Book a Call

Zimark Solution

Privacy Policy and Data Protection Agreement

Zimark Solution – Privacy Policy and Data Protection Agreement

[Last updated: February 23, 2026]

This Zimark Solution Privacy Policy and Data Protection Agreement (the “Policy“) describes Zimark Ltd.’s (“Company” “we,” “us,” or “our“) privacy and data protection practices regarding Personal Data we collect or process in the course of performing our services for the customer identified in a binding written proposal (“Customer”, “you” or “your”) in compliance with applicable privacy and data protection laws and regulations. This Policy only applies to the extent we process Personal Data in the role of a processor on your behalf and does not apply to any Personal Data collected or processed by a third party’s products, services, websites, or applications. 

Important: By accessing and/or using our proprietary solution for identifying markers including all associated and related SaaS services, hardware, software and technical and operational design (collectively, the “Solution”), you acknowledge and agree that we may process Personal Data (as defined below) in accordance with this Policy. If you do not understand or accept the terms and conditions herein, please do not access or use the Solution. 

Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The Personal Data collected or processed by the Company is detailed herein.  

The terms, “Controller”, “Processor”, “Data Subject”, “Sub-processor” and “Processing” shall have the same meaning as in the GDPR. 

If you have any questions about this Policy, please feel free to contact us at: info@zimark.io.. 

Please also read our Zimark Solution and Services – General Terms and Conditions available at https://zimark.io/terms-and-conditions/, which describe the general terms that apply to your access and/or use of the Solution.

1. Personal Data We Collect. 

      • 1.1 – Customer and Customer users contact information: first name, last name, organization, title, department, and organization email addresses.
      • 1.2 – Customer’s location operations: images, videos, pictures and voice of the Customer’s personnel and other individuals who operate the Customer’s location (e.g., Customer’s facilities) or otherwise pass through the Customer’s location and its surroundings.

2. How Personal Data is Collected and How We Use It.

  • 2.1 – Registration Information. When you sign up and/or use the Solution, we may ask you for registration information including username, password, phone number and email address. We will process this information in order to provide you with access to and use of the Solution under your credentials. This processing is necessary for conclusion and performance of a contract between you and us.
  • 2.2 – Information You Provide. In order to use the Solution and receive the related services, we will install the necessary hardware (e.g., cameras) at the Customer’s required location. Such hardware will capture all the activity taking place at said location, including without limitation all images, videos, pictures and voice of the Customer’s personnel and other individuals who operate the Customer’s location or otherwise pass through the Customer’s location and its surroundings. While such information is not needed in order to perform the use of the Solution, it may be impossible for us to provide the services provided through the Solution without processing such information. Accordingly, you agree to obtain prior explicit consent from the relevant personnel and other individuals whose information may be included in the images, videos and pictures (excluding biometric identification of any kind) captured by the hardware as described above. This processing is necessary for conclusion and performance of a contract between you and us.
  • 2.3 – Your Contact Information. If you are a Customer’s representative that signed a contract with us on behalf of the Customer, we may ask you to provide Personal Data, including full name, professional affiliation, your affiliation contact information including address, work email address and phone number. We will process this information to carry out our obligations, verify and carry out financial transactions, contact you for technical and administrative needs related to the access to and/or use of the Solution, replying to inquiries and troubleshooting. This processing is necessary for the purposes of the legitimate interests pursued by Company of providing efficient and effective services to our customers. 

3. Sharing Personal Data.

For us to be able to provide our services through use of the Solution, our affiliates, agents, and representatives may need to have access to the Personal Data as described above.

We may also need to contract with partners and third-party service providers to perform certain functions on our behalf. To this end, we limit these parties’ access to the Personal Data they need to perform the functions they carry out on our behalf. We require these parties to process the Personal Data in compliance with this Policy and subject to security and other appropriate confidentiality safeguards. 

We may also share your Personal Data in the following circumstances: (a) as required for providing the services through use of the Solution; (b) for maintenance and improvement of the Solution; (c) if we become involved in a reorganization, merger, consolidation, acquisition, or any form of sale of some or all of our assets, with any type of entity, whether public, private, foreign or local; and/or (d) to satisfy applicable law or prevention of fraud or harm or to enforce applicable agreements and/or their terms, including investigation of potential violations thereof.

Importantly, we will never sell your Personal Data. 

4. Data Security and Retention.

Your Personal Data is kept secure. Only our authorized employees, agents, and contractors (who have agreed to keep information secure and confidential) have access to this information. To provide our Solution, we use third-party providers to perform specialized services for data processing. When we provide data to these third-party providers, they are not permitted to use data outside of the scope for which we contracted them.

We (and our third-party providers) use a variety of industry standard security measures, including but not limited to compliance with ISO 27001 standards, to prevent unauthorized access, use, or disclosure of your Personal Data. These security measures consist of, but are not limited to, data encryption in transit (TLS 1.2+), encryption in rest (AES-256 or equivalent), role-based access controls (RBAC), multi-factor authentication for administrative access, logging and monitoring, secure development lifecycle controls and physical security. No method of transmission or method of electronic storage over the internet is 100% secure. Therefore, while we strive to use industry standard means to protect your Personal Data, we cannot guarantee its absolute security. 

