Zabbix Privacy Policy

Developed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Personal data protection is important to us, therefore we have developed this Privacy Policy in order to ensure honest and lawful processing of your personal data in a transparent way and to inform you regarding rights and duties in relation to the processing of your personal data. The purpose of the Privacy Policy is to provide the natural person - Data Subject (in this policy - Data Subject or you) - information regarding the purpose, legal basis of the processing, the scope of processing and the period of processing performed by us as the Controller ensuring data processing in such a way that is transparent to the Data Subject.

The Privacy Policy has been developed by taking into account the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter – the Regulation), and other applicable laws and regulations in the area of privacy and data processing.

Policy is applicable to the processing of the data of natural persons regardless of the form and/or environment the personal data is submitted (when entering the territory and/or premises, by telephone, orally, etc.), and what is the acquisition source of the personal data, as well as regardless in what systems of the Controller (video, audio, web, etc.) it is processed.

Taking into account that we constantly develop our activity and are improving, we may change and supplement this Privacy Policy from time to time.

The Controller saves the previous versions of the Privacy Policy, and these are made available when contacting us.

  1. Information concerning the Controller

    The controller of the personal data processing set out in this Privacy Policy is SIA Zabbix (elsewhere also referred to as the Controller or we), a company registered in the Republic of Latvia under unified registration number 40003738045, registered office: Dzelzavas street 117, Riga, LV1021. As the Controller, we undertake to work in compliance with the standards set out in this Policy and we undertake to supervise that our cooperation partners comply with the standards set out in the Policy as well.

    We invite you to contact us by using the contact information provided below if you wish to clarify the actual aspects of the personal data processing.

  2. Contact information for matters related to personal data processing

    Address for correspondence: Dzelzavas street 117, Riga, LV1021, Latvia
    E-mail: [email protected]

  3. How you will be informed concerning the processing of your data

    In order to promote transparent data processing, the Controller in its activity informs and explains what personal data are processed when conducting the economic activity of the controller and how it will be used. The mentioned information is provided in this Privacy Policy.

    When processing the personal data for purposes that are not specified in this Privacy Policy, as well as to clarify information regarding individual conditions of the data processing, the Controller may inform the data subject individually (for example, in a separate policy or other document, with notifications in the e-mail messages or in the social network platforms; the aspects of data processing may also be specified in a mutual agreement). The information may also be provided to you by the Controller’s personnel explaining it orally or requesting to familiarize yourself with the information specified in particular documents.

  4. Purposes of personal data processing

    1. Subscription to Zabbix marketing communications

      What personal data is processed by the Controller?

      If you have explicitly consented to receive our marketing communications, including newsletters, we may, from time to time, contact you with information about our services and latest offers. For this purpose, we may process any personal data (e-mail address, name, surname, phone number, work place, tax payer number, etc.), which you specified when you signed up for the marketing communications and information about your consent.

      What is the legal basis for the personal data processing?

      Data processing for the stated purpose is performed on the basis of Article 6 (1) (a) of the Regulation - the Data Subject has given consent to the processing. If you no longer want to receive our newsletters, please let us know by sending us an email at [email protected] You can also unsubscribe from our marketing emails by clicking on the unsubscribe link in the emails sent to you.

      Information about your consent is being processed on the basis of Article 6 (1) (f) of the Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Controller. Controller’s legitimate interests - be able to demonstrate that the data subject has consented to processing.

      Who can access the information and to whom is it disclosed?

      Authorized employees of the Controller.

      What is the period of the personal data processing?

      For this purpose, we process your personal data until you unsubscribe from our marketing communication, but information (such as an email with which you withdraw your consent) may be retained for the purpose stated in section 4.3 of this Privacy Policy.

      Consent information can be stored five years from the date of withdrawal of consent.

    2. Personal data processing for provision of the economic activity and performance of contractual obligations

      What personal data is processed by the Controller?

      Categories of data which are processed by the Controller depend on the specific situation in which the data processing is performed and on economic activities that are related to this situation (for example, participation in a conference, training, participation in a webinar or use of the support system), requirements of the laws and regulations in the particular situation, and the legitimate interests of the Controller. The Controller has a duty and the right to process the identifying information of the data subject and information establishing the identity and representation right of the person (if the person represents another person, for example a company or organization). The Controller may process the scope of the personal data including both name, surname, and personal identity number, as well as contact information, information for the service used, etc. The relevant information is recorded in documentation and saved to the Controller’s data processing system. When entering into a contract, the information necessary to enter into the contract and the information arising from the contract is retained, as well as payment information arising from the transaction, including the account number and information regarding the credit institution, etc. We also process personal data to improve our product and services.

