Privacy Policy

(Last Update and Effective Date Feb. 23, 2015)


Purpose of this Policy

Zix Corporation and its subsidiaries ZixCorp Systems, Inc. and ZixCorp Global Inc., 2711 N. Haskell Ave. Suite 2200, Dallas, TX 75204-2960 (“ZixCorp,” “we,” “us” or “our”) operate Web sites located at zixcorp.com (with the exception of investor.zixcorp.com), secure-zixcorp.com, zixmessagecenter.com, zixmessagecentre.com, zixit.com, and powerofeveryone.com (collectively, the “Site”), and their subdomains (with the exception of investor.zixcorp.com and related subdomains), through which users can obtain information about ZixCorp and subscribe to services provided by ZixCorp (“ZixCorp services”). This Privacy Policy (“Policy”) is intended to describe the kinds of information that we may collect on the Site, how we use and share that information, how we endeavor to protect that information, how we make changes to this Policy, and how you can contact us if you have any questions about this Policy.

Contents

Purpose of this Policy
Scope of this Policy
Potential applicability of other privacy policies
Applicability of other terms
TRUSTe certification
Cross-border data transfers and Safe Harbor compliance
Personal information that we may collect
Personal information that third parties may provide about you
How we use personal information that we collect
Employment applications
Automatic collection and use of other kinds of information; analytics; tracking; advertising
Online Tracking by Third Parties
IP addresses and location information
Cookies
Web Beacons
Embedded Scripts
Social Features
Information sharing and disclosure
Links and other companies' cookies on the Site
Your ability to manage your ZixMail or ZixMessage Center account information
Security
Data storage
Guidelines regarding children
Your California privacy rights
Notification of changes to this Policy
Privacy Policy questions, suggestions and complaints

Scope of this Policy

This Policy applies to individuals that subscribe to and use any ZixCorp service, as well as individuals that do not subscribe to or use any ZixCorp service but may have sent or received emails to or from users or subscribers of ZixCorp services or who visited the Site. This Policy applies to all information collected through the Site, regardless of how you access the Site. That is to say, this Policy applies whether you are accessing our Site on a computer, mobile device like a tablet, or phone. We may also speak with you face to face (for example at a conference) or by telephone (for example when you make a support call). Those conversations are also covered by this Policy. By providing information to us when subscribing, contacting or communicating with us, or using the Site, you expressly agree to this Policy.

This Policy does not apply to information collected through the use of ZixOne or any other ZixCorp mobile applications. For more information regarding ZixOne, click here.

Potential applicability of other privacy policies

You might use ZixCorp services through a web portal provided by us on behalf of our customer, such as your employer, healthcare provider or financial institution. In that case, your employer, health care provider or financial institution may also have its own privacy policy that applies to your use of the ZixCorp services, and both privacy policies may apply to you. ZixCorp is not responsible for the privacy practices of third parties.

Applicability of other terms

Information collected by ZixCorp through its password protected sites such as zixmessagecenter.com and through customer use of the ZixCorp services is also governed, to the extent applicable to the relevant services, by ZixCorp’s Terms and Conditions, ZixCorp’s License and Services Agreements for the applicable services, ZixCorp’s End User License Agreements, and other applicable Services Agreements (collectively, “Terms”). Please carefully review those Terms.

Zix Corporation has received TRUSTe's Privacy Seal signifying that this privacy statement and our practices have been reviewed for compliance with the TRUSTe program viewable on the validation page available by clicking the TRUSTe seal. With respect to this policy, the TRUSTe program covers only information that is collected through these Web sites, and not through any software downloaded from these sites: www.zixcorp.com, zixmessagecenter.com, and zixmessagecentre.com.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TRUSTe at feedback-form.truste.com/watchdog/request. Please click here for TRUSTe’s fax and postal mail information. Please note, TRUSTe's Dispute Resolution process is only available in English.