We will retain your Personal Data for the period necessary to fulfil the purposes outlined in this Policy, all in accordance with applicable laws, or until you request its deletion, unless a longer retention period is required by applicable data privacy law. 

Other circumstances in which we will retain Personal Data for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements; (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges; or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes. 

5. Data Integrity. 

We take reasonable steps to ensure that the Personal Data we process is accurate, complete, and current, but we depend on you to update or correct your Personal Data whenever necessary. Nothing in this Policy is interpreted as an obligation to store information, and we may, at our own discretion, delete or avoid from recording and storing any and all information.

6. Your Rights.

Data Subjects have certain rights relating to their Personal Data, subject to local data protection laws. Depending on the applicable laws and, in particular, if you are located in the EEA or other applicable location, these rights may include:

  • accessing, correcting, amending, deleting your Personal Data;
  • objecting to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
  • not being subject to a decision based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”);
  • to the extent we base the collection, processing, and sharing of your Personal Data on your consent, withdrawing your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal; 
  • requesting to limit the use or disclosure of your Personal Data; and
  • requesting the transfer of your Personal Data. 

To exercise your rights, please contact us at info@zimark.io

We are committed to working with you to obtain a fair resolution of any complaint or concern about your Personal Data. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EEA, you have the right to lodge a complaint with the competent supervisory authority.

7. Enforcement. 

We regularly review our compliance with this Policy. Please feel free to direct any questions or concerns regarding this Policy or our treatment of Personal Data by contacting us as provided above. When we receive formal written complaints, it is our policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Data that cannot be resolved between the Company and an individual.

8. International Transfers of Personal Data. 

The server on which our Solution are hosted and/or through which Personal Data are processed may be outside the country from which you access the Solution.

Some of the data uses and disclosures mentioned in this Solution Policy may involve the transfer of your Personal Data to various countries around the world that may have different levels of privacy protection than your country and may be transferred outside of the UK or the European Economic Area.

If there is a transfer of your Personal Data outside the EEA we will, in the absence of an EC Adequacy decision relevant to the destination country or to the transfer, seek to rely on appropriate safeguards such as entering into appropriate EU Standard Contractual Clauses adopted by the European Commission pursuant to Implementing Decision (EU) 2021/914, as applicable (see https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj/eng). 

9. California Consumer Protection Act as amended by the California Privacy Rights Act.

This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CPRA”).

  • 9.1 – We do not provide services, or other items of value, as consideration for personal information protected by the CPRA.
  • 9.2 – You are responsible for ensuring your compliance with the requirements of the CPRA in your use of the Solution we provide to you and your own processing of personal information.
  • 9.3 – Here are a few things that we will NOT do with personal information in the scope of acting as a service provider and/or contractor, as defined by CPRA: (a) sell, share, rent, or otherwise disclose your personal information to third parties in exchange for money or something else of value; (b) use your information outside the scope of the agreement(s) for services that we have with you; (c) combine the personal information we receive from or on behalf of you with personal information we receive from or on behalf of another person or collect from our own interaction with a consumer, except as permitted under the CPRA; and (d) Subject to certain limitations, the CPRA provides California consumers the right to request to know more details about the categories or specific pieces of Personal Data we collect (including how we use and disclose this Personal Data), to delete their Personal Data, to opt out of any “sales” or “shares” that may be occurring, to limit the use and disclosure of sensitive personal information (where applicable), and to not be discriminated against for exercising these rights. 
  • 9.4 – California consumers may make a request pursuant to their rights under the CPRA by contacting us at info@zimark.io. We will verify your request using the information associated with you, including email address. Consumers can also designate an authorized agent to exercise these rights on their behalf.

