:
- For the performance of a contract we have with you (such as if you purchase our products or services, we'll use your information to carry out our obligation to complete and administer your order)
- For compliance with a legal obligation to which we are subject (such as tax obligations and when we are obliged to comply with lawful requests from competent authorities such as law enforcement)
- For the purposes of our legitimate interests (such as tailoring your experience on our sites and for fraud detection), provided that such processing does not outweigh your rights and freedoms.
The processing may also be pursuant to other applicable legal basis for data processing, especially provisions set out by Member State law. To the extent that a legal ground described above would not apply to processing of your Personal Data by us, we will seek your consent for such specific purpose in accordance with applicable law.
Processing Sensitive Personal Data
The GDPR treats some types of Personal Data as special categories of personal data. This includes information about racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data, and criminal records. We will not collect or use these types of data without your consent unless the applicable law allows us to do. If we do, it will only be when it is necessary. In outline, these include:
- Processing relating to data about you that you have made public
- Processing being necessary for the purpose of establishing, making or defending legal claims
Our current list of sub-processors for zebra.com are:
|Zebra affiliates located in the United States of America
|Hero Digital, LLC
Marketing, automation services and online chat.
||Email subscription management and form processing services|
|Salesforce.com, Inc.||Interface for contact management and task management.|
|Adobe, Inc||Website Analytics
|OneTrust, Inc||Privacy Consent and Preference Management|
Software Solutions Sub-processors
Zebra’s software solutions may use sub-processors, including Zebra affiliates, for the processing of Personal Data from time to time in accordance with the GDPR. Our current software solutions’ sub-processors can be found under the following links:
- Antuit.ai Sub-processor Schedule
- Reflexis Sub-processor Schedule
- Zebra Prescriptive Analytics Sub-processor Schedule
- Zebra Retail Solutions Sub-processor Schedule
International Data Transfers
We will ensure that all transfers are lawful and that there are appropriate legal and security arrangements, including implementing supplementary measures to achieve a level of protection equivalent to GDPR.
To meet the conditions of Chapter 5 of the GDPR, we primarily rely on Standard Contractual Clauses approved by the European Commission in its decisions 2004/915/EC and 2010/87/EU or 2021/914/EC and 2021/915/EU for any new agreement entered into with or by Zebra on or after the 28 September 2021 ("SCCs"). This shall ensure the lawful transfer of Personal Data outside of the UK and European Union. Furthermore, Zebra as a group of companies has entered into an intra-group data transfer agreement, which incorporates the SCCs as the GDPR Chapter 5 transfer mechanism. This agreement ensures appropriate and suitable safeguards with Zebra US, Zebra UK, our subsidiaries, affiliates and third party service providers.
Our sub-processors commit to using approved methods to ensure the controlled transfer of data outside of the EU. Additionally, Zebra’s providers make strong commitments to Zebra related to limiting access to the data that is stored with them.
Zebra products, services and websites are not for use by children under the age of 16 years and Zebra does not knowingly collect, store, share or use the Personal Data of children under the age of 16 years. If you are under the age of 16 years, please do not provide any Personal Data, even if prompted by our website to do so.
Zebra has implemented a range of policies, procedures and controls to ensure Personal Data is secure. We are currently reviewing our policies to ensure they support the privacy requirements applicable to Personal Data under the GDPR and will review such policies on an ongoing basis. In assessing the appropriate level of security account shall be taken of the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to data transmitted, stored or otherwise Processed.
Minimum Technical and Organizational Security Measures
Zebra has implemented and maintains at least the following minimal technical and organizational security measures to protect the Personal Data:
Server Operating Systems. Zebra infrastructure utilizes industry standard enterprise level Operating Systems which are regularly patched in accordance with the software vendors recommendation. All systems are protected with anti-virus, anti-malware and anti-ransomware software, as appropriate.
Businesses Continuity. Zebra maintains cloud-based systems hosted with third parties that provide business continuity/disaster recovery procedures.
Data Transmission. To prevent data from being read, copied, altered or removed without authorization, Zebra encrypts and/or password protects all transmissions containing Personal Data.
Encryption Technologies. Zebra uses AES and/or HTTPS encryption (also referred to as a SSL or TLS connection).
Opt-Out, Data Subject Access Requests, Retention and Complaints
This Zebra GDPR Addendum is subject to change from time to time, so you should check it periodically.
Annex 1 - List of Zebra Data Controllers in the EEA
|Austria||Zebra Technologies Austria GmbH
1080 Wien, Austria
|Belgium||Zebra Technologies Belgium S.P.R.L.
2600 Antwerp, Belgium
|Czech Republic||Zebra Technologies CZ s.r.o.
150 00 Prague 5-Smíchov, Czech Republic
Zebra Technologies CZ s.r.o.
