Zebra General Data Protection Regulation (GDPR) Addendum

This Zebra GDPR Addendum supplements the Zebra Privacy Policy to the extent you use our website and the GDPR is applicable to you. Zebra is committed to GDPR compliance.

Definitions

As used in this GDPR Addendum, the following terms shall have the following meanings:

“GDPR” means the General Data Protection Regulation (EU) 2016/679, together with any national implementing laws in any Member State of the European Union, as amended, repealed, consolidated or replaced from time to time; and

“Personal Data”, “Data Subject”, “Process”, and “Processor” will each have the meaning given to them in Article 4 of the GDPR.

The Controller, Processor and Purposes of this GDPR Addendum

As a Data Controller and Data Processor of data, including Personal Data, we collect, process and use Personal Data fairly and lawfully.

Annex 1 (below) contains the list of Zebra entities in the European Economic Area (“EEA”) that may collect and process your Personal Data.

We are focused on implementing the appropriate technical and organizational measures to ensure that Zebra meets the requirements of the GDPR. Where the GDPR is applicable, we commit to follow all the requirements of the GDPR, including to:

  • Only Process your Personal Data in line with your instructions
  • Honor your right to withdraw consent at any time
  • Maintain the confidentiality of your Personal Data and ensure sufficient staff training on data protection
  • Ensure appropriate security of, and access to, your Personal Data
  • Provide relevant data retention and deletion policies
  • Facilitating Data Subject’s rights and incident notifications
  • Utilize Processors, sub-Processors and international data transfers in a GDPR-compliant manner

The Personal Data That Zebra Collects and Uses

Zebra collects, uses and shares data for the purposes as set out in the Zebra Privacy Policy.

Processing Basis

To process your Personal Data, we rely on the following legal basis:

  • For the performance of a contract we have with you (such as if you purchase our products or services, we'll use your information to carry out our obligation to complete and administer your order)
  • For compliance with a legal obligation to which we are subject (such as tax obligations and when we are obliged to comply with lawful requests from competent authorities such as law enforcement)
  • For the purposes of our legitimate interests (such as tailoring your experience on our sites and for fraud detection), provided that such processing does not outweigh your rights and freedoms.

The processing may also be pursuant to other applicable legal basis for data processing, especially provisions set out by Member State law.  To the extent that a legal ground described above would not apply to processing of your Personal Data by us, we will seek your consent for such specific purpose in accordance with applicable law.

Processing Sensitive Personal Data

The GDPR treats some types of Personal Data as special categories of personal data. This includes information about racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data, and criminal records. We will not collect or use these types of data without your consent unless the applicable law allows us to do. If we do, it will only be when it is necessary.  In outline, these include:

  • Processing relating to data about you that you have made public
  • Processing being necessary for the purpose of establishing, making or defending legal claims

Website Processors

Zebra uses a select number of Website Processors or sub-Processors to provide customers with products and services, and to operate Zebra’s business. Each Website Processor or sub-processor has been assessed for their ability to provide appropriately secure services and are themselves providing relevant assurances, policies and data processing agreements that we have entered into with them. Personal Data is processed for the purposes described in this Addendum and in our Privacy Policy and Terms of Service.

Our current list of sub-processors for zebra.com are:

Name Services Location Data Transfer Mechanism
Zebra affiliates located in the United States of America
Applicable website data processing services as described in the Privacy Policy. United States of America Privacy Shield
Zebra affiliates located outside of the EEA and the United States of America Applicable website data processing services as described in the Privacy Policy. Global Model Clauses
Bulldog Solutions

Marketing and database administration services.

United States of America Privacy Shield
Eloqua Subscription management and related services regarding Zebra products and services United States of America Privacy Shield
Salesforce.com, Inc. Interface for contact management and task management. United States of America Privacy Shield
LogMeln USA, Inc. BoldChat is the tool used by Zebra online platforms to enable live, text based chat between a prospect, customer or partner and a Zebra representative. United States of America Privacy Shield

International Data Transfers

For the purposes set out in the Zebra Privacy Policy, your Personal Data may be transferred outside of the country in which it was collected to Zebra Technologies Corporation, the parent company of Zebra located in the United States, its subsidiaries, affiliates and third party service providers located in other jurisdictions. If your Personal Data is sent from the EU to Zebra in the United States, the information is transferred under Zebra’s EU-U.S. Privacy Shield certification. This is relevant for the Processing of data that may occur, upon request of our customers, partners and other website visitors for support and communications purposes. To learn more and view Zebra’s Privacy Shield policy click: www.zebra.com/privacyshield.