10. Data Protection Rights and Obligations. 

  • 10.1 – Roles and Scope
    • a) The Customer is the Controller (or business, as applicable) and the Company is the processor (or service provider) with respect to Personal Data processed through the Solution in providing the services.
    • b) The Company is the Processor and will process Personal Data only on the Customer’s documented instructions, including with regard to transfers of Personal Data to a third country, unless required to do so by applicable law (in which case the Company will inform the Customer of that legal requirement unless prohibited).
  • 10.2 – Processing Details
    • a) Subject matter: provision, operation, support, maintenance, and improvement of the Solution.
    • b) Duration: The term of the binding written proposal between the Company and the Customer, plus any post-termination retention period required by applicable law or necessary to provide agreed wind-down services, after which deletion/return will occur in accordance with Section 10.6 below.
    • c) Nature and purpose: hosting, storage, access control, analytics necessary to provide the Solution and the services resulting from the use thereof, troubleshooting, customer support, and security monitoring.
    • d) Categories of Data Subjects: Customer personnel, Customer authorized users, visitors, contractors, and other individuals captured by the Solution at the Customer location.
    • e) Categories of Personal Data: Contact details of Customer and its personnel; and visual, audio, and related metadata captured by Solution hardware at Customer’s location; and any other Personal Data the Customer submits to the Solution.
  • 10.3 – Company’s Obligations.
    • a) Processor shall assist Controller, by using appropriate technical and organizational measures, in the fulfilment of Controller’s obligations to respond to requests by Data Subjects in exercising their rights under applicable laws. In addition, Processor shall, unless otherwise required by applicable law, (i) immediately notify Controller of any request raised by a Data Subject with respect to Personal Data processed under this Policy and; (ii) not respond to any Data Subject request, except on a written instruction of Controller or as required by applicable law to which Processor is subject, while in the latter case, unless that applicable law prohibit so, Processor shall inform Controller of that legal requirement prior to responding to the request.
    • b) Processor shall ensure that its personnel engaged in the processing of Personal Data are bound by a written confidentiality undertaking. In addition, Processor shall ensure that (i) access to Personal Data provided by Controller under this Policy is strictly limited to those individuals who need to know or access the relevant Personal Data for the purpose of providing the Controller with the Solution and related services; The Processor shall ensure that any personnel on its behalf who might be granted such access to the Personal Data undergo appropriate screening and suitability checks, consistent with commonly accepted employee screening practices, taking into account the sensitivity of the Personal Data and the scope of the intended access; (ii) it maintains a list of personnel having access to Personal Data, their roles and scope of access, review such list from time to time, delete excess credentials, and revoke access rights immediately upon termination or change of role; (iii) all Processor’s personnel will receive, prior to being granted access to any Personal Data and periodically training on data protection and security measures and obligations under this Policy and applicable laws; and (iv) access credentials shall, wherever possible, be physical or personal and under the exclusive control of the authorized individual.
    • c) Processor will promptly and reasonably assist Controller, in ensuring compliance with Controller’s obligations related to the security of the processing, notification and communication of Personal Data breaches, conduct of data protection impact assessments and any inquiry, investigation or other request by a supervisory authority. Processor shall bear the cost of such reasonable assistance, provided that such assistance is requested no more than once quarterly. Where Controller requests assistance more than once quarterly or if such requests are beyond what is reasonably required under this Policy or applicable law, Processor shall exsert best efforts to provide such reasonable assistance.
  • 10.4 – Customer’s Obligations. The Customer is fully responsible and liable for: 
    • a) establishing a lawful basis for the processing; 
    • b) providing required notices to Data Subjects; 
    • c) obtaining any consents required under applicable law for the Customer’s use of the Solution (including, where required, for video/audio captured at Customer sites); 
    • d) obtaining and maintain prior explicit consent from the relevant personnel and other individuals whose Personal Data may be included in the images, videos and pictures captured by the Solution; and 
    • e) ensuring that Customer’s instructions comply with applicable data protection laws and that the Customer will not instruct the Company to process Personal Data in a manner that violates applicable law. 
    1.  
    1.  
    1.  
  • 10.5 – Security Measures.
    The Company will implement appropriate technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, taking into account the nature of processing and the risks involved.
  • 10.6 Sub-processors
    • a) The Customer generally authorizes the Company to engage sub-processors (including affiliates and service providers) to process Personal Data to provide the Solution and any related services to the Customer.
    • b) The Company will impose data protection obligations on its sub-processors that are no less protective than those set out in this Policy and shall remain responsible for sub-processor performance of their obligations.
      1.  
  • 10.7 – Return and Deletion. Upon termination or expiration of a binding written proposal between the Company and the Customer, and upon the Customer’s written request, the Company will delete or return Personal Data, at the Company’s option, unless applicable law requires retention. Deletion will be completed within a reasonable time, subject to backup retention cycles and legal holds.
  • 10.8 – Personal Data Breach. The Company will notify the Customer without undue delay after becoming aware of a Personal Data breach affecting Personal Data processed under this Policy and will provide the Customer with information as reasonably necessary to enable the Customer to meet its breach notification obligations under applicable law.
  • 10.9 – Audit. The Company will make available to the Customer all information necessary to demonstrate compliance with the applicable data protection obligations and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.
    1.  

11. Changes to This Policy.

We may update this Policy from time to time. We will notify you about significant changes in the way we treat your Personal Data. We encourage you to periodically review this Policy for the latest information about our privacy practices.

Any changes will be effective immediately once the revised Policy is made available on our website or Product unless otherwise specified. If you continue to use our Product after the changes become effective, we will assume you agree to these changes.

12. Contacting Us 

To exercise your rights regarding your Personal Data, or if you have questions regarding this Policy or our data protection practices, please send an email to info@zimark.io. Alternatively, you may send notice by way of mail to the following address: Zimark Ltd., 9 Andre Sakharov St., Haifa, Israel, Attn: Karin Levy, CEO.

 

Last updated: February 23, 2026

Learn More About The Zimark Partner Program

Fill out the form below to start the conversation.

Apply to Become a Zimark Partner

Fill out the form below to start the conversation.

Book a Live Demo at the Zimark Booth

Schedule a short demo during Manifest 2026 (Feb 9–12) to explore how teams improve visibility, accuracy, and control across operations.