Vlnena Business Park, Vlnena 526/7
602 00 Brno, Czech Republic
2750 Ballerup, Denmark
|Finland||Zebra Technologies Europe Limited
Laajalahdentie 23, 6th Floor, Room #674
00330 Helsinki, Finland
|France||Zebra Technologies France SAS
Immeuble le Copernic, 405 Av. Galilée
13290 Aix-en Provence, France
Zebra Technologies France SAS
40 Rue d'Arcueil
94150 Rungis, France
|Germany||Zebra Technologies Germany GmbH
Unter den Linden 10
10117 Berlin, Germany
Zebra Technologies Germany GmbH
40882 Ratingen, Dusseldorf, Germany
Kokkolastraße 5, 4439 Ratingen OST
40882 Ratingen, Dusseldorf, Germany
|Greece||Zebra Technologies Hellas
106 75 Athina, Greece
|Hungary||Zebra Technologies Magyarország Kft.
Árpád fejedelem útja 26-28
1023 Budapest, Hungary
|Italy||Zebra Technologies Italy SRL
Via Gianfranco Zuretti, 34
20125 Milan, Italy
Zebra Technologies Italy SRL
Piazza Guglielmo Marconi 15
00144 Rome, Italy
|Netherlands||Zebra Technologies Netherlands BV
8448 GX Heerenveen, The Netherlands
Zebra Technologies Netherlands BV
Secoya - Gebouw A Papendorpsewg 99, Suite 2-03
Utrecht 3528 BJ, The Netherlands
|Norway||Zebra Technologies Norway AS
Nedre Langgt 43
Tonsberg 3126, Norway
|Poland||Zebra Technologies Sp Z.o.o.
Oxygen Park A
02-231 Warsaw, Poland
Adaptive Vision Sp Z.o.o.
Wyspa Słodowa 7/266wrocław
50-266 Wrocław, Poland
Adaptive Vision Sp Z.o.o.
44-141 Gliwice, Poland
Adaptive Vision Sp Z.o.o.
46-020 Opole, Poland
|Portugal||Zebra Technologies Portugal, Unipessalo Lda
Quinta da Fonte, Edificio D. Pedro I. Paco D’Arcos
2770-071 Lisbon, Portugal
|Romania||Zebra Technologies Europe Limited Buckinghamshire - Sucursala Bucuresti
Green Gate Business Center
Bulevardul Tudor Vladimirescu, Sector 5
050883 Bucharest, Romania
|Spain||Zebra Technologies Spain SLU
C. de Martínez Villergas, 52
28027 Madrid, Spain
|Sweden||Zebra Technologies AB
18 Hornafjord 1,
Stockholm 164 40, Sweden
Zebra Technologies AB
Malmo 212 28, Sweden
Annex 2 - Details of Statutory Regulations in the EEA
|Belgium||Commission for the Protection of Privacy
|Czech Republic||Úřad pro ochranu osobních údajů.
|Greece||Commission Nationale de l’Informatique et des Libertés (CNIL).
|Hungary||Hungarian National Authority for Data Protection and Freedom of Information/ Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH).
|Italy||Autorita’ Garante della Privacy
|Poland||General Inspektor Ochrony Danych Osobowych - GIODO
|Portugal||Comissão Nacional de Protecção de Dados
|Romania||National Authority for the Supervision of Processing of Personal Data
|Spain||Agencia Española de Protección de Datos
The statutory regulation is:
Der Landesbeauftragte für den Datenschutz in Baden-Württemberg
|Bavaria||Bayerisches Landesamt für Datenschutzaufsicht||https://www.lda.bayern.de/de/index.html|
Berliner Beauftragter für Datenschutz und Informationsfreiheit
|Brandenburg||Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht||http://www.lda.brandenburg.de|
Die Landesbeauftragte für Datenschutz und Informationsfreiheit
|Hamburg||Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit||http://www.datenschutz-hamburg.de|
|Hessen||Der Hessische Datenschutzbeauftragte||http://www.datenschutz.hessen.de|
|Lower Saxony||Die Landesbeauftragte für den Datenschutz Niedersachsen||https://www.lfd.niedersachsen.de|
|Mecklenburg-Western Pomerania||Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern||https://www.datenschutz-mv.de|
|North Rhine-Westphalia||Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen||https://www.ldi.nrw.de/|
|Rhineland-Palatinate||Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz||https://www.datenschutz.rlp.de/de/startseite/|
|Saarland||Landesbeauftragte für Datenschutz und Informationsfreiheit||http://www.datenschutz.saarland.de|
|Saxony||Der Sächsische Datenschutzbeauftragte||https://www.saechsdsb.de|
|Saxony-Anhalt||Landesbeauftragter für den Datenschutz Sachsen-Anhalt||http://www.datenschutz.sachsen-anhalt.de|
|Schleswig-Holstein||Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein||https://www.datenschutzzentrum.de|
|Thuringia||Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit||http://www.tlfdi.de/tlfdi/|
|Data Protection Officer||Company||Contact Information|
|Mr. Harald Eul||HEC - Harald Eul Consulting GmbH||
Harald Eul - email@example.com
This policy was last updated on May 19, 2022.