We have entered into an agreement ensuring appropriate and suitable safeguards with Zebra Group members when transferring Personal Data to other jurisdictions. This is in standard terms approved by the European Commission.

Our sub-processors commit to using approved methods to ensure the controlled transfer of data outside of the EU. Additionally, Zebra’s providers make strong commitments to Zebra related to limiting access to the data that is stored with them.

Children

Zebra products, services and websites are not for use by children under the age of 16 years and Zebra does not knowingly collect, store, share or use the Personal Data of children under the age of 16 years. If you are under the age of 16 years, please do not provide any Personal Data, even if prompted by our website to do so.

Marketing

Where requested and lawful to do so, we may communicate with you about our products, services and solutions, subject to your consent where required. If you wish to unsubscribe from receiving marketing communications, please visit http://online.zebra.com/Preferences-enu to manage communications preferences.  As is common with most websites, Zebra gathers certain information and stores it in log files when you interact with Zebra’s website.  Zebra uses this information to personalize information presented to you, to monitor the effectiveness of our website-based marketing campaigns and to improve the functionality of the website. In such cases, we would treat such information in accordance with Zebra’s Privacy Policy.

Security

Zebra has implemented a range of policies, procedures and controls to ensure Personal Data is secure. We are currently reviewing our policies to ensure they support the privacy requirements applicable to Personal Data under the GDPR and will review such policies on an ongoing basis.  In assessing the appropriate level of security account shall be taken of the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to data transmitted, stored or otherwise Processed.

Minimum Technical and Organizational Security Measures

Zebra has implemented and maintains at least the following minimal technical and organizational security measures to protect the Personal Data:

Server Operating Systems. Zebra infrastructure utilizes industry standard enterprise level Operating Systems which are regularly patched in accordance with the software vendors recommendation. All systems are protected with anti-virus, anti-malware and anti-ransomware software, as appropriate.

Businesses Continuity. Zebra maintains cloud-based systems hosted with third parties that provide business continuity/disaster recovery procedures.

Data Transmission. To prevent data from being read, copied, altered or removed without authorization, Zebra encrypts and/or password protects all transmissions containing Personal Data.

Encryption Technologies. Zebra uses AES and/or HTTPS encryption (also referred to as a SSL or TLS connection).

Opt-Out, Data Subject Access Requests, Retention and Complaints

Please visit the Preference Center page to understand the options available to you regarding unsubscribing to any communications you have subscribed to via our website. To invoke a Data Subject request under GDPR for access to and rectification or erasure of Personal Data or restriction of Processing or to object to Processing and rights to data portability, send an email detailing your specific request to privacy@zebra.com. We also retain Personal Data no longer than is necessary to carry out the purposes described in the Zebra Privacy Policy. In considering how long to keep a particular category of Personal Data we will have regard to the purposes for which it is processed, and any purposes which continue to apply even when we have delivered a product or service (for example, because we need to keep records for audit purposes or in the event of a legal claim or threatened claims). Data Subjects have the right to lodge a complaint with the appropriate supervisory authority if the Data Subject considers that the Processing of Personal Data relating to him or her infringes the GDPR. Please refer to Annex 2 below to find your local supervisory authority in the EEA.

This Zebra GDPR Addendum is subject to change from time to time, so you should check it periodically.

Annex 1 - List of Zebra Data Controllers in the EEA

Country Controller
Austria Zebra Technologies Austria GmbH
Albertgasse 35
1080 Wien
Austria
Belgium Zebra Technologies Belgium S.P.R.L.
Uitbreidingstraat 84
2600 Antwerp
Belgium
Czech Republic Zebra Technologies CZ s.r.o.
Kolejni 1
61200 Brno
Czech Republic
Denmark Psion ApS
Hummeltoftevej 49
2830 Virum
Denmark
Finland Zebra Technologies Europe Limited
Hummeltoftevej 49
2830 Virum
Finland
France Zebra Technologies France SAS
Parc des Algorithmes
Saint Aubin - 91193
gif sur Yvette Cedex
France
Germany Zebra Technologies Germany GmbH
Ernst-Dietrich-Platz 2
40882 Ratingen Dusseldorf
Germany
Greece Zebra Technologies Hellas
6, Loukianou Street
10675 Athens
Greece
Hungary Zebra Technologies Magyarország Kft.
Árpád fejedelem útja 26-28.
1023 Budapest, Hungary
Italy Zebra Technologies Italy srl
Via Lorenzini Giovanni
20139 Milan
Italy
Netherlands

