Privacy policy

ZKTeco Europe, S.L., hereinafter ZKTECO EUROPE, will act as established in the European General Data Protection Regulation (GDPR), and in the Law on Information Society Services and Electronic Commerce (LSSI in Spanish), with regard to the confidentiality and processing of personal data provided on a voluntary basis by the users of this website.

Please note that the personal data obtained through the data collection forms on www.zkteco.eu will be processed by ZKTECO EUROPE for the purpose indicated in the information clause included in the forms. We expressly recommend reading these information clauses before sending personal data. Your data will not be disclosed to third parties. In the event that data are going to be transferred to third parties, inside or outside the European Economic Area, ZKTECO EUROPE will first request the consent of the data subject for this purpose, indicating to whom these data will be transferred and for what purpose. The legal ground for the processing of your data is the consent you give us when sending the form with your personal data, as well as, where appropriate, the execution   of the contractual relationship we have with you and the legitimate interest of both parties. Your data will be retained by ZKTECO EUROPE while it is managing your request or until you object to such processing and, where appropriate, during the statute of limitations periods established by law.

The personal data that you may provide to us during your contractual, professional or commercial relationship with ZKTECO EUROPE will be processed by it with the purpose of maintaining these relationships, as well as for sending commercial communications that may be of interest to you, if you provide us with your consent in this regard. You can freely object to receiving such communications, without this conditioning our contractual, commercial and professional relationships. In order to carry out this management, your data may be transferred to banks and the Tax Administration. This data processing is necessary for the execution of the contract and/or for the maintenance of the contractual, professional or commercial relationship. Likewise, we inform you that your data will be retained for as long as these relationships are maintained and for the periods set by the tax legislation or for the deadlines established for dealing with possible claims.

In any case, you can exercise your rights of access, rectification, cancellation, objection, portability and restriction of the processing of your data by writing to ZKTECO EUROPE, S.L., at the address Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid), or via email to the email address gdpr@zkteco.eu, accompanying a copy of your National ID Card (DNI) duly proving your identity and specifying the right you wish to exercise. In any situation, you have the right to complain to the Spanish Data Protection Agency (AEPD).

Details of the Data Protection Officer (DPO) of ZKTECO EUROPE, S.L.:

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

dpo@zkteco.eu 

+34 916 532 891

ZKTECO EUROPE has adopted the necessary technical and organisational  measures to guarantee the confidentiality, availability, integrity and resilience of the processing systems and services.

This privacy policy was updated in May 2018. ZKTECO EUROPE reserves the right to modify its data protection policy in the event that there is a change in the current legislation, jurisprudential doctrine or for its own business purposes. If any changes are made to this policy, the new text will be published at this same address.


CONTACT AND EVENT FORMS

Basic Information relating to Data Protection of CONTACT AND EVENT FORMS

Controller

ZKTECO EUROPE, S.L.

Purpose

Managing the relationship with website users.

Sending commercial communications if you have given us your consent.

Managing subscriptions to the Newsletter and sending communications related to this subscription, if you have given us your consent.

Legal ground Consent
Recipients

No data transfers are planned, except those established in the law, however:

We can send you commercial information on the products related to the field of new technological solutions of the company ZKTeco Europe located in the European Union if you give us your consent.

We inform you that your data will be provided to service providers located outside the European Economic Area forming part of the EU-US Privacy Shield agreement, specifically to The Rocket Science Group LLC d/b/a MailChimp, located at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, the data processor of ZKTECO EUROPE, S.L., which is providing it with newsletter delivery services. Information available at:

Rights

Access, rectify and erase the data, as well as other rights, as explained in our additional information.

Additional information

You can find the Additional and detailed information on Data Protection of Contact Forms at the following link: click here


NEWSLETTER REGISTRATION

Basic Information relating to Data Protection of NEWSLETTER REGISTRATION

Controller

ZKTECO EUROPE, S.L.

Purpose

Managing subscriptions to the Newsletter

Sending commercial communications if you have given us your consent

Legal ground Consent
Recipients

No data transfers are planned, except those established in the law, however:

We can send you commercial information on the products related to the field of new technological solutions of the company ZKTeco Europe located in the European Union if you give us your consent.

We inform you that your data will be provided to service providers located outside the European Economic Area forming part of the EU-US Privacy Shield agreement, specifically to The Rocket Science Group LLC d/b/a MailChimp, located at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, the data processor of ZKTECO EUROPE, S.L., which is providing it with newsletter delivery services. Information available at:

Rights

Access, rectify and erase the data, as well as other rights, as explained in our additional information.

