About ZeroBounce

Leader in Email Validations

/about-zerobounce/leader-in-email-validations/

ZeroBounce is a leading online email validation system created to ensure that companies sending complex and high volume emails avoid deliverability issues. The system works by reducing and eliminating invalid, abuse, complaint, inactive, and spam-trap email addresses. These are email addresses that will either bounce or contribute to ruining your sending reputation. ZeroBounce also provides IP address validation and verification of key recipient demographics and has the ability to add missing information on certain emails, such as the name, gender and location of the owner.

We created a guide to help you navigate everything you need to be aware of when sending emails. It's the most comprehensive guide you'll find on the internet and we offer it for free, without any restrictions. You can read it here: THE COMPLETE GUIDE TO IMPROVE INBOX AND DELIVERABILITY

ZeroBounce is the most secure email validation system you can find. For us, the protection of your data comes first, so we don't cut cost in keeping it safe. We are registered with the BBB and approved for the EU Privacy Shield. We maintain enterprise contracts with all of our vendors, we operate our own data center and own our servers and hardware. We don't use third-party services, like Amazon, Azure, and other cloud services providers, to store your data.

Getting Started

We'll get you up and validating with us really fast! Simply click this link for a walk-through on our validation service: Validation Process

ZeroBounce

  • Florida : 1489 W Palmetto Park Rd, 5th Floor, Boca Raton, Florida, 33486, US.
  • California : 10 E Yanonali St, Santa Barbara, CA, 93101, US
  • Sales : 1-888-500-9521 (9-5 PST)
  • Email : office@zerobounce.net
  • Technical Support 24/7 (only via email) : support@zerobounce.net

Support Options: /contact-us.html

Data Protection

/about-zerobounce/data-protection/

At ZeroBounce, we take data protection very seriously and we are committed to keep your information safe from harm. We are using one of the most efficient content delivery network systems in the world, supported by CloudFlare. This system ensures additional defense against cyber attacks and data breaches, thanks to the Advanced Firewall. Furthermore, we are one of the few email verification services that use a military grade encryption algorithm to safeguard your files and personal information. Whenever you upload a file on our server, we encrypt it using a unique key. Once our email verifier validates that file, we re-encrypt it and protect it with a password that only you have access to. This additional step keeps your data secure during the process of email validation.

An important aspect of our privacy policy is that your data is never stored in our system for more than 30 days. Once you finish using our email verifier, all data, and all aspects of your data, are erased in maximum 30 days. Also, the information you share with us for payment purposes is encrypted.

At ZeroBounce we go out of our way to protect your data and we developed advanced defense mechanisms against misuse, loss, unauthorized access and improper disclosure. We want to provide the same security that we would want for ourselves. Our customers feel safe knowing that the best email verification services is also the most secure.

Anti Abuse Policy

/about-zerobounce/anti-abuse-policy/

Acceptable Use and Anti-Abuse Policy

Zerobounce is committed to protecting consumer privacy while recognizing the importance of the open internet and free flow of information and data. Zerobounce provides various tools to validate data (the “Services”) and expects that those Services will only be used for lawful and legitimate purposes.

The purpose of this Acceptable Use and Anti-Abuse Policy is to outline the acceptable use of the Zerobounce Services. This policy applies to all uses of the Services and any interaction with Zerobounce’s systems, interface, network and database.

Prohibited Use

The following activities are, in general, prohibited. Under no circumstances are any customers of Zerobounce authorized to use the Services to:

  • engage in any activity that is illegal under local, state, federal or international law;
  • send unsolicited email messages in violation of applicable law, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam);
  • engage in any form of harassment, discrimination or other abusive behavior;
  • breach or invade the privacy rights of any natural person;
  • engage in phishing (any activity designed to trick persons into divulging sensitive data such as usernames, passwords, or financial data); or
  • engage in any other activity generally deemed to be internet abuse.

Zerobounce reserves the right to refuse service to any person or company, for any reason, including but not limited to, any customer or potential customer that Zerobounce suspects will use or has used the Services in violation of this policy and may terminate your access to the Services at any time in its sole discretion. In the event Zerobounce suspects its Services have been, or will be, used for any purpose that is in violation of the law or this policy, Zerobounce reserves the right to disclose all available information to law enforcement or government officials.