      We may clarify information regarding individual conditions of the data processing in a separate policy or other documents.

      What is the legal basis for the personal data processing?

      The purpose of the data processing is provision of the Controller’s economic activity, including establishment and performance of the contractual relations, administration of the payment for the services, provision and protection of the legitimate interests of the Controller and the third parties arising from the economic activity (for example, communication with the cooperation partners, compensation for damages, debt recovery), improving the quality of products and services.
      Data processing with the purpose to ensure the Controller’s economic activity is performed on the basis of Article 6(1)(b), (c), (f) of the Regulation, i.e. the processing is necessary in order to perform the contract the party of which is the data subject or for performance of duties upon the request of the data subject prior to conclusion of the contract (if the contract is entered into with a natural person); the processing is necessary in order to perform a legal duty applicable to the Controller, as well as (in separate cases) to ensure the legitimate interests of the Controller and the third parties (for example, in order to organize the Controller’s economic activity, to examine the cases when complaints concerning the received payment have been received, to conduct the after-control, as well as to secure evidence in case of complaints or claims).

      Who can access the information and to whom is it disclosed?

      Authorized employees of the Controller in accordance with the scope specified in their job descriptions in compliance with the requirements set out in the data protection and other laws and regulations. As well as the employees of the Controller’s cooperation partners (processors or subprocessors).

      The personal data may be transferred to the providers of accounting or legal services (the Controller’s processors) or providers of auditing services in accordance with the provisions of a contract entered into by the parties, as well as to the providers of the debt recovery services in separate cases. Personal data may be transferred to the law enforcement authorities, court or other state and municipal institutions if it arises from the laws and regulations, and the relevant authorities are entitled to receive the requested information (for example, the State Revenue Service concerning you as a business partner).

      Personal data may be transferred for protection of the legitimate interests, for example, when submitting an application to the court or other state authorities against a person that has infringed upon the legitimate interests of the Controller, to the debt recovery companies. Controller has some of the processors or subprocessors, that may, in some cases, have their registered offices outside the EU or the European Economic Area (EEA). In such cases, the data will be transferred to a third country. The transfer is based on a contract with the processor or subprocessor, to ensure an adequate level of protection of personal data.

      To clarify information regarding individual conditions of data processing or information of existence or absence of an adequate decision by the European Commission, or reference to the appropriate or suitable safeguards or where to obtain a copy of data, the Controller may inform the data subject individually (for example, in a separate policy or other document, with notifications in e-mail messages or in a mutual agreement).

      What is the period of personal data processing?

      The Controller complies with all the special laws and regulations determining its duty to retain separate data, for example, the Law on Accounting of the Republic of Latvia sets the duty to retain information on transactions for at least five years. The Commercial Law of the Republic of Latvia sets a time limit of three years.

      If you would like to find out a more detailed information, please contact the Controller by using the above-mentioned contact information. If for the purposes of ensuring the economic activity and perform the contractual obligations the Controller will need to protect the interests that have been violated, to submit an application to the court etc., all information related to the particular transaction will be retained until the moment of execution of the final settlement.

    3. Records of correspondence and record-keeping

      What personal data is processed by the Controller?

      By using the various options to contact the Controller in writing (by e-mail, mail letter, by using social networks (Facebook, WhatsApp, etc.)), information regarding the particular letter, request, application will be saved.

      What is the legal basis for the personal data processing?

      Retention of information regarding the fact and content of communication is conducted on the basis of Article 6(1)(c) and (f) of the Regulation, i.e., in cases when you have submitted a statement of claim or request obliging the Controller to review your request (for example, a complaint arising from the Consumer rights), the legal basis for data processing is this duty (for example, performance of the requirements to protect the Consumer rights), and for assurance of the legitimate interests of the Controller and the third parties (for example, in order to examine cases when complaints have been received, as well as to secure evidence against the possible claims or to improve the quality of products and services) the legal basis for the data processing is the Controller’s legitimate interests. In other cases, as well the records of correspondence are kept in order to make the Controller’s commercial activity systematic and to achieve the purposes of the commercial activity - to inform regarding the range of goods and services, provisions for delivery.

      Who can access the information and to whom is it disclosed?