Additional information

You can find the Additional and detailed information on Data Protection of Newsletter Registration at the following link: click here


TECHNICAL SUPPORT FORM

Basic Information relating to Data Protection of TECHNICAL SUPPORT FORMS

Controller

ZKTECO EUROPE, S.L.

Purpose

Manage incidents reported by customers

Legal ground

Execution of the contractual relationship we have with you and in the legitimate interest of both parties and it is essential to manage the incidents arising from the provision of the service

Recipients

No data transfers are planned, except those established in the law.

No international transfers of your data are planned.

Rights

Access, rectify and erase the data, as well as other rights, as explained in our additional information.

Additional information

You can find the Additional and detailed information on Data Protection of Technical Support Form at the following link: click here


RMA FORM

Basic Information relating to Data Protection of RMA FORMS

Controller

ZKTECO EUROPE, S.L.

Purpose

Start the RMA process and warranty of your device, being mandatory to attach the document (document available here)

Legal ground

Execution of the contractual relationship we have with you and in the legitimate interest of both parties and it is essential to manage the incidents arising from the provision of the service

Recipients

No data transfers are planned, except those established in the law.

No international transfers of your data are planned.

Rights

Access, rectify and erase the data, as well as other rights, as explained in our additional information.

Additional information

You can find the Additional and detailed information on Data Protection of RMA Form at the following link: click here


 

Additional and Detailed Information relating to Data Protection of CONTACT AND EVENT FORMS

Who is the data controller for your data?

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

B85866267

gdpr@zkteco.eu

+34 916 532 891

Who is the data protection officer?

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

dpo@zkteco.eu

+34 916 532 891

Why do we process your personal data?

  • Managing the relationship with the users of the website.
  • Sending you advertising or commercial information about products related to the new technological solutions sector that may be of interest to you, offered by ZKTECO EUROPE, S.L. and the company ZKTeco Europe located in the European Union, as well as corporate greetings by any means, including electronic ones.
  • Managing subscriptions to the Newsletter and sending communications related to this subscription, if you have given us your consent.

You can freely object to receiving commercial communications, without this conditioning the execution of the relationship between both parties. Likewise, you may revoke consent given at any time.

How long will we keep your data?

Your data will be retained as long as you do not oppose the processing of them for these purposes.

What is the legal ground for the processing of your data?

  • Consent to managing the relationship with the users of the website.
  • Consent to sending commercial communications.
  • Consent to sending the Newsletter.

Who are the recipients of your data?

  • We can send you commercial information on the products related to the field of new technological solutions of the company ZKTeco Europe located in the European Union if you give us your consent
  • We inform you that your data will be provided to service providers located outside the European Economic Area forming part of the EU-US Privacy Shield agreement, specifically to The Rocket Science Group LLC d/b/a MailChimp, located at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, the data processor of ZKTECO EUROPE, S.L., which is providing it with newsletter delivery services. Information available at:

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active

What are your rights when providing us with your data?

  • Anyone has the right to obtain confirmation on whether ZKTECO EUROPE, S.L. is processing personal data concerning them, or not.
  • Data subjects also have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were obtained.
  • In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only keep them for the making or defending of claims.
  • In certain circumstances and for reasons related to their particular situation, data subjects may withdraw the consent provided or object to the processing of their data.   ZKTECO EUROPE, S.L. will cease to process the data, unless there are compelling legitimate reasons or for the making or defending of any possible claims.
  • Data subjects may request the portability of their data, in which case they will be sent to the data subject or, if so indicated, to another data controller, in a structured format, of common use and machine readable.
  • Data subjects have the right to complain to the Spanish Data Protection Agency (AEPD).
  • By attending ZKTeco events, you authorize ZKTECO EUROPE, S.L. to capture your image and voice (video) for use in disseminating event information on web pages, magazines, videos, media, memories, or posters.

How can you exercise your rights of access, rectification, erasure and portability of your data, and the restriction, withdrawal of consent or objection to their processing?

  • Data subjects can exercise these rights by contacting ZKTECO EUROPE, S.L. through the postal or electronic address indicated in the first section (Controller).
  • The data subject wishing to exercise their rights must present their National ID (DNI) or other document proving their identity.

How have we obtained your data?