This policy is in addition to the Zerobounce Privacy Policy & Terms [link to PP] Zerobounce reserves the right to update or change this policy at any time.

Reports of abuse should be sent to abuse@zerobounce.net.

Data Processing Agreement

/about-zerobounce/data-processing-agreement/

PDF Version: Data Processing Agreement

UK Data Processing Agreement

Data Processing Agreement

BETWEEN:

The company whose information has been provided as part of the registration process and who will electronically sign this DataProcessing Agreement (hereinafter to be referred to as: the “Data Controller”),

AND

Hertza, L.L.C., a Nevada limited liability company, doing business as “ZeroBounce”, and having its principal place of business at 10 E. Yanonali St., Santa Barbara, California 93101 (hereinafter to be referred to as: the “Data Processor”).

HEREBY AGREE AS FOLLOWS:

1. Subject matter of this Data Processing Agreement

1.1

This Data Processing Agreement applies exclusively to the processing of personal data that is subject to EU Data Protection Law in the scope of the Terms and Conditions of Use Agreement of even date hereof between the parties for the provision of the ZeroBounce services (“Services”) (hereinafter to be referred to as: the“Service Agreement”).

1.2

The term EU Data Protection Law shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.3

Terms such as “Processing”, “Personal Data”, “Data Controller” and “Processor” shall have the meaning ascribed to them in the EU Data Protection Law.

1.4

Insofar as the Data Processor will be processing Personal Data subject to EU Data Protection Law on behalf of the Data Controller in the course of the performance of the Service Agreement with the Data Controller the terms of this Data Processing Agreement shall apply. The categories of Personal Data to be processed includes: first name; last name; gender; city; state; country; Internet Protocol (IP) Address information; and email addresses. The types of data subjects whose information will be processed are individuals. The purposes for which the personal data will be processed include: validation of email lists for deliverability; and removal of known email complainers, abusers and spam traps from email address lists.

2. The Data Controller and the Data Processor

2.1

The Data Controller will determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Data Processor. The Data Processor will process the Personal Data only as set forth in Data Controller’s written instructions.

2.2

The Data Processor will only process the Personal Data on documented instructions of the Data Controller in such manner as – and to the extent that – this is appropriate for the provision of the Services, except as required to comply with a legal obligation to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller of that legal obligation before processing, unless that law explicitly prohibits the furnishing of such information to the Data Controller. The Data Processor shall never process the Personal Data in a manner inconsistent with the Data Controller’s documented instructions. The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction infringes this Regulation or other Union or Member State data protection provisions.

2.3

The Parties have entered into a Service Agreement in order to benefit from the expertise of the Processor in securing and processing the Personal Data for the purposes set out in Section 1.4. The Data Processor shall be allowed to exercise its own discretion in the selection and use of such means as it considers necessary to pursue those purposes, subject to the requirements of this Data Processing Agreement.

2.4

Data Controller warrants that it has all necessary rights to provide the Personal Data to Data Processor for the Processing to be performed in relation to the Services. To the extent required by EU Data Protection Law, Data Controller is responsible for ensuring that any necessary data subject consents to this Processing are obtained, and for ensuring that a record of such consents is maintained. Should such a consent be revoked by the data subject, Data Controller is responsible for communicating the fact of such revocation to the Data Processor, and Data Processor remains responsible for implementing any Data Controller instruction with respect to the further processing of that Personal Data.

3. Confidentiality

3.1

Without prejudice to any existing contractual arrangements between the Parties, the Data Processor shall treat all Personal Data as strictly confidential and it shall inform all its employees, agents and/or approved sub- processors engaged in processing the Personal Data of the confidential nature of the Personal Data. The Data Processor shall ensure that all such persons or parties have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.