Cross-border data transfers and Safe Harbor compliance

If you are located outside of the United States, please be aware that information we collect will be transferred to and processed by ZixCorp in the United States for the purposes described in this Policy. Please note that ZixCorp is not responsible for your employer’s privacy practices or compliance with data protection requirements.

If you are located in the European Economic Area or Switzerland, ZixCorp is certified under the Safe Harbor privacy framework as set forth by the U.S. Department of Commerce, European Commission and Switzerland regarding the collection, storage, use, transfer and other processing of personal information transferred from the European Economic Area or Switzerland to the U.S. Click here to view our Safe Harbor Privacy Policy. To learn more about the Safe Harbor program, and to view ZixCorp’s certification, please visit www.export.gov/safeharbor.

ZixCorp is registered with the United Kingdom Information Commissioner’s Office. Our registration number is Z304946X. You can view ZixCorp’s registration on the UK ICO website.

Personal information that we may collect

ZixCorp collects your email address when you register to use the ZixCorp services. In addition, ZixCorp collects a variety of personal information (i.e., information that is linkable to a specific individual) about users and subscribers to ZixCorp services and about other individuals that send or receive email to or from such users and subscribers. That personal information may include, without limitation, email address, ZixMessage Center (formerly ZixMail.net) PassPhrase, email message content, and information about ZixCorp email accounts. We also collect metadata about emails, such as header information (e.g., sender, recipient, time sent, to, from, cc, date, subject line), file structure, operating systems used, system components, and hardware used. These types of metadata information are not encrypted by ZixCorp because they are required for email delivery.

ZixCorp also collects personal information that you voluntarily provide when: using the Site, our products or services; participating in our surveys, contests, and other promotions; registering for our events; subscribing to our email listings; or requesting that we contact you. The personal information we collect includes contact information, such as names, mailing addresses, email addresses, and phone numbers; financial information such as credit card number numbers; and other information. We also collect broad demographic and statistical information. ZixCorp receives and records your name and the credit card information that you supply if you pay to use the ZixCorp services.

If you choose to refer a friend or business entity to ZixCorp, we will ask you for certain personal information about your friend or a contact at the business entity. We may contact the referred party using the contact information you provide (such as by email, postal mail, landline phone, and mobile phone, as applicable). ZixCorp stores this information for its marketing purposes, to track the success of the referral program, and to determine our obligations under the referral program. Individuals referred through our consumer referral program may contact us at privacy@zixcorp.com to request that we cease contacting the individual in connection with the referral program.

When you request technical support, ZixCorp collects your name, employer, email address, mailing address, and phone number in order to provide this requested service to you. You have the option of providing additional information to support including your demographic information (such as your state and country of residency), operating system, browser, Internet service provider (“ISP”), connection type and email program that you are using. We encourage you to provide the additional information so that we can determine specific regional problems (such as natural disasters or power outages caused by cuts through fiber optic cable) or isolate problems relating specifically to your particular operating system, email program or browser, thus enabling us to provide a more accurate response to your support requests.

Personal information that third parties may provide about you

We may receive information about you from third parties who are lawfully permitted to share your information with us. For example, if you are on another web site and you provide information that the website operator indicates will be provided to ZixCorp, that website operator will typically forward the information you provide. We may contact you using the information you provided, in accordance with your communication preferences. We may also combine the information we receive from third parties with information we collect or already maintain in order to ensure the records we hold about you are accurate and up-to-date. In those cases, we will apply this Policy to the combined information.

In addition, we may supplement the information we collect with outside records from third parties in order to provide you with information, services or goods you have requested, to enhance our ability to serve you, and to tailor our content to you. We may combine the information we receive from those other sources with information we collect through the Site. In those cases, we will apply this Policy to the combined information.