  • The personal data that we process have been provided to us by you.
  • The categories of data that are processed are:
    • Identification details.
    • Employment details.

Additional and Detailed Information relating to Data Protection of NEWSLETTER REGISTRATION

Who is responsible for the processing of your data?

ZKTECO EUROPE, S.L.

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

B85866267

gdpr@zkteco.eu

+34 916 532 891

Who is the data protection officer?

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

dpo@zkteco.eu

+34 916 532 891

Why do we process your personal data?

  • Managing subscriptions to the Newsletter.
  • Sending you advertising or commercial information about products related to the new technological solutions sector that may be of interest to you, offered by ZKTECO EUROPE, S.L. and the companies in the ZKTeco Group located in the European Union, (ZKTeco Ireland, ZKTeco Deutschland and ZKTeco Italy), as well as corporate greetings by any means, including electronic ones.

You can freely object to receiving commercial communications, without this conditioning the execution of the relationship between both parties. Likewise, you may revoke consent given at any time.

How long will we keep your data?

Your data will be retained as long as you do not oppose the processing of them for these purposes.

What is the legal ground for the processing of your data?

  • Consent (through your registration) to the management of subscriptions to the Newsletter.
  • Consent to sending commercial communications.

Who are the recipients of your data?

  • We can send you commercial information on the products related to the field of new technological solutions of the companies in the ZKTeco Group located in the European Union (ZKTeco Ireland, ZKTeco Deutschland and ZKTeco Italy) if you give us your consent
  • We inform you that your data will be provided to service providers located outside the European Economic Area forming part of the EU-US Privacy Shield agreement, specifically to The Rocket Science Group LLC d/b/a MailChimp, located at 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, the data processor of ZKTECO EUROPE, S.L., which is providing it with newsletter delivery services. Information available at:

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=A...

What are your rights when providing us with your data?

  • Anyone has the right to obtain confirmation on whether ZKTECO EUROPE, S.L. is processing personal data concerning them, or not.
  • Data subjects also have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were obtained.
  • In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only keep them for the making or defending of claims.
  • In certain circumstances and for reasons related to their particular situation, data subjects may withdraw the consent provided or object to the processing of their data.     ZKTECO EUROPE, S.L. will cease to process the data, unless there are compelling legitimate reasons or for the making or defending of any possible claims.
  • Data subjects may request the portability of their data, in which case they will be sent to the data subject or, if so indicated, to another data controller, in a structured format, of common use and machine readable.
  • The data subjects have the right to complain to the Spanish Data Protection Agency (AEPD).

How can you exercise your rights of access, rectification, erasure and portability of your data, and the restriction, withdrawal of consent or objection to their processing?

  • Data subjects can exercise these rights by contacting ZKTECO EUROPE, S.L. through the postal or electronic address indicated in the first section (Controller).
  • The data subject wishing to exercise their rights must present their National ID (DNI) or other document proving their identity.

How have we obtained your data?

  • The personal data that we process have been provided to us by you.
  • The types of data that are processed are:
    • Full name
    • Email address

Additional and Detailed Information relating to Data Protection of TECHNICAL SUPPORT FORM

Who is responsible for the processing of your data?

ZKTECO EUROPE, S.L.

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

B85866267

gdpr@zkteco.eu

916532891

Who is the data protection officer?

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

dpo@zkteco.eu

916532891

Why do we process your personal data?

Execution of the contractual relationship we have with you and in the legitimate interest of both parties and it is essential to manage the incidents arising from the provision of the service.

For how long will we keep your data?

Your data will be retained while the commercial relationship is maintained and for the periods established by the tax legislation.

What is the legal ground for the processing of your data?

Execution of the contractual relationship we have with you and in the legitimate interest of both parties and it is essential to manage the incidents arising from the provision of the service.

Who are the recipients of your data?

  • Your data will not be transferred to any third parties except where there is a legal obligation.
  • There are no plans to carry out international transfers of your data to countries outside the European Union.

What are your rights when providing us with your data?

  • Anyone has the right to obtain confirmation on whether ZKTECO EUROPE, S.L. is processing personal data concerning them, or not.
  • Data subjects also have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were obtained.
  • In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only keep them for the making or defending of claims.
  • In certain circumstances and for reasons related to their particular situation, data subjects may withdraw the consent provided or object to the processing of their data.   ZKTECO EUROPE, S.L. will cease to process the data, unless there are compelling legitimate reasons or for the making or defending of any possible claims.
  • Data subjects may request the portability of their data, in which case they will be sent to the data subject or, if so indicated, to another data controller, in a structured format, of common use and machine readable.
  • Data subjects have the right to complain to the Spanish Data Protection Agency (AEPD).