      Authorized employees of the Controller in accordance with the scope specified in their job descriptions, as well as the Controller’s processors or subprocessors.

      Personal data may be transferred to the law enforcement authorities, court or other state and municipal institutions if it arises from the laws and regulations, and the relevant authorities are entitled to receive the requested information (for example, the State Revenue Service concerning you as a business partner).

      Personal data may be transferred for protection of the legitimate interests, for example, when submitting an application to the court or other state authorities against a person that has infringed upon the legitimate interests of the Controller, to the debt recovery companies.

      In the case of communication using services provided by third parties (Facebook, WhatsApp, LinkedIn, twitter, etc.), third parties should be recognized as separate controllers. The Controller is not responsible for the data processing of these companies. Therefore, the Controller invites you to familiarize yourself with the privacy policies of these companies.

      The Controller has some processors or subprocessors, that may, in some cases, have their registered offices outside the EU or the European Economic Area (EEA). In such cases, the data will be transferred to a third country. The transfer is based on a contract with the processor or subprocessor, to ensure an adequate level of protection of personal data.

      To clarify information regarding individual conditions of the data processing or information of existence or absence of an adequate decision by the European Commission, or reference to the appropriate or suitable safeguards or where to obtain a copy of data, the Controller may inform the data subject individually (for example, in a separate policy or other document, with notifications in the e-mail messages or by the Controller’s personnel explaining it orally).

      What is the period of the personal data processing?

      The Controller shall store and process the personal data while at least one of the following criteria exists:

      • until the respective matter has been fully settled, and the appellation period has expired;
      • as long as is permitted by applicable law.
    4. Purpose to publicize and promote recognition of brands which are represented by the Controller, to establish good relations with the customers and cooperation partners, including, participation in reflection of events in mass media and social networks.

      What personal data is processed by the Controller?

      In the events organized by the Controller and the cooperation partners and in locations where photo and video records of the event are made, photo and video images of the participants, visitors may be processed by retaining these images in the Controller’s archives, by placing them on the website, social networks administered by the Controller and in other informative materials of the Controller. In order to promote recognition of the represented brands, the Controller may also use the e-mail address obtained during performance of the commercial activity in order to provide information on news and updates in terms of range of goods, to invite you to the organized events and demonstrations, as well as to inform you regarding announced campaigns or competitions.

      What is the legal basis for the personal data processing?

      With the purpose to reflect the events organized by the Controller in mass media and social networks, in order to ensure the recognition of products represented by the Controller, as well as in order to communicate by using an e-mail address, the processing of personal data is performed on the basis of Article 6(1)(f) of the Regulation.

      The Controller has a legitimate interest to reflect the events it organized or events it participates in, or to provide information regarding the properties of the products it represents and the campaigns in mass media and social networks, thus ensuring the recognition of the represented brands. When selecting the information to be published, the Controller always applies the highest standards of ethics, thus attempting to ensure that the publications will not infringe upon the rights and freedoms of the data subjects. At the same time, the Controller is aware that it might possibly not be aware of all facts and circumstances; therefore, in order to ensure honest data processing, it does not prohibit any data subject to contact the Controller at any time by using the provided information, so that the data subject might object against the data processing. At the same time, the Controller explains that if you cooperate in various public events, for example, by providing interviews, deliberately being photographed and filmed, it is assumed prima facie that you do not object to the publishing of the relevant information.

      Who can access the information and to whom is it disclosed?

      The recipients of the personal data may be the Controller’s authorized employees, as well as the Controller’s processors or subprocessors.

      In order to fulfill the principle of honest data processing, the Controller explains that taking into account the circumstance that the purpose of reflection of the events is to publish information about the Controller and the brands it represents, the obtained materials will be publicly available and accessible to any third party.

      Using services provided by third parties (Facebook, WhatsApp, LinkedIn, twitter, etc.), third parties should be recognized as separate controllers. The Controller is not responsible for the data processing of these companies. Therefore, the Controller invites you to familiarize yourself with the privacy policies of these companies.

      What is the period of the personal data processing?

      The Controller is planning to retain the obtained information continuously, for example, in its archive, in order to save information on historic events in which it has participated.

  5. Your rights

    1. Data Subject is entitled to request from the Controller access to his/her personal data and to receive clarifying information on what personal data about him/her is at the disposal of the Controller, for what purposes the Controller processes the personal data, the categories of the recipients of the personal data (persons to whom the personal data has been disclosed or to whom it intends to disclosed, if the laws and regulations in the particular case permit the Controller to provide such information (for example, the Controller may not provide to the Data Subject information regarding relevant state authorities which direct the criminal proceedings, are subjects of operative activity or other institutions of which the laws and regulations prohibit to disclose the information)), information concerning the period of personal data retention, or criteria used to determine the mentioned period.
    2. If the Data Subject believes that the information at the disposal of the Controller is outdated, inaccurate or incorrect, the Data Subject is entitled to request the correction of his/her personal data.
    3. Data Subject is entitled to request deletion of his/her personal data or to object against the processing if the person believes that the personal data is processed illegally or is no longer necessary in relation to the purposes for which it was collected and/or processed (by using the principle - the right “to be forgotten”).
    4. The personal data of the Data Subject may not be deleted if personal data processing is necessary:
      1. for the Controller to protect vitally essential interests of the Data Subject or another natural person, including life and health;
      2. for the Controller or the third party to raise, implement or protect their legitimate (legal) interests;
      3. data processing is necessary in accordance with the laws and regulations binding to the Controller.
    5. Data Subject is entitled to request the Controller to limit the processing of the Data Subject’s personal data if one of the following circumstances exists:
      1. Data Subject contests the accuracy of the personal data – for the period while the Controller can verify the accuracy of the personal data;
      2. processing is illegal, and the Data Subject objects against deletion of the personal data and instead requests restriction on use of data;
      3. The Controller no longer needs the data for processing; however, it is necessary to the Data Subject to raise, implement or protect legal claims;
      4. Data Subject has objected against the processing while it has not been verified whether the legitimate reasons of the Controller are more important than the legitimate interests of the Data Subject.
    6. The Controller informs the Data Subject before cancellation of the restriction on processing of the personal data of the Data Subject.
    7. Where processing is based on consent, Data Subject are entitled to withdraw the consent given for the data processing at any time the same way that Data Subject provided it. In that case further data processing on the basis of the previous consent for the particular purpose will no longer be performed. Withdrawal of the consent does not affect data processing performed at the time when your consent was valid. Data processing performed on the grounds of other legal bases (for example, in accordance with the external laws and regulations or contract) cannot be terminated by withdrawing the consent.
    8. Data Subject can submit a request concerning the exercise of Data Subject rights:
      1. in a written form in person by presenting an identification document;
      2. by electronic mail, signing the letter by a secure electronic signature and sending it to the e-mail address: [email protected];
      3. by sending mail to the registered office of the Controller.

      Data Subject is obligated as much as possible to clarify in their request the date, time, location, additional identifiers and other circumstances that might aid in fulfillment of their request.

    9. If general information is required, Data Subject can submit a request by electronic mail [email protected] without electronic signature.
    10. After receipt of a written request of the Data Subject concerning the exercise of their rights, the Controller shall:
      1. verify the person’s identity;
      2. evaluate the request and act in the following way:
        • if it can ensure the request, perform it as soon as possible;
        • if additional information is necessary to identify the Data Subject or to perform the request, the Controller may request additional information from the Data Subject in order to be able to perform the request correctly;
        • if information has been deleted or the person requesting the information is not the Data Subject or the person cannot be identified, the Controller may reject the request.
    11. Data Subject is entitled to submit a complaint to the Latvian Data State Inspectorate if he/she believes that the Controller has processed their personal data illegally.
  6. Compliance with other laws

    1. COPPA (Children Online Privacy Protection Act)

      When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the USA nation's consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online. We do not specifically market to children under 13.

    2. CAN-SPAM Act

      The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

      We collect your email address in order to:

      • Send information, respond to inquiries, and/or other requests or questions;
      • Process orders and to send information and updates pertaining to orders;
      • We may also send you additional information related to your product and/or service;
      • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

      To be in accordance with CAN-SPAM we agree to the following:

      • NOT use false, or misleading subjects or email addresses;
      • Identify the message as an advertisement in some reasonable way;
      • Include the physical address of our business or site headquarters;
      • Monitor third party email marketing services for compliance, if one is used;
      • Honor opt-out/unsubscribe requests quickly;
      • Allow users to unsubscribe by using the link at the bottom of each email.

      If at any time you would like to unsubscribe from receiving future emails, you can email us at [email protected]bix.com and we will promptly remove you from ALL correspondence.

Last revised on September 3rd, 2019.