4. Security

4.1

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, without prejudice to any other security standards agreed upon by the Parties, the Data Controller and Data Processor shall implement appropriate technical and organizational measures to ensure a level of security of the processing of Personal Data appropriate to the risk. These measures shall include as appropriate:

  1. measures to ensure that the Personal Data can be accessed only by authorized personnel for the purposes set forth in Section 1.4 of this Data Processing Agreement;
  2. in assessing the appropriate level of security account shall be taken in particular of all the risks that are presented by processing, for example from accidental or unlawful destruction, loss, or alteration, unauthorized or unlawful storage, processing, access or disclosure of Personal Data;
  3. the pseudonymization and encryption of personal data;
  4. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  5. the ability to restore the availability and access to personal data in a timely manner in the event of physical or technical incident;
  6. a process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Personal Data;
  7. measures to identify vulnerabilities with regard to the processing of Personal Data in systems used to provide services to the Data Controller; or
  8. ZeroBounce takes the following security measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access:
    • All Personal Data received hereunder will be stored and processed in the EU;
    • In addition to the above, ZeroBounce is an active participant in the EU-US and Swiss-US Privacy Shield Programs;
    • ZeroBounce has restricted access to four personnel members with the ability to directly access files containing personal information on ZeroBounce servers, each of whom have agreed to maintain the confidentiality of any personal information;
    • All data uploads and downloads sent between ZeroBounce and its customers flow through third party CloudFlare’s servers in the EU;
    • In addition to the above, CloudFlare is an active participant in the EU-US Privacy Shield Program;
    • The ZeroBounce support team does not have access to CloudFlare;
    • CloudFlare maintains its own security protections to block threats and limit abusive bots and crawlers. See https://support.cloudflare.com/hc/en-us/articles/205177068-Step-1-How-does-Cloudflare-work-
    • Any information that is uploaded by a ZeroBounce customer to ZeroBounce.net is transmitted via SSL through CloudFlare, and all files are stored in an encrypted file using a standard algorithm for protection of stored data defined by IEEE P1619 on ZeroBounce servers in the EU; and
    • If customer elects to receive files via email, such files shall be sent encrypted, with a password via a separate email.

4.2

The Data Processor shall at all times have in place an appropriate written security policy with respect to the processing of Personal Data, outlining in any case the measures set forth in Article 4.1.

4.3

At the request of the Data Controller, the Data Processor, shall demonstrate the measures it has taken pursuant to this Article 4 shall allow the Data Controller to audit and test such measures. The Data Controller shall be entitled on giving at least 14 days’ notice to the Data Processor to carry out, or have carried out by a third party who has entered into a confidentiality agreement with the Data Processor, audits of the Data Processor’s premises and operations as these relate to the Personal Data. The Data Processor shall cooperate with such audits carried out by or on behalf of the Data Controller and shall grant the Data Controller’s auditors reasonable access to any premises and devices involved with the Processing of the Personal Data. The Data Processor shall provide the Data Controller and/or the Data Controller’s auditors with access to any information relating to the Processing of the Personal Data as may be reasonably required by the Data Controller to ascertain the Data Processor’s compliance with this Data Processing Agreement.

5. Improvements to Security

5.1

The Parties acknowledge that security requirements are constantly changing and that effective security requires frequent evaluation and regular improvements of outdated security measures. The Data Processor will therefore evaluate the measures as implemented in accordance with Article 4 on an on-going basis and will tighten, supplement and improve these measures in order to maintain compliance with the requirements set out in Article 4. The Parties will negotiate in good faith the cost, if any, to implement material changes required by specific updated security requirements set forth in the EU Data Protection Law or by data protection authorities of competent jurisdiction.

5.2

Where an amendment to the Service Agreement is necessary in order to execute a Data Controller instruction to the Data Processor to improve security measures as may be required by changes in applicable data protection law from time to time, the Parties shall negotiate an amendment to the Service Agreement in good faith.

6. Data Transfers

6.1

The Data Processor shall not disclose Personal Data received hereunder to a third party or transfer it to a non- EU/European Economic Area (EEA) country without Data Controller’s authorization. The Data Processor shall immediately notify the Data Controller of any (planned) permanent or temporary transfers of Personal Data to a country outside of the EU/EAA without an adequate level of protection and shall only perform such a (planned) transfer after obtaining authorization from the Data Controller, which may be refused at its own discretion.

6.2

To the extent that the Data Controller or the Data Processor are relying on a specific statutory mechanism to normalize international data transfers that is subsequently modified, revoke, or held in a court of competent jurisdiction to be invalid, the Data Controller and the Data Processor agree to cooperate in good faith to promptly terminate the transfer or to pursue a suitable alternate mechanism that can lawfully support the transfer.