How can you exercise your rights of access, rectification, erasure and portability of your data, and the restriction, withdrawal of consent or objection to their processing?

  • Data subjects can exercise these rights by contacting ZKTECO EUROPE, S.L. through the postal or electronic address indicated in the first section (Controller).
  • The data subject wishing to exercise their rights must present their National ID (DNI) or other document proving their identity.

How have we obtained your data?

  • The personal data that we process have been provided to us by you.
  • The categories of data that are processed are:
    • Identification details.
    • Employment details.

Provision of services with access to data for the resolution of incidents

The following clauses, pursuant to the provisions of article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), will only apply in the event that ZKTeco Europe, S.L., for the provision of the incident management services for its customers (hereinafter "Customer"), accesses personal data that are part of the processing activities for which the Customer is the controller.

By means of this clause, ZKTeco Europe, S.L. is authorized as the data processor, to process the personal data necessary to provide the incident management service on behalf of the Customer (data controller). The data for which the customer is the controller and to which ZKTeco Europe, S.L. may have access for the provision of incident management services, are the following:

Data subject categories: employees, customers, suppliers.

Data types: biometric data (specially protected data), identifying data, contact data, employment details, commercial information.

For the provision of the service, ZKTeco Europe, S.L. may access and process the personal data indicated above, for which the Customer is the controller, only in order to provide the services covered by the business and/or contractual relationship and always following the instructions of the Customer (if ZKTeco Europe, S.L. considers that any of the instructions infringes the GDPR or any other provision on data protection in the European Union or the Member States, it will immediately inform the Customer). The Customer must provide ZKTeco Europe, S.L. with the databases required for the provision of the service. The Customer guarantees that the data included in these databases have been obtained and are processed on the basis of legal grounds.

The processing of these data will mainly consist of the collection of the data provided by the Customer, their registration in the systems of ZKTeco Europe, S.L., their retention and storage, as well as their destruction or, upon request of the data controller, their return.

It is the Customer's responsibility to provide the data subjects with the right to information at the time of the collection of their data.

For its part, both ZKTeco Europe, S.L. and its staff, suitably trained in data protection, are required:

  • to show the due confidentiality and secrecy with respect to the data involved in the provision of the service, as well as not to communicate the data to third parties, unless it has the express authorisation of the data controller, in the legally admissible circumstances. If the processor must transfer personal data to a third country or an international organisation, by virtue of the applicable European Union or Member State law, they will inform the controller of that legal requirement in advance, unless such law prohibits this for important public interest reasons;
  • to implement the necessary security measures to: guarantee the confidentiality, integrity, availability and resilience of the processing systems and services; to restore the availability and access to personal data quickly in the event of a physical or technical incident; to verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organisational measures implemented to ensure the security of the processing; to encrypt personal data, if applicable;
  • to keep updated a record of the processing activities carried out by ZKTeco Europe, S.L., on behalf of its customers;
  • to assist the Customer in the event of possible requests to exercise data protection rights (access, rectification, erasure, objection, portability and restriction of the processing of the data, and to not to be subject to automated individualised decisions (including the preparation of profiles)) from the data subjects;
  • to notify the Customer as soon as possible, and in any case before the maximum period of 24 hours, of the security breaches of the data under their care, so that the Customer has sufficient time to, where appropriate, inform the Spanish Data Protection Agency or the data subjects;
  • to support the Customer, when appropriate, in carrying out the impact assessments related to data protection and in carrying out the prior consultations with the supervisory authority;
  • as well as to make available to the Customer all the information necessary to demonstrate compliance with its obligations in terms of data protection and to allow the realisation, by the Customer, or by an auditor authorised by it, of inspections or audits.
  • for the provision of the contracted service, ZKTeco Europe, S.L., in addition to the auxiliary services necessary for the normal operation of the services of the processor, will be able, when the incident comes from an integrated system formed by solutions of several companies, subject to notifying the Customer, to subcontract the  management of the incident to its parent ZKTeco Co. Ltd. located in China or any of its subsidiaries worldwide, located inside or outside the European Economic Area. However, with those companies that are not within the European Economic Area or that do not have a level of protection comparable to the European one, ZKTeco Europe, S.L. has signed a contract that includes the standard contractual clauses established by the European Commission and that guarantee compliance with the data protection regulations. Similarly, with the rest of the group's companies located within the European Economic Area, ZKTeco Europe, S.L. has signed the corresponding contract for data processing on behalf of a third party, which is why ZKTeco Europe, S.L. is authorised to perform said subcontracting. The list of all the companies that form the ZKTeco group can be found at https://www.zkteco.com/en/sale_map.html
  • In this sense, the purpose and processing of the data will only be the resolution of the incident and they will subsequently be erased .
  • To subcontract to other companies, this must be previously communicated in writing to the Customer, one week in advance, indicating the processing that is intended to be subcontracted and clearly and unambiguously identifying the subcontractor and its  contact information. The subcontracting may be carried out if the Customer does not express their objection within the established period.
  • The subcontractor, who will also have the status of data processor, is also obliged to comply with the obligations established in this document for the data processor and the instructions given by the Customer (as data controller). It is the responsibility of the initial data processor to control the new relationship so that the new data processor is subject to the same conditions (instructions, obligations, security measures, etc.) and the same formal requirements as it, in relation to the appropriate processing of the personal data and the guarantee of the rights of the data subjects. In the event of a breach by the sub-processor, the initial processor will continue to be fully liable to the controller regarding fulfilment of the obligations.