Zebra Technologies BV
Mercurius 12
8448GX Heerenveen
The Netherlands

And

Zebra Technologies Netherlands BV
IJsselburcht 3, 6825 BS, Arnhem (The Netherlands)

Norway Zebra Technologies Norway AS
C/O BDO AS
Munkedamsveien 45A
0250 Oslo
Poland Zebra Technologies Sp Z.o.o.
ul. Annopol 4a
03-236 Warsaw
Poland
Portugal Zebra Technologies Portugal, Unipessalo Lda
Avenidas Novas
1069 211 Lisbon
Portugal
Romania Zebra Technologies Europe Limited Buckinghamshire - Sucursala Bucuresti
District 1, 77 Ing. Dumitru Zosima, ground floor, office no. 102, Bucharest, Romania
Spain Zebra Technologies Spain SLU
C/Martinez Villergas 52
Bloque.3
Madrid 28027
Spain
Sweden Zebra Technologies AB
Svärdvägen 7
182 33 Danderyd
Sweden
United Kingdom Zebra Technologies Europe Limited
Dukes Meadow, Millboard Road, Bourne End, Buckinghamshire SL8 5XF, United Kingdom

Annex 2 - Details of Statutory Regulations in the EEA

Country Statutory Regulator
Austria

Österreichische Datenschutzbehörde.
https://www.data-protection-authority.gv.at/

Belgium Commission for the Protection of Privacy
https://www.privacycommission.be
Czech Republic Úřad pro ochranu osobních údajů.
https://www.uoou.cz/en/
Denmark Datatilsynet
https://www.datatilsynet.dk/forside/
Finland Tietosuoja
http://www.tietosuoja.fi
Greece Commission Nationale de l’Informatique et des Libertés (CNIL).
https://www.cnil.fr
Hungary Hungarian National Authority for Data Protection and Freedom of Information/ Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH).
http://naih.hu/general-information.html
Italy Autorita’ Garante della Privacy
http://www.garanteprivacy.it
Norway Datatilsynet
https://www.datatilsynet.no/
Poland General Inspektor Ochrony Danych Osobowych - GIODO
https://giodo.gov.pl/
Portugal Comissão Nacional de Protecção de Dados
https://www.cnpd.pt
Romania National Authority for the Supervision of Processing of Personal Data
http://dataprotection.ro/index.jsp?page=home&lang=en
Spain Agencia Española de Protección de Datos
https://www.agpd.es
Sweden Datainspektionen
https://www.datainspektionen.se
United Kingdom ICO (Information Commissioner’s Office)
https://ico.org.uk/

Germany

The statutory regulation is:
Baden-Wuerttemberg

Der Landesbeauftragte für den Datenschutz in Baden-Württemberg

https://www.baden-wuerttemberg.datenschutz.de/
Bavaria Bayerisches Landesamt für Datenschutzaufsicht https://www.lda.bayern.de/de/index.html
Berlin

Berliner Beauftragter für Datenschutz und Informationsfreiheit

https://www.datenschutz-berlin.de/
Brandenburg Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht http://www.lda.brandenburg.de
Bremen

Die Landesbeauftragte für Datenschutz und Informationsfreiheit

https://www.datenschutz.bremen.de
Hamburg Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit http://www.datenschutz-hamburg.de
Hessen Der Hessische Datenschutzbeauftragte http://www.datenschutz.hessen.de
Lower Saxony Die Landesbeauftragte für den Datenschutz Niedersachsen https://www.lfd.niedersachsen.de
Mecklenburg-Western Pomerania Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern https://www.datenschutz-mv.de
North Rhine-Westphalia Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen https://www.ldi.nrw.de/
Rhineland-Palatinate Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz https://www.datenschutz.rlp.de/de/startseite/
Saarland Landesbeauftragte für Datenschutz und Informationsfreiheit http://www.datenschutz.saarland.de
Saxony Der Sächsische Datenschutzbeauftragte https://www.saechsdsb.de
Saxony-Anhalt Landesbeauftragter für den Datenschutz Sachsen-Anhalt http://www.datenschutz.sachsen-anhalt.de
Schleswig-Holstein Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein https://www.datenschutzzentrum.de
Thuringia Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit http://www.tlfdi.de/tlfdi/
Data Protection Officer Company E-Mail Address
Mr. Harald Eul HEC - Harald Eul Consulting GmbH

info@he-c.de

OR direct

Harald Eul - <h.eul@he-c.de>