Zapflow as Data Processor
When you store people in Zapflow as Contacts, they are your data subjects. You are the data controller for this personal data.
By using Zapflow to manage your customers, you engage Zapflow as a data processor to perform certain processing activities on your behalf. Under Article 28 of the GDPR, the controller–processor relationship must be established in writing. Electronic form is acceptable under subsection (9) of the same Article.
Our Terms of Service and Privacy Policy serve as your data processing agreement. These documents set out your instructions to Zapflow for processing the personal data you control and establish the rights and responsibilities of both parties. Zapflow processes this data only on your instructions as controller.
Data Transfers
Zapflow relies on sub-processors such as Amazon Web Services, which hosts the Zapflow platform. As with other modern cloud systems, this may involve transfers of data to trusted third parties for sub-processing.
We maintain an up-to-date list of sub-processors in our Terms of Service to provide transparency. We also require that our third-party service providers are certified under the EU-U.S. Data Privacy Framework.
Zapflow as Data Controller
Zapflow also acts as data controller for the personal data we collect about you as a user of our web application, mobile apps, and website.
We process this data on the following grounds:
To perform our contract with you (GDPR Article 6(1)(b))
To comply with legal obligations (GDPR Article 6(1)(c))
For our legitimate interests (GDPR Article 6(1)(f)), which include:
Improving the app to deliver more value to you
Protecting the security of your data and our systems
Marketing our product and features responsibly
As controller, Zapflow is committed to upholding your rights under the GDPR. You may contact us at legal@zapflow.com with any questions or feedback.
Security and Data Transfers
Access to Client Data processed on your behalf is strictly limited. Our internal procedures and logs ensure compliance with GDPR accountability requirements.
We require third-party providers to meet the same high standards for privacy and security that Zapflow and its customers expect.
Readiness to Comply with Data Subject Requests
Respect for data subjects’ ownership of their personal data is a core principle of the GDPR. Zapflow provides tools to help you manage such requests. We will also comply with any requests you submit to us regarding Zapflow’s role as controller.
Documentation
We regularly update our Terms of Service and Privacy Policy to maintain transparency and ensure continued alignment with GDPR requirements.