How we use personal information that we collect

ZixCorp uses the personal information we collect as follows:

  • To provide you with products, services and any renewals thereof;
  • To market existing and new ZixCorp services to you, or the friends or businesses that you refer to ZixCorp;
  • In our ZixDirectory, to facilitate secure messaging with third parties, to communicate with you, and to monitor compliance with our Terms;
  • To notify you when you receive a ZixMessage Center email message, when a ZixMessage Center email message has failed or expired, when an intended recipient has picked up an email message you sent (if you so request), when multiple attempts to enter your ZixMessage Center PassPhrase have failed at the ZixMessage Center Site, and when there is any change in our Terms or in the availability of various products and services;
  • To manage your participation in our surveys, contests, events, and other promotions;
  • To communicate with you concerning problems or malfunctions that you report;
  • To provide you with support and maintenance for products and services;
  • To inform you of any new or updated services or product offerings;
  • To notify you of any changes to your use of our Site, products, or services;
  • To respond to your inquiries;
  • To bill you for product and services;
  • To test, analyze and improve our services and marketing;
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, safety of person or property, or violation of our policies or our other rights or interests;
  • To report on traffic levels to certain enterprise customers, such as how many of their users are sending emails and from what departments; and
  • As otherwise described in this Policy.

ZixCorp uses email message and attachment content in order to provide and improve our products and services. For example, if you request ZixCorp to host and operate a ZixGateway appliance on your behalf (the Zix™ Hosted Services), we may automatically scan outbound email and attachments to determine whether they should be encrypted in accordance with your policies, to provide you with usage reports and to improve our email filters, and we may collect and retain the encrypted content and attachments of outgoing email messages until they are delivered or the messages expire in accordance with your policies.

Employment applications

If you use the Site to apply to work with us (for example via www.zixcorp.com/company/careers) we will use the information you supply to process your application and to monitor recruitment statistics. We retain de-personalized statistical information about applicants to help inform our recruitment activities, but individuals should not be identifiable from that data. ZixCorp is headquartered in the United States and employee and recruitment data is held there and in other ZixCorp locations worldwide. Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give the employee more details about how we hold employee data.

Automatic collection and use of other kinds of information; analytics; tracking; advertising

ZixCorp automatically receives certain information about you when you visit or interact with our Site (“Usage Information”) and stores such information in log files in accordance with this Policy. Usage Information includes your IP address, device type, browser type (such as Chrome®, Firefox®, Internet Explorer® and Safari®), referring page, pages visited, and time spent on our Site. ZixCorp may link your Usage Information to information that may be used to identify you as a specific individual, such as your email address. If we link your Usage Information in this manner, ZixCorp will treat that information in accordance with this Policy.

To analyze traffic to our Site (excluding zixmessagecenter.com and zixmessagecentre.com), ZixCorp uses various web analytics services, which may independently collect Usage Information, set and access their own tracking technologies (including cookies, web beacons, and embedded scripts), and otherwise collect or have access to information about you.

In addition, ZixCorp may work with network advertisers and ad agencies to serve our advertisements on other web sites, within third party applications, and across the Internet, and to provide us with information regarding the effectiveness of our advertisements. For example, if you clicked on a ZixCorp advertisement that led you to one of our corporate sites, our service provider(s) and we may be able to determine which ZixCorp advertisement you clicked on and where you were viewing the advertisement. However, Zix’s advertising providers do not receive information regarding your use of the Zix message center, such as any URL you access within the message center.

ZixCorp advertisements may be targeted to your company by our advertisers based on your IP address and your web browsing activity on non-ZixCorp websites. ZixCorp’s advertising providers may also attempt to store a cookie or other tracking technology on your device. While we may use a variety of service providers to perform advertising and analytics services, you may wish to visit www.networkadvertising.org/managing/opt_out.asp, which provides information regarding this practice by Network Advertising Initiative (“NAI”) members, including the “opt-out” procedures of NAI members. If you are visitng this site from the European Union, you may be able to “opt-out” of certain interest-based ads by visiting www.youronlinechoices.eu. Please note this does not opt you out of being served ads.  You will continue to receive generic ads.

