This Privacy Notice explains how TS ZO L.L.C. (“TS ZO”, “we” or “us” or “our”) processes the personal data and other information of users (“you” or “your”) under applicable data protection laws, including the General Data Protection Regulation (EU) (2016/679) (the “GDPR”) and supplementing local legislation, when using our website at http://www.findyourzo.com (the “Site”).
The controller responsible for this data processing is TS ZO L.L.C., c/o Tishman Speyer Properties, L.P, 45 Rockefeller Plaza, New York, New York 10111-1200, United States ("TS ZO L.L.C."). Your main point of contact with respect to the processing activities described in this Privacy Notice is Tishman Speyer Properties UK Limited, Compliance Office, 10 Bressenden Place, London, SW1E 5DH (“TSP UK”). You will find our contact details under Section 10.
This Privacy Notice applies to (and by "the Site" we are referring to) the Site itself, the ZO mobile app, and any web pages, interactive features, other applications, widgets, blogs, social networks, social network “tabs”, or other online or wireless offerings that link to and are covered by this Privacy Notice, whether accessed via computer, mobile device or other technology, manner or means.
Please note that this Privacy Notice does not apply to any other website that may be owned or operated by TS ZO, L.L.C., or other TS ZO affiliates. In addition, this Privacy Notice does not apply to other websites operated by third parties to which our Site may contain links to. TS ZO is not responsible for their privacy practices.
We reserve the right to revise this Policy at any time. If we make any changes, we will post bulletins on the Site and update the “Last updated” date noted above. We reserve the right to provide notice of any changes in other ways as well. You will be able to access changes to this Privacy Notice by clicking on the date noted above.
We collect and process your personal data for the following purposes:
Your employer may provide us with your name, business email address, phone number, and physical building address as part of being a tenant in one of the buildings that our affiliates manage or otherwise operate. We may use this data to email you with information about the ZO programme and details of how to register. The legal basis for the processing of your personal data in this way is consent (Art. 6(1)(a) GDPR)
We may ask you to provide personal data about you as follows:
If you register for a user account on our Site, you will be asked to provide the following personal data about you: Name, business name, physical business address (building, floor), business email address, business phone number, card payment data and/or bank account details, and selected password. TS ZO processes such personal data for the purpose of providing our in-building ZO. concierge services to you, and, subject to your consent when required by law, to update you on new ZO sponsored programmes via newsletters that you can register for via the Site. The legal bases for the processing of such personal data are the Terms of Use about the ZO. concierge services concluded with you (Art. 6(1)(b) GDPR) and consent (Art. 6(1)(a) GDPR).
If you contact us via the “contact us” form(s) on the Site or by email (through a hyperlink on a webpage, or otherwise), then we collect and process the following personal data: email address, name, company job title, building address, city, and any other information in your message. Such processing is necessary to answer your inquiry and to prevent an abuse of the “contact us” form and to ensure the security of our IT systems. The latter also represent our legitimate interests within the meaning of Art. 6(1)(f) GDPR which form the legal basis for the processing (more information on the balancing test is available upon request).
From time to time, we may request information from you via online polls or surveys. We will ask you to provide information including but not limited to your work email address, phone number, company, and interests. This processing is based on our legitimate interests (Art. 6(1)(a) GDPR) in better understanding your use of the ZO programme and how the programme can be improved (more information on the balancing test is available upon request).
From time to time, we may request information from you via sweepstakes, contests or promotions (“Promotions”). If you enter into a Promotion we will ask you to provide your business contact information such as your name, address, phone number, mobile phone number, email address, username, and/or similar information to operate the Promotion in accordance with the respective terms and conditions of the promotion. This processing is based on the contract for the Promotion entered into with you (Art. 6(1)(b) GDPR).
Providing such personal data is voluntary. However, without providing such personal data, you will not be able to complete Registration, contact us, take part in surveys or Promotions, receive our newsletter, or take full advantage of the Site.
When you visit our Site, with your consent TS ZO may use cookies and other technologies to automatically collect the following information: IP address, Website analytics information about Site use from you, the number of unique visitors, the frequency with which they visit, and pages viewed. We collect and process this information to allow us to better understand the use of the Site, for example, learn how many people visit this Site, see which pages are the most viewed, and identify which websites are referring visitors to this Site.
The legal basis for the processing of this passively collected information is consent (Art. 6(1)(a) GDPR) (to the extent you are a ZO member).
We also use certain cookie and similar technologies that are strictly necessary to allow you to access and use the functionalities of the website. The legal basis for the collection of information through the use of such strictly necessary cookies is contract performance (Art. 6(1)(b) GDPR), or our or third parties’ legitimate interests (Art. 6(1)(f) GDPR).