7. Information Obligations and Incident Management

7.1

When the Data Processor becomes aware of an incident that impacts the Processing of the Personal Data that is the subject of the Service Agreement, it shall promptly notify the Data Controller about the incident, shall at all times cooperate with the Data Controller, and shall follow the Data Controller’s instructions with regard to such incidents, in order to enable the Data Controller to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.

7.2

The term “incident” used in Article 7.1 shall be understood to mean in any case:

  1. a complaint or a request with respect to the exercise of a data subject’s rights under EU Data ProtectionLaw;
  2. an investigation into or seizure of the Personal Data by government officials, or a specific indication that such an investigation or seizure is imminent;
  3. any unauthorized or accidental access, processing, deletion, loss or any form of unlawful processing of the Personal Data;
  4. any breach of the security and/or confidentiality as set out in Articles 3 and 4 of this Data Processing Agreement leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, the Personal Data, or any indication of such breach having taken place or being about to take place;
  5. where, in the opinion of the Data Processor, implementing an instruction received from the Data Controller would violate applicable laws to which the Data Controller or the Data Processor are subject.

7.3

The Data Processor shall at all times have in place written procedures which enable it to promptly respond to the Data Controller about an incident. Where an incident is reasonably likely to require a data breach notification by the Data Controller under the EU Data Protection Law, the Data Processor shall implement its written procedures in such a way that it is in a position to notify the Data Controller no later than 24 hours of having become aware of such an incident.

7.4

Any notifications made to the Data Controller pursuant to this Article 7 shall be addressed to the Data Protection Officer or other employee of the Data Controller whose contact details are provided during the registration process, and shall contain:

  1. a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned;
  2. the name and contact details of the Data Processor’s data protection officer or another contact point where more information can be obtained;
  3. a description of the likely consequences of the incident; and
  4. a description of the measures taken or proposed to be taken by the Data Processor to address the incident including, where appropriate, measures to mitigate its possible adverse effects.

8. Contracting with Sub-Processors

8.1

The Data Controller authorizes the Data Processor to engage the sub-processors in the country locations for the Service-related activities specified as described in Section 1.4. Data Processor shall inform the Data Controller of any addition or replacement of such sub-processors giving the Data Controller an opportunity to object to such changes.

8.2

Notwithstanding any authorization by the Data Controller with the meaning of the preceding paragraph, the Data Processor shall remain fully liable vis-à-vis the Data Controller for the performance of any such sub- processor that fails to fulfill its data protection obligations.

8.3

The consent of the Data Controller pursuant to Article 8.1 shall not alter the fact that consent is required under Article 6 for the engagement of sub-processors in a country outside the European Economic Area without a suitable level of protection.

8.4

The Data Processor shall ensure that the sub-processor is bound by the same data protection obligations of the Data Processor under this Data Processing Agreement, shall supervise compliance thereof, and must in particular impose on its sub-processors the obligation to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of EU Data Protection Law.

8.5

The Data Controller may request that the Data Processor audit a sub-processor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer in obtaining a third-party audit report concerning the sub-processor’s operations) to ensure compliance with its obligations imposed by the Data Processor in conforming with this Data Processing Agreement.

9. Returning or Destruction of Personal Data

9.1

Upon termination of this Data Processing Agreement, upon the Data Controller’s written request, or upon fulfillment of all purposes agreed in the context of the Services whereby no further processing is required, the Data Processor shall, at the discretion of the Data Controller, either delete, destroy, or return all Personal Data to the Data Controller and destroy or return any existing copies.

9.2

The Data Processor shall notify all third parties supporting its own processing of the Personal Data of the termination of the Data Processing Agreement and shall ensure that all such third parties shall either destroy the Personal Data or return the Personal Data to the Data Controller, at the discretion of the Data Controller.

10. Assistance to Data Controller

10.1

The Data Processor shall assist the Data Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Data Controller’s obligation to respond to request for exercising the data subject’s rights under the GDPR.

10.2

The Data Processor shall assist the Data Controller in ensuring compliance with the obligations pursuant to Section 4 (Security) and prior consultations with supervisory authorities required under Article 36 of the GDPR taking into account the nature of processing and the information available to the Data Processor.

10.3

The Data Processor shall make available to the Data Controller all information necessary to demonstrate compliance with the Data Processor’s obligations and to allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller.

11. Liability and Indