At ZingHub, an advanced AI-powered email and multi-channel outreach platform operated by Oppolis Software Limited (Company Reg No: 04812211), we are profoundly committed to ensuring the privacy and protection of all personal data. Our operations strictly adhere to the principles and requirements of the General Data Protection Regulation (GDPR) (EU) 2016/679, which became effective on May 25, 2018.
As an email software platform, ZingHub inherently deals with personal data, particularly email addresses and associated information. We understand the critical importance of secure and compliant data handling in this domain. Our commitment to GDPR extends globally, ensuring that the personal data of all users, especially those within the European Union and European Economic Area, is processed with the highest legal and ethical standards.
Explicit and Granular Consent for Communications: For all marketing and non-essential communications, ZingHub emphasizes obtaining clear, affirmative, and unambiguous consent.
Transparent Opt-In: We facilitate transparent opt-in processes for your campaigns. This means providing clear language about what subscribers are signing up for, and importantly, ensuring that checkboxes for consent are unticked by default, requiring active user action.
Documented Consent: As a data processor, ZingHub supports your ability as a data controller to maintain meticulous records of consent. This includes when and how consent was given, what specific types of communications were consented to, and any subsequent changes or withdrawals.
Empowering Data Subject Rights: ZingHub is designed to empower individuals with full control over their personal data, aligning with GDPR's core data subject rights:
Right to Access & Portability: We ensure that you, and by extension your contacts, can easily access and obtain a copy of their personal data in a structured, commonly used, and machine-readable format.
Right to Rectification: Users can request corrections to inaccurate or incomplete personal data held within the platform.
Right to Erasure ("Right to be Forgotten"): We provide robust mechanisms for complete data deletion upon request, ensuring that once consent is withdrawn or data is no longer necessary, it is permanently removed from active systems and backups within specified timeframes. For email lists, this means more than just unsubscribing; it involves complete removal of all associated personal data.
Right to Object & Restrict Processing: Individuals can object to the processing of their personal data for direct marketing or request restrictions on certain processing activities. ZingHub facilitates these requests, including easily accessible unsubscribe options within every email sent through the platform.
Data Minimization and Purpose Limitation: ZingHub processes only the personal data that is directly relevant and necessary for its intended purpose – enabling highly personalized and effective email and multi-channel outreach. We do not collect or retain excessive data. The AI processes your input to generate relevant messages, and campaign data is used to provide you with performance insights and optimize future sending.
Security by Design & Default (Privacy-First Platform): Security is woven into the fabric of ZingHub, crucial for an email platform handling sensitive contact information.
Robust Encryption: All data transmitted to and from ZingHub is encrypted (e.g., via TLS), and data at rest on our primary sub-processors (Google Cloud Platform) benefits from strong encryption (e.g., AES-256).
Secure Infrastructure: We leverage leading cloud providers known for their rigorous security certifications and continuous monitoring to safeguard your data against unauthorized access, loss, or breach.
Access Control: Internal access to user data is strictly limited to authorized personnel, on a need-to-know basis, typically only with your express consent for support-related inquiries.
Automated Monitoring: Our systems are continuously monitored to detect and respond to security incidents promptly.
Transparency in Data Flows and Third-Party Processors: We are transparent about who handles your data. As a data processor, ZingHub engages specific, GDPR-compliant sub-processors for essential functions like cloud hosting (Google Cloud Platform), CRM (HubSpot), payment processing (Chargify/Maxio, Spike), and customer support (Zendesk).
Vetting and Agreements: Each sub-processor undergoes a rigorous vetting process to ensure their GDPR compliance, and we have appropriate data processing agreements (DPAs) in place with them, often relying on Standard Contractual Clauses for international transfers.
International Transfers: We ensure that any personal data transferred outside the EU/EEA, particularly for sub-processors located in the U.S., is adequately protected through recognized GDPR-compliant mechanisms.
Accountability and Ongoing Review: ZingHub maintains documentation of our processing activities and regularly reviews our data privacy practices to ensure ongoing GDPR compliance. This proactive approach includes:
Internal Audits: Periodically auditing our systems and processes to confirm adherence to GDPR principles.
Updates: Adapting our policies and practices as GDPR guidance evolves or as new features are introduced to the ZingHub platform.
Simplified Unsubscribe and Preference Management: Recognizing the importance of user control in email marketing, ZingHub facilitates easy mechanisms for recipients to manage their communication preferences:
Clear Unsubscribe Links: Every email sent through ZingHub includes a prominent and easy-to-find unsubscribe link, ensuring recipients can opt-out with minimal effort.
Preference Centers: We encourage and support the ability for users to offer their contacts granular control over email types received, fostering trust and reducing opt-outs.
By integrating GDPR principles into every layer of our email software platform, ZingHub aims to provide you with a powerful tool for building authentic connections while ensuring the highest level of respect for individual privacy and data protection.
For any questions or concerns regarding ZingHub's GDPR compliance, please contact our Data Protection Team at support@oppolis.com.