Our Site uses Google Analytics, a web analysis service, Google Firebase a mobile platform service, and BigQuery a data warehouse service, all provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, MailChimp a marketing platform service provided by The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Atlanta, GA 30308 USA, Zendesk, a support, sales and customer engagement software service provided by Zendesk, Inc., 989 Market Street, San Francisco, California 94103 U.S.A., Stripe a payment processing platform service provided by Stripe, Inc. 510 Townsend Street, San Francisco, CA 94103, and OneSignal a mobile push notifications, web push, SMS, email and in-app messaging serviced provide by OneSignal, Inc., 2850 S Delaware St Suite 201, San Mateo, CA 94403. These services allow us to better understand your use of our Site and how we can improve it by collecting information such as how often users visit a website, what pages you visit when you do so, and what other websites you used prior to coming to such website.
By using the “anonymizeIp()” extension, we ensure that Google Analytics only transfers a shortened version of your IP address to Google (IP masking). By accessing the Site and loading the service, Google obtains knowledge that our Site was accessed via your IP address. If you consent (Art. 6(1)(a) GDPR), Google Analytics uses cookies which are stored on your terminal device which enable an analysis of the use of the Site by you. The information generated by the cookie about your use of this online service will be transmitted to and stored by Google in the US. Please see the section below on data transfer outside the European Economic Area (“EEA”).
The use of Google Analytics is for the purposes of optimising the performance and design of our Site. We have entered into a data processing agreement with Google for it to act as a processor for Google Analytics.
Your IP address is collected by us in order to enable the shortening and then transfer of it to Google. You are not obliged to provide this personal data, use of our Site is possible without its provision. You can prevent the provision of this personal data by installing the Add-on under https://tools.google.com/dlpage/gaoptout?hl=en
Further information on Google Analytics can be found at http://www.google.com/intl/de_ALL/analytics Google’s privacy policy can be found at https://www.google.com/policies/privacy/
We may on some of the areas of the Site may contain electronic images known as web beacons (sometimes known as clear gifs) that allow us, and our third party providers or affiliates, to count and track users who have visited certain portions of the Site. Specifically, we may use a type of web beacon known as a “retargeting pixel,” which will allow users to receive targeted advertising from us via certain social media websites, including Facebook.com. In the event that we use web beacons details of this will be provided in our Cookie Policy.
To learn more about how we use cookies and similar technologies and how to control which cookies and similar technologies are used, please see our Cookie Policy.
TS ZO may engage external vendors and service providers, who act as a processor of TS ZO, to assist us with operating the Site, help us analyse use of the Site, and provide certain services to TS ZO, such as developers, website service providers, web analytics providers, email marketing service providers, payment processors, survey management companies or IT support service providers. When providing such services, the external service providers may have access to and/or may process your personal data. Those external service providers will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data and to process the personal data only as instructed.
We may also transfer your data to the providers of the lifestyle and other services you can book through ZO, who act as controllers of the data for the purposes of providing such services to you. If you are in the UK, Germany or France, we may also transfer your data to our third party concierge partners, who may in certain circumstances also act as a controller in offering services to you and helping to facilitate the ZO programme. For further details of their privacy practices, please see their respective privacy notices.
TS ZO is affiliated with Tishman Speyer Properties (“Tishman Speyer”), a owner and manager of properties globally. TS ZO may share information we collect from this Site with Tishman Speyer and its affiliates, subsidiaries or other group companies on a need-to-know basis as follows:
Some of our colleagues administering the Site and managing customer relations, refunds and end user inquiries and/or providing marketing, customer or support services may be employees of our group companies. In this context our colleagues may have access to and/or may process your personal data. The transfer of your personal data is based on our legitimate interests, i.e. the transmission of personal data within the group of companies for internal administrative, management and support purposes (more information on the balancing test is available upon request). Any access is limited to colleagues with a need to know.
Some of our colleagues may have access to and/or may process your personal data to identify and analyse patterns of use and activity on the Site. This information is used to help inform business decisions and changes and optimizations to the ZO program. The transfer of your personal data is based on our legitimate interests, i.e. the transmission of personal data within the group of companies for product/service research and development purposes (more information on the balancing test is available upon request). Any access is limited to colleagues with a need to know.
Furthermore, some of our group companies may use your personal data to send you information relating to other properties owned or managed by Tishman Speyer or events sponsored by or taking place on properties owned or managed by Tishman Speyer, such as events at other properties, and leasing or co-working opportunities at other properties. The legal basis for the transfer of your personal data for sending such direct marketing is your consent (Art. 6(1)(a) GDPR).
