Data Rights Request

Exercise your privacy rights under the NJDPA, CCPA/CPRA, GDPR, and other applicable data protection laws.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information processed by Zone OS CRM:

πŸ”

Right to Access

Request a copy of the personal data we hold about you.

✏️

Right to Correction

Request correction of inaccurate or incomplete personal data.

πŸ—‘οΈ

Right to Deletion

Request deletion of your personal data, subject to legal retention requirements.

πŸ“¦

Right to Portability

Receive your data in a structured, machine-readable format.

🚫

Right to Opt Out

Opt out of the sale of personal data, targeted advertising, and profiling.

⏸️

Right to Restrict

Request restriction of processing in certain circumstances.

⚠️ Important: Data Controller vs. Data Processor

Zone OS CRM acts as a Data Processor. If you are a customer or employee of a business that uses Zone OS CRM, your data is controlled by that business (the Data Controller). You should direct your request to the business that collected your data first. If they are unable to assist, you may submit a request to us and we will coordinate with the applicable Data Controller.

Submit a Data Subject Access Request (DSAR)

Use the secure form below to submit your request directly to our compliance team. We will verify your identity before processing any data.

Verification Process

To protect your privacy and prevent unauthorized access to personal data, all requests are subject to identity verification. Our verification process follows the requirements of the ESIGN Act and applicable state privacy laws:

1

Identity Matching

We verify your identity using a minimum of three (3) data points β€” for example: email address, name on account, and employer identification or last 4 digits of SSN (for payroll-related requests).

2

Out-of-Band Verification

For high-sensitivity requests (deletion, payroll data access), we will send a one-time verification code to the email or phone number on file. This code expires after 15 minutes.

3

Perjury Attestation

For requests involving sensitive data (SSN, payroll records, tax documents), you will be asked to provide a declaration under penalty of perjury confirming your identity, in compliance with CCPA verification requirements.

4

Fulfillment or Denial

Verified requests are fulfilled within the applicable legal timeframe. Requests that cannot be verified will be denied with written explanation and instructions for appeal.

Fulfillment Timelines

  • NJDPA opt-out requests: 15 calendar days
  • CCPA/CPRA access & deletion requests: 45 calendar days (one 45-day extension for complex requests)
  • GDPR requests: 30 calendar days (one 60-day extension for complex requests)
  • General requests: 45 calendar days

Limitations & Exceptions

  • Rate Limit: We process a maximum of two (2) requests per consumer within a rolling 12-month period.
  • Legal Retention Holds: Deletion requests that conflict with mandatory legal retention requirements (such as the 4-year IRS/FLSA tax record retention period) will be partially fulfilled. We will delete all non-retained data and clearly disclose which data categories are retained and the legal basis for retention.
  • Audit Trail Records: Cryptographic audit trail records for signed documents are retained for 5 years regardless of deletion requests, as required by the ESIGN Act and UETA.
  • Authorized Agents: You may designate an authorized agent to submit a request on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly.

Appeals

If your request is denied, you have the right to appeal. Appeals should be submitted to privacy@zone-os.co with the subject line "DSAR Appeal". We will respond to appeals within 45 calendar days.

If you are not satisfied with the outcome of your appeal, you may file a complaint with the appropriate regulatory authority:

Contact

For all data rights requests and privacy inquiries: