Privacy & Legal
Licensing information collection and check
Data and purpose of collection
Update-checker is a set of software code installed in Zextras Products with the primary function of transmitting a set of information pertaining to the installed version of Synacor’s Zimbra or of Zextras Products purchased directly by the clients, to a central server at Zextras’s premises. As a rule, this set of data is transmitted daily.
The purpose of this collection is to check the version installed, offering the administrator the chance to update the installed version to the most recent, and to check the fair usage of the licensed software, using certain heuristics to prevent double spending of the licensing credentials in more installations than permitted and similar checks. No actual content is transmitted. Mainly the information transmitted pertains to the data included in the licensing information, general information as to the install environment (like, the fully qualified domain name used to advertise the install’s presence on the Internet).
This is "Collected Data" as provided by art. 2.4 of the EULA.
This is "Collected Data" as provided by sections 11.4 and 11.6 of the EULA for Zimbra Collaboration.
Means of collection
Licensing and install data are collected preferably through an HTTPS interface that beacons these data through a JSON webservice call, which is recorded in client’s Zimbra logs.
However, certain installs block, filter or disable HTTPS calls outside the client’s premises, in which case the updating and licensing check would be defied. For that reason, Zextras checker provides some backup communication avenues, in order to avoid for the client to manually provide the authorization codes to keep the installed Zimbra active.
- In case the HTTPS call fails, as a backup solution the mail server within Zimbra sends a pre-made email whose payload is exclusively the same data as the ones which would have been transmitted by the above mentioned JSON transmission. The email transmission is therefore functionally equivalent to the one occurring over HTTPS and only in case HTTPS transmission is unavailable. Again, logs record this transmission.
- The administrative interface of the installed Zimbra, in case the client web browser can reach the outer Internet, sends a GET call containing a subset of data, through a pixel tag image. Also this call is recorded by the client’s logs. Data are preserved only if HTTPS and mail fail to connect, otherwise data is dumped.
- The installed Zimbra once a day makes a DNS resolution request for an URL to a DNS server for which Zextras is authoritative DNS server. This resolution request adds part of the licensing dataset to the protocol-related data, so that they can be parsed and collected by the DNS server. The URL space can only send roughly 150bits of data which are compressed using a custom algorithm (but not encrypted). In case all the previous ways collection fail, this information is used instead. Otherwise, data is dumped.
Zextras software data protection notice
Information about Zextras.com
Zextras.com website and services are provided by Zextras S.r.l. registered office in Largo Richini 6, 20122 Milano, Italy. Email: info[at]Zextras.com – R.E.A. MI 2045436 – P.I. and C.F. 03695830244
About this policy
This data protection notice covers the data collected through the use of Zextras software, provided by Zextras S.r.l., whose registered office are in Largo Richini 6, 20122 Milano, Italy. Email: info[at]Zextras.com – R.E.A. MI 2045436 – P.I. and C.F. 03695830244
For data collected through Zextras websites, including the ecommerce one, please refer to here
Data Controller, data subject and data processor
Data controller is Zextras srl, (hereinafter defined as: We, Us or Service Provider). The data subject is any natural person whose data have been provided during registration of Zextras Suite and included in the licensing information which is collected by Zimbra according to this policy (if any is provided, hereinafter defined as You or User). Some processing activities (such as website hosting) is to be carried out on behalf of Zextras by data processors providing sufficient guarantees to implement appropriate technical and organizational measures, please contact us if you would like additional information. The data processing activities are carried out in the facilities of the data Controller and Processors.
General information about data collected by Us
Personal data processing covered by this Notice is carried out only by Zextras employees and by technical staff in charge of server maintenance activities.
Personal data is processed with automated means for no longer than is necessary to achieve the purposes for which it has been collected. Specific security measures are implemented to prevent the data from being lost, used unlawfully and/or inappropriately, and accessed without authorization. Personal data may be disclosed only upon request of competent authorities authorized by law.
Type of data
Zextras collects certain data concerning the use of Zextras Suite according to standard practice to monitor compliance with the licensing obtained by the licensee and only on aggregated basis for usage statistics.
For more technical description, please refer to here
We base the collection of data for execution of contractual obligations pursuant to art. 6.1 letter b) and the prevailing interest of Zextras to monitor the lawful use of their IP rights over Zextras Suite pursuant to art. 6.1 letter f) of the General Data Protection Regulation 2016/679. We base our assessment of prevalence in the fact that personal data are only those already provided by the user, if any, and that the amount of data is very limited, no actual content is transferred and only technical information inherent to the usage of the means of transmission is added.
Data are retained for no longer than 2 years from collection or, in case of litigation or enforcement of rights, the longer period for such activities, but only as a separate dump and limited to the data which are necessary to protect such rights.
Data Subjects’ Rights
Data subjects are entitled at any time to obtain confirmation of the existence of personal data concerning them and be informed of their contents and origin, verify their accuracy, or else request that such data be supplemented, updated or rectified as well as to exercise all right defined in section 2 of EU Regulation 2016/679. The above Section also provides for the right to request erasure, anonymization or blocking of any data that is processed in breach of the law as well as to object in all cases, on legitimate grounds, to processing of the data.
You can contact our DPO at dataprotection[at]zextras.com to exercise one of the following rights or to have more information on our processing activities:
You have the right to:
- request access to your Personal Data and rectification of inaccurate Personal Data;
- request erasure of your Personal Data when there is a legitimate interest to obtain so and there is no opposing rights of Zextras;
- request restrictions on the processing of your Personal Data;
- receive the personal data concerning You in a structured, commonly used and machine-readable format (Data portability);
- lodge a complaint with a supervisory authority;
- Data subject has a right to oppose to the processing, but Zextras will object to any request pursuing this right if there is a prevailing right to process data; in case, Zextras will cooperate to reduce the amount of data or to replace them with anonymized or pseudonomized ones.
Data will be exported outside the European Union to data processors in states offering an equivalent protection based on a decision of the European Commission or based on sufficient guarantees of effectiveness of protection (model clauses). Certain data will be shared with Synacor Inc. if Zextras is included in a version of Zimbra distributed by Synacor. Data concerning Zextras software purchased separately from Zimbra will not be shared with Synacor.
Find at the following link all the information about product’s EULA