ZKTeco EU-U.S. Privacy Shield Policy

EU – U.S. Privacy Shield Framework

ZKTeco complies with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. ZKTeco has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov.

In compliance with the EU-U.S. Privacy Shield Principles, ZKTeco commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with inquiries or complaints regarding this privacy policy should first contact ZKTeco at the contact information listed below.

ZKTeco has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit  https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.

Please note that if your complaint is not resolved through these channels, under limited circumstances, EU individuals may seek recourse through a binding arbitration option before a Privacy Shield Panel.

If you do not receive timely acknowledgement of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

For purposes of this Policy:

  • “Personal Information” means any information that (i) is transferred from the EEA to ZKTeco in the United States; (ii) is about an identified or identifiable individual; and (iii) is recorded in any form.
  • “Data Controller” means an entity that alone or jointly with others determines the purposes and the means of the processing of Personal Information.
  • “Data Processor” means an entity that processes Personal Information on behalf of a Data Controller in accordance with the Data Controller’s instructions.

As part of ZKTeco’s Web-based applications, ZKTeco’s customers (and their designees, including other service providers to such customers) are permitted to submit electronic data and information, including personal data (which can include your name and associated time punch data retrieved during operation of the time clock), to ZKTeco’s servers. In this context, ZKTeco acts as a data processor and does not determine how its customers’ data is utilized in ZKTeco’s servers and its customers are the Data Controllers. ZKTeco does not choose or determine the types of data that are submitted to ZKTeco’s servers, and any access to or use of such data by ZKTeco is in connection with completing the contractual obligations of ZKTeco, as data processor, to its customers. As part of ZKTeco’s professional services operations, ZKTeco processes data and information, including personal data, on behalf of its customers. In this context, ZKTeco acts as a data processor on behalf of its customers and its customers are the Data Controllers.

Where ZKTeco acts as a data processor, ZKTeco does not have a direct relationship with individuals whose Personal Information ZKTeco processes in the US.  In these circumstances, ZKTeco’s customers are responsible for providing the required access, notice and choice to individuals.

ZKTeco acknowledges the right of individuals to access their personal data for the purposes of editing, correcting or deleting it. As a third-party processor, however, ZKTeco ‘s customers are responsible for providing the required access to individuals.

In the event our assistance is requested in determining how data once collected is handled, we will assist within the limits outlined in this Policy. Individuals may reach us by email or standard mail, see all contact information at the end of this Policy.

How does ZKTeco Use your PII?

Personal Information is used by ZKTeco for the following purposes:

  • to send you requested information on our products and services;
  • to provide you with information about new features, products and services;
  • to provide support to you in connection with your use of the ZKTeco products, including notices of system downtime;
  • to provide the services, products and support to our customers;
  • to collect feedback on your use of our products and services;
  • to help us improve our products and services or develop new products or services; or
  • to comply with applicable laws or regulations.

ZKTeco also collects Non-Personally Identifiable Information from you, including without limitation: Internet protocol addresses, profile information, aggregate User-data, demographic information, geographical information, browser types, operating system types, Website browsing history, and Website usage statistics. This Non-Personally Identifiable Information is used to manage our websites, track website usage, and improve the Services. This Non-Personally Identifiable Information may be shared with third parties to provide more relevant services and Third-Party Content to users. User IP addresses may also be recorded for security and monitoring purposes.

Choice Principal

ZKTeco is a Data Processor without means to provide individual’s access to their personal information. As such, individuals wishing to exercise choice regarding the limitation and disclosure of their personal information must be directed to the ZKTeco partner who is the data controller.

Transfer of Personal Information to Other Parties

ZKTeco does not sell any Personal Information to third parties. ZKTeco does share Personal Information in the following circumstances:

Business Partners of our Customers

ZKTeco discloses Personal Information to business partners of our customers as directed by our customers, or where we believe it is necessary to provide a service which a customer has requested, or as otherwise authorized or directed by you.

Authorized Service Providers

ZKTeco may disclose your Personal Information to its affiliates and service providers it has retained to perform services on its behalf. ZKTeco will only provide contact information to business solution provider partners ONLY, based on your request for additional information regarding your interest in compatible time and attendance application software. These service providers may only work with ZKTeco provided they have signed an agreement with ZKTeco that assures the security of your information.

ZKTeco does not collect unnecessary private information regarding any person in order to initiate or support business. In all cases, the extent of data collected is name, title, email address, and phone information.

Legal Requirements and Business Transfers

ZKTeco may disclose Personal Information (i) if we are required to do so by law or legal process, (ii) in response to law enforcement authority or other government official requests, including to meet national security or law enforcement requirements(iii) in connection with an investigation of suspected or actual illegal activity or (iv) in the event that ZKTeco is subject to a merger or acquisition to the new owner of the business. Disclosure may also be required for company audits or to investigate a complaint or security threat.

Onward Transfer to Third Parties

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, ZKTeco is potentially liable.


ZKTeco implements commercially reasonable security measures designed to protect your Personal Information.


ZKTeco is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).


ZKTeco reviews its compliance with this Privacy Shield Policy to verify that the assertions made in it are true and that the practices the Privacy Shield Policy contains are implemented correctly.  ZKTeco will investigate any breach of this Privacy Shield Policy that has been reported to us.

In circumstances where ZKTeco acts as a Data Processor, individuals should submit complaints concerning the processing of their Personal Information to the ZKTeco customer that originally collected their information in accordance with the customer’s relevant dispute resolution mechanism (if available).  ZKTeco will participate in the customer’s dispute resolution process at the request of the individual.  If the issue cannot be resolved through the customer’s internal dispute resolution mechanism, the individual may submit the complaint to ZKTeco by emailing us at privacy@zktechnology.com.

How to Contact ZKTeco

Please address any questions or concerns regarding this Privacy Shield Policy or ZKTeco’s practices concerning Personal Information by:

Emailing our privacy contact at privacy@ZKTechnology.com

If email is not available, then please contact in writing to:

ZKTeco, Inc.
Attention: Privacy Officer
200 Centennial Avenue, Suite 211

Piscataway, NJ 08854

This Privacy Shield Policy was last revised on August 31, 2019