Privacy Policy - Zephyr Global

Privacy & Data Protection Policy (GDPR)

This policy explains how Zephyr Global LLC collects, uses, shares, and protects personal data, and the rights available to individuals under the EU/EEA General Data Protection Regulation (GDPR) and other applicable laws.

Last updated: October 27, 2025

1. Scope & Roles

Zephyr Global LLC ("Zephyr Global", "we", "us", "our") acts as a data controller for personal data about site visitors, prospects, vendors, and clients when we determine purposes and means of processing. We may act as a processor when we handle data strictly under a client's instructions; in such cases, a separate data processing agreement (DPA) applies.

2. Data Controller & Contact

  • Controller: Zephyr Global LLC
  • Contact (privacy): contactus@zephyrglobal.com
  • Postal address: 151 W. Passaic Street, Suite 250, Rochelle Park, NJ 07662

If you are in the EU/UK and we are required to appoint a representative, we will provide those details here.

3. What We Collect

  • Identity & Contact: name, job title, company, email, phone
  • Professional & Client Data: engagement-related information you provide to us during sales, onboarding, and project delivery
  • Usage/Technical: pages viewed, timestamps, referral URLs, IP address, device and browser information; cookie/analytics data (see Cookies section)
  • Communications & Preferences: emails, forms, and marketing opt-ins/opt-outs
  • Other Data You Provide: any information you choose to submit in forms or via support channels

4. Purposes & Legal Bases

  • Provide and support our services (contract necessity, Art. 6(1)(b))
  • Security, fraud prevention, and compliance (legal obligation, Art. 6(1)(c); legitimate interests, Art. 6(1)(f))
  • Operate, improve, and analyze our site and services (legitimate interests, Art. 6(1)(f))
  • Marketing and communications (consent, Art. 6(1)(a); or legitimate interests where permitted, Art. 6(1)(f))
  • Recruitment (pre-contractual steps and legitimate interests)

Legitimate Interests: We balance our interests against your rights by applying data minimization, access controls, and opt-out options for non-essential processing.

5. Sources of Personal Data

We collect data directly from you (forms, emails, meetings), automatically (cookies/analytics), and from third-party referrals or public/professional sources (e.g., LinkedIn) where lawful.

6. Sharing & Disclosures

We share personal data with:

  • Processors/Service Providers (e.g., hosting, IT, analytics, communications, CRM) — bound by contractual confidentiality and GDPR-compliant terms
  • Authorities/Regulators where required by law
  • Business Transfers in connection with mergers, acquisitions, or reorganizations
  • Others with your consent or where necessary to protect rights, safety, or security

7. International Transfers

If personal data is transferred outside the EEA/UK, we use appropriate safeguards, such as the European Commission's Standard Contractual Clauses, UK IDTA/Addendum, or adequacy decisions. You may request a copy or summary of relevant safeguards by contacting us.

8. Retention

We retain personal data only as long as necessary for the purposes described or to meet legal/accounting/reporting obligations. Criteria include contract duration, statutory limitation periods, and our legitimate interests in maintaining business records. Where feasible, we anonymize or aggregate data.

9. Security

We implement technical and organizational measures appropriate to risk, including access controls, encryption in transit/at rest (where applicable), logging/monitoring, personnel confidentiality, secure development practices, vendor due diligence, and incident response procedures.

10. Your Rights (EU/EEA/UK)

  • Access to your personal data and information about processing
  • Rectification of inaccurate or incomplete data
  • Erasure ("right to be forgotten") in applicable cases
  • Restriction of processing in applicable cases
  • Objection to processing based on legitimate interests, including direct marketing
  • Portability of data you provided to us, where technically feasible
  • Withdraw consent at any time (does not affect prior lawful processing)
  • Complaint to your national supervisory authority

To exercise rights, email contactus@zephyrglobal.com.

11. Cookies & Similar Technologies

We use cookies and similar technologies to operate the site, remember preferences, and analyze usage. Where required, we obtain consent via a cookie banner and allow you to manage settings at any time.

Cookie Categories

  • Strictly Necessary (essential for site functionality)
  • Performance/Analytics (aggregate usage and diagnostics)
  • Functional (preferences, enhanced features)
  • Marketing (only with consent; can be withdrawn)

See our detailed Cookie Policy for cookie names, providers, lifespans, and how to change or withdraw consent.

12. Automated Decision-Making & Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects. If this changes, we will update this policy and provide required information and safeguards.

13. Children's Data

Our services are not directed to children. If you believe a child has provided personal data, contact us to request deletion.

14. Changes to This Policy

We may update this policy from time to time. Material changes will be highlighted here and, where appropriate, communicated by email or on-site notice.

15. Contact

For privacy questions or requests, email contactus@zephyrglobal.com. If you are in the EU/UK, you have the right to complain to your local supervisory authority.