Online Tracking by Third Parties

ZixCorp does not control the information collection, use, or sharing practices of third party analytics providers or advertisers. Some of these parties may collect your personal information when you visit the Site or other online websites and services.

IP addresses and location information

When your Web browser or email application requests content from another computer on the Internet, it automatically gives that computer the address where the requested information should be sent. This is called your computer's “IP address.” (IP stands for “Internet Protocol.”)

ZixCorp and our service providers receive your IP address each time you obtain content from the Site. When you request content from the Site, information related to that request is collected and stored in log files on our servers. That information includes the date and time of the request, and the IP address of the computer that requested the content. We use log files for debugging and troubleshooting purposes. We may use your IP address for various purposes, including diagnosing service or technology problems that are associated with your IP address, conducting analytics, and estimating the total number of users visiting the Site from specific locales, countries or regions of the world. An IP address may generally indicate a user’s physical location. We do not, however, collect other device-related location information (such as GPS or mobile device coordinates). IP addresses and access times may be linked to your email address, but this information is for our internal use only and are not shared with third parties.

Cookies

If you use certain ZixCorp services, ZixCorp and our service providers will set cookies on your computer and/or your mobile device and later access those cookies in order to deliver services. A cookie is a small text file, which often includes a unique identifier, that is sent to your browser when you visit a Web site. It is then stored on your computer or mobile device. ZixCorp uses cookies to allow you to use certain functions when you use various ZixCorp services such as ZixPort, ZixDirect, and ZixMobility. Please read our Cookie Notice for further information about the types of cookies we set including information about how to control or delete cookies.

Web Beacons

Small graphic images or other web programming code called web beacons (also known as "clear GIFs"), which may be invisible to you, may be included in our web pages and e-mail messages. Web beacons may be used for a number of purposes, including, without limitation, to count visitors to the Site, to monitor how users navigate the Site, to count how many e-mails that were sent were actually opened or to count how many particular links were actually viewed.

Embedded Scripts

An embedded script is programming code that is designed to collect information about your interactions with the Site, such as the links you click on. The code is temporarily downloaded onto your device from our server or a third party service provider, is active only while you are connected to the Site, and is deactivated or deleted thereafter.

Social Features

Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at privacy@zixcorp.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. The blog or community forums may include certain social features (also known as third-party widgets), which may permit interactions that you initiate between the blog or community forums and a third party web site or service. Social features may include enabling you to “like” or “share” our content on other web sites or services, such as Facebook, Google+, Twitter, or LinkedIn. If you use social features, ZixCorp may receive or have access to certain information about you and your use of the social features. These social features may collect your IP address, which page you are visiting on the blog or community forum, and may set a cookie to enable the social feature to function properly. Social features are either hosted by a third party or hosted directly by us. The information we collect or receive in connection with social features is subject to this Policy. The information collected and stored by the provider of the social features remains subject to the that third party’s privacy practices, including whether the third party continues to share information with us, the types of information shared, and your choices with regard to what is visible to others on that third party web site or service.

Information sharing and disclosure

ZixCorp will not sell or rent your personal information, except in the event that ZixCorp (or some or all of its assets) is merged with, sold to, or otherwise transferred to, one or more third parties. In such an event, customer information might be included among the transferred assets and ZixCorp reserves the right to share personal information it has about you. Notwithstanding any such transfer, your personal information will remain subject to this Policy. Our customer database could be sold separately from the rest of the business, in whole or in a number of parts. It could be that the purchaser’s business is different from ours too. If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or prominent notice on our Web site for 30 days of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Depending on the ZixCorp service you use, ZixCorp may share your information, or the information of your friends, family, or of others to whom you refer ZixCorp, including but not limited to, email address, name, phone number, mailing address, credit card information, public encryption codes for your email address, information about your account usage (including the number of email messages and attachments, if any, that you sent, and the list of recipients, subject and size of the combined text body of those email messages and attachments), and other personal information as follows:

  • with persons or companies we retain to carry out or provide support to ZixCorp, including but not limited to anti-spam or anti-virus services. We instruct those third parties that personal information they obtain from ZixCorp can be used solely for the purpose of providing these services.
  • with your employer and/or compliance review committees for billing and auditing purposes. Your employer and/or the compliance review committee may be based in a different country from where you are based. This could mean that we would disclose your data to them anywhere in the world. By using our service you consent to that disclosure.
  • to the extent that we determine it is reasonably necessary or legally required in order for us to respond to subpoenas, court orders, warrants, or other legal process.
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • to enable a third party partner or independent reseller to contact you to facilitate the renewal, support or purchase of ZixCorp products and services.
  • with credit card authorization processors, third-party financial institutions and related organizations for billing and payment purposes so that they can verify the credit card numbers, process the credit card payment transaction, and prevent fraud or misuse of credit card facilities.
  • with your consent or where disclosure is necessary in order to complete a transaction to which you have consented.
  • as otherwise described in this Policy.

We use testimonials from our customers, with their express consent, in order to show our customers and potential customers how ZixCorp services have benefited others. To request removal of your personal information from the testimonials on our Site, contact us at privacy@zixcorp.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. ZixCorp shares with certain business partners and advertisers certain aggregated data, including usage, demographic and statistical information and analytics data collected using third party web analytics services.

The Site may contain links to Web sites controlled by third parties, including but not limited to investor.zixcorp.com and related subdomains. We have no control over the practices of the third party Web sites to which we link. Those Web sites may automatically collect information about your visit to their site and may use their own tracking technology (such as cookies, web beacons, or embedded scripts). Those Web sites are subject to the privacy policies of the third parties that control those Web sites, and not the ZixCorp Privacy Policy. We encourage you to check the privacy policies of these Web sites before using them or disclosing any personal information to them.

Please see the section titled “Automatic collection and use of other kinds of information; analytics; tracking; advertising” for additional information about the practices of our analytics and advertising providers, including their use of tracking technology.

Your ability to manage your ZixMail or ZixMessage Center account information

You may set or change your ZixMail PassPhrase and encryption codes or ZixMessage Center PassPhrase at any time. If you forget or would like to change your ZixMessage Center PassPhrase, you may create a new or ZixMessage Center PassPhrase by registering again.

You may request deletion or deactivation of your ZixMail or ZixMessage Center account by sending an email to privacy@zixcorp.com. Please see the “Data storage” section of this Policy to read about data storage after your account has been deleted. Please note that it may take up to 30 days for your deletion or deactivation request to come into effect.

Subject to certain exceptions, upon request and provided you provide us sufficient information to confirm your identity, we will provide you the personal information that we have collected about you for the purpose of enabling you to correct, amend, or delete any inaccuracies. You may make this request to us via email at privacy@zixcorp.com or visit the Site for online help at www.zixcorp.com/support/contact-support. If we are not able to provide the information that you are requesting within 30 days of receipt of your request, we will provide you a timeline for providing the requested information. If we deny access to your personal information, we will explain why access was denied and give you contact information for further inquiries regarding the denial of access. If you are unhappy with our answers you can write to our Chief Privacy Officer. In the unlikely event you still have an unresolved complaint, if your personal information was transferred to the US from the EU or Switzerland under Safe Harbor you can also contact the dispute resolution service operated by TRUSTe.

If you no longer wish to receive marketing emails from ZixCorp, you can opt-out by (1) following the instructions provided in the emails, as applicable; (2) sending an email to support@zixcorp.com; or (3) visiting the Site at www.zixcorp.com/support/contact-support.

Security

ZixCorp takes reasonable precautions, including the maintenance of reasonable physical, electronic, and procedural safeguards, to help protect your information from loss, misuse, and unauthorized or illegal access, disclosure, alteration, modification, use or destruction. ZixCorp has implemented reasonable security measures to help protect your email address and the ZixMessage Center PassPhrase associated with your email address from unauthorized access or disclosure, alteration, unlawful destruction or accidental loss. When appropriate, ZixCorp uses industry-standard encryption to protect certain data (e.g., credit card numbers) during transmission. The servers on which we store your information are kept in an environment that is environmentally controlled and monitored 24 hours per day, 7 days per week. Although ZixCorp uses reasonable efforts to help protect your information, transmission via the Internet is not completely secure and ZixCorp cannot guarantee the security of your information. In particular, it remains your responsibility:

  • To protect against unauthorized access to your use of the Site.
  • To ensure no one else uses the Site while your machine is logged on to the Site (including by logging on to your machine through a mobile, Wi-Fi or shared access connection you are using).
  • To log off or exit from the Site when not using it.
  • To keep your password or other access information secret and all of your account details secure. Your PassPhrase and log in details are personal to you and should not be given to anyone else or used to provide shared access, for example, over a network.
  • To maintain good Internet security. For example if your email account is compromised this could allow access to your account with us if you have given us those details and/or permitted access through those accounts. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us.

If you think that any of your accounts has been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. You should also tell us as soon as you can so that we can try to help you keep your account secure and if necessary warn anyone else who could be affected.

Data storage

Most account information (including email addresses, public keys, names, and mailing addresses, but excluding credit card information used for payment to ZixCorp) is stored on multiple disk storage systems at either our data center in the United States or our data center in the United Kingdom. This means that we redundantly store data on more than one server in one of those locations, but most often in the United States based on customer equipment configuration.

ZixCorp stores only the salted hash of a ZixMessage Center PassPhrase. This means that we don’t hold your ZixMessage Center PassPhrase itself but rather a unique encrypted version of it. ZixMessage Center email messages that you send or receive via ZixCorp services will ordinarily expire from our disk storage systems based on the expiration time set by the sender at the time the email was sent (typically 1 to 21 days from the day the email message was sent). If you request deletion of your account, your account will be deactivated and your ZixMessage Center email address and personal information will be removed from our user registration database within 30 days, subject to any need we have to hold onto the data for longer to meet any legal, auditing or regulatory requirements and subject to any commitments we have given to third parties – for example your employer if your employer paid for your ZixCorp services account. If we do delete your account, it will be reinitiated if another email is sent to you using a ZixCorp service. Email header information maintained for purposes of transaction logging, and user account information maintained for disaster recovery purposes, will be held longer than the content of email messages, as described above, in order to provide ZixCorp services and support, including technical support and business continuity, to our customers.

Guidelines regarding children

ZixCorp’s Site, products, and services are not designed for or directed to children under the age of 13, and ZixCorp will not knowingly collect personal information from anyone under the age of 13. If you are under the age of 13, please do not provide personal information of any kind whatsoever and please do not use ZixCorp products and services or participate in ZixCorp’s surveys, contests, events, and other promotions.

Your California privacy rights

When California customers provide personal information to a business, they have the right to request certain disclosures if that business shares personal information with third parties or affiliates for the third parties’ or affiliates’ direct marketing purposes. Once per calendar year the customer may request that the business provide a list of companies with which it shares personal information for the third parties’ or affiliates’ direct marketing purposes, and a list of the categories of personal information that the business shares. As stated in this Policy, we do not share information with third parties or affiliates for those third parties’ or affiliates’ direct marketing purposes. California customers may request further information about our compliance with this law by e-mailing privacy@zixcorp.com or contacting us by mail at 2711 N. Haskell Avenue, Suite 2300, LB 36, Dallas, Texas 75204-2960, USA. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address.

Notification of changes to this Policy

We may update this privacy policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Privacy Policy questions, suggestions and complaints

If you have questions, concerns or suggestions about this Policy or ZixCorp’s privacy practices, send an email to privacy@zixcorp.com. You can also contact ZixCorp’s Chief Privacy Officer at the following postal address: 2711 N. Haskell Avenue, Suite 2300, LB 36, Dallas, Texas 75204-2960, USA and phone number +1 (214) 370-2200.