TS ZO may also transfer your personal data to law enforcement agencies, governmental authorities, legal counsel and external consultants in compliance with applicable data protection law. The legal basis for such processing is compliance with a legal obligation to which TS ZO is subject (Art. 6(1)(c) GDPR) or our legitimate interests (Art. 6(1)( f) GDPR), such as exercise or defence of legal claims (more information on the balancing test is available upon request).
We may transfer personal data to an affiliate or third party as part of a transfer of business assets to the extent permitted by local law and subject to local requirements. The data would continue to be covered by the terms set forth in this Privacy Notice.
TS ZO takes reasonable precautions to safeguard the confidentiality of any information you submit to us via this Site as well as to keep this Site free from viruses or other malware. We endeavour to provide a secure website, but cannot guarantee the confidentiality of electronic communications. Transfers to and from the Site are not encrypted, nor are email messages. Accordingly, you should carefully consider whether to submit sensitive information that you would not want made public, and should recognise that your use of the Site is solely at your own risk.
The personal data that we collect or receive about you will be transferred/accessed by TS ZO, L.L.C. acting as controller, in the US. The personal data that we collect or receive about you may also be transferred to and processed by third party recipients as indicated above which are also located outside the EU/EEA or the UK such as our service providers in the US, in particular to Google LLC; Amazon Web Services, Inc.; Stripe, Inc., The Rocket Science Group LLC trading as Mail Chimp, Tableau Software, Inc Automarritic Inc., trading as WordPress, Essensys trading as essensys plc, CBRE, trading as CBRE Inc., Ezeep trading as ThinPrint GmbH, Onesignal trading as OneSignal, Inc., and Zendesk trading as Zendesk Inc.
Some of these recipients in the US may partially be certified under the EU-U.S. Privacy Shield and thereby deemed to provide an adequate level of data protection from an EU law perspective (Art. 45 GDPR). To the extent we transfer your personal data to countries not providing an adequate level of data protection according to an adequacy decision of the EU Commission (Art. 45 GDPR) we will take all steps that are reasonably necessary to ensure that your personal data is treated securely and in accordance with applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses adopted by the European Commission (Art. 46(2)(c) GDPR, available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en or other appropriate safeguards (see Art. 46(2) and (3) GDPR) with the party outside the EU/EEA. You may ask for a copy of such appropriate safeguards by contacting us as set out in Section 10 below.
Your personal data will be retained as long as necessary to provide you with the services requested and to the extent permitted by applicable laws in accordance with TS ZO’s data retention schedule. When TS ZO no longer needs to use your personal data to comply with contractual or statutory obligations, we will remove it from our systems and records and/or take steps to properly anonymise it so that you can no longer be identified from it, unless we need to keep your information, including personal data, to comply with legal or regulatory obligations to which TS ZO is subject, e.g. statutory retention periods.
We do not knowingly collect personal data from individuals under the age of sixteen (16) years without first obtaining verifiable parental consent. If you are under the age of 16, you should not provide personal data to us. If we become aware that a person under 16 has provided personal information to us without verifiable parental consent, we will remove such personal data from our systems and records.
Pursuant to applicable data protection laws you may have the following rights. Please note that these rights might be limited under applicable local data protection law.
If you have consented to any personal data processing activities, you can withdraw this consent at any time for future processing. Such withdrawal will not affect the lawfulness of the processing prior to consent being withdrawn.
You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data. The information includes, among others, the purposes of the processing, the categories of personal data concerned, and the recipients or categories of recipients to whom the personal data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
You may have the right to obtain a copy of the personal data undergoing processing. For further copies requested by you, we may charge a reasonable fee based on administrative costs.
You may have the right to obtain from us the rectification of inaccurate personal data about you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Under certain circumstances, you may have the right to obtain from us the erasure of personal data about you and we may be obliged to erase such personal data.
Under certain circumstances, you may have the right to obtain from us restriction of processing your personal data. In this case, the respective data will be marked and may only be processed by us for certain purposes.
Under certain circumstances, you may have the right to receive personal data about you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit those data to another entity without hindrance from us.
Right to determine the rules governing the fate of your personal data after your death.
Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data.
Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal data will no longer be processed for such purposes by us.
You also have the right to lodge a complaint with a data protection supervisory authority. To exercise your rights please contact us as stated in Section 10 below.
If you have questions or comments about this Privacy Notice or believe that we have acted inconsistently with this Privacy Notice or would like to exercise any of your rights, you may contact:
TS ZO, L.L.C., c/o Tishman Speyer Properties UK Limited,
Compliance Office, 4th Floor
10 Bressenden Place, London, SW1E 5DH
UK
Email: [email protected]
Phone: 020 7333 2400
Sign In