Additional and Detailed Information relating to Data Protection of RMA FORM

Who is responsible for the processing of your data?

ZKTECO EUROPE, S.L.

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

B85866267

gdpr@zkteco.eu

916532891

Who is the data protection officer?

Carretera Fuencarral 44, Edificio 1, 28108 de Alcobendas (Madrid)

dpo@zkteco.eu

916532891

Why do we process your personal data?

Start the RMA process and guarantee of your device, being mandatory to attach the RMA document (document available here).

For how long will we keep your data?

Your data will be retained while the commercial relationship is maintained and for the periods established by the tax legislation.

What is the legal ground for the processing of your data?

Execution of the contractual relationship we have with you and in the legitimate interest of both parties, likewise, the collection of your data is essential to manage the RMA process and warranty derived from the provision of the service.

Who are the recipients of your data?

  • Your data will not be transferred to any third parties except where there is a legal obligation.
  • There are no plans to carry out international transfers of your data to countries outside the European Union.

What are your rights when providing us with your data?

  • Anyone has the right to obtain confirmation on whether ZKTECO EUROPE, S.L. is processing personal data concerning them, or not.
  • Data subjects also have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request their erasure when, among other reasons, the data are no longer necessary for the purposes for which they were obtained.
  • In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only keep them for the making or defending of claims.
  • In certain circumstances and for reasons related to their particular situation, data subjects may withdraw the consent provided or object to the processing of their data.   ZKTECO EUROPE, S.L. will cease to process the data, unless there are compelling legitimate reasons or for the making or defending of any possible claims.
  • Data subjects may request the portability of their data, in which case they will be sent to the data subject or, if so indicated, to another data controller, in a structured format, of common use and machine readable.
  • Data subjects have the right to complain to the Spanish Data Protection Agency (AEPD).

How can you exercise your rights of access, rectification, erasure and portability of your data, and the restriction, withdrawal of consent or objection to their processing?

  • Data subjects can exercise these rights by contacting ZKTECO EUROPE, S.L. through the postal or electronic address indicated in the first section (Controller).
  • The data subject wishing to exercise their rights must present their National ID (DNI) or other document proving their identity.

How have we obtained your data?

  • The personal data that we process have been provided to us by you.
  • The categories of data that are processed are:
    • Contact name
    • Company name
    • E-Mail
    • Complete address
    • Phone number

Provision of services with access to data for the RMA

Only in the case that ZKTeco Europe, SL, to manage the RMA process and guarantee derived from the provision of the service to its customers (hereinafter "Client"), access personal data that are part of treatment activities, responsibility of the Client, the provisions set out below will be applicable, pursuant to the provisions of article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons in relation to regarding the processing of personal data and the free circulation of these data (RGPD).

By means of this clause, ZKTeco Europe, SL is authorized as the data processor of processing, to process on behalf of the Client (data controller), the personal data necessary to manage the RMA process and guarantee derived from the provision of the service offered by the one in charge of the treatment. In this sense, the Customer's responsibility data to which ZKTeco Europe, S.L. could have access, for the provision of the services would be the following:

Data subject categories: employees, customers, suppliers.

Data types: biometric data (specially protected data), identifying data, contact data, employment details, commercial information.

For the provision of the service, ZKTeco Europe, S.L. You can access and process the personal data indicated above, the responsibility of the Client only in order to fulfill the services object of the contractual and / or contractual relationship and, always, following the instructions of the Client (if ZKTeco Europe, SL considers that any of the instructions infringes the RGPD or any other data protection provision of the Union or of the Member States, will immediately inform the Client). The Customer must provide ZKTeco Europe, S.L., with the databases that are the subject of the service. The Client guarantees that the data included in these databases have been obtained and are treated legitimately.

The processing of these data will mainly consist in the collection of the data provided by the Client, the registration of the same in the systems of ZKTeco Europe, SL, in its conservation and storage, as well as in its destruction or, upon request of the person in charge of the treatment, in its return.

It is the Client's responsibility to provide the interested parties with the right to information at the time of the data collection.

  • to show the due confidentiality and secrecy with respect to the data involved in the provision of the service, as well as not to communicate the data to third parties, unless it has the express authorisation of the data controller, in the legally admissible circumstances. If the processor must transfer personal data to a third country or an international organisation, by virtue of the applicable European Union or Member State law, they will inform the controller of that legal requirement in advance, unless such law prohibits this for important public interest reasons;
  • to implement the necessary security measures to: guarantee the confidentiality, integrity, availability and resilience of the processing systems and services; to restore the availability and access to personal data quickly in the event of a physical or technical incident; to verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organisational measures implemented to ensure the security of the processing; to encrypt personal data, if applicable;
  • to keep updated a record of the processing activities carried out by ZKTeco Europe, S.L., on behalf of its customers;
  • to assist the Customer in the event of possible requests to exercise data protection rights (access, rectification, erasure, objection, portability and restriction of the processing of the data, and to not to be subject to automated individualised decisions (including the preparation of profiles)) from the data subjects;
  • to notify the Customer as soon as possible, and in any case before the maximum period of 24 hours, of the security breaches of the data under their care, so that the Customer has sufficient time to, where appropriate, inform the Spanish Data Protection Agency or the data subjects;
  • to support the Customer, when appropriate, in carrying out the impact assessments related to data protection and in carrying out the prior consultations with the supervisory authority;
  • as well as to make available to the Customer all the information necessary to demonstrate compliance with its obligations in terms of data protection and to allow the realisation, by the Customer, or by an auditor authorised by it, of inspections or audits.
  • for the provision of the contracted service, ZKTeco Europe, S.L., in addition to the auxiliary services necessary for the normal operation of the services of the processor, will be able, when the incident comes from an integrated system formed by solutions of several companies, subject to notifying the Customer, to subcontract the  management of the incident to its parent ZKTeco Co. Ltd. located in China or any of its subsidiaries worldwide, located inside or outside the European Economic Area. However, with those companies that are not within the European Economic Area or that do not have a level of protection comparable to the European one, ZKTeco Europe, S.L. has signed a contract that includes the standard contractual clauses established by the European Commission and that guarantee compliance with the data protection regulations. Similarly, with the rest of the group's companies located within the European Economic Area, ZKTeco Europe, S.L. has signed the corresponding contract for data processing on behalf of a third party, which is why ZKTeco Europe, S.L. is authorised to perform said subcontracting. The list of all the companies that form the ZKTeco group can be found at https://www.zkteco.com/en/sale_map.html
  • In this sense, the purpose and processing of the data will only be the resolution of the incident and they will subsequently be erased .
  • To subcontract to other companies, this must be previously communicated in writing to the Customer, one week in advance, indicating the processing that is intended to be subcontracted and clearly and unambiguously identifying the subcontractor and its  contact information. The subcontracting may be carried out if the Customer does not express their objection within the established period.
  • The subcontractor, who will also have the status of data processor, is also obliged to comply with the obligations established in this document for the data processor and the instructions given by the Customer (as data controller). It is the responsibility of the initial data processor to control the new relationship so that the new data processor is subject to the same conditions (instructions, obligations, security measures, etc.) and the same formal requirements as it, in relation to the appropriate processing of the personal data and the guarantee of the rights of the data subjects. In the event of a breach by the sub-processor, the initial processor will continue to be fully liable to the controller regarding fulfilment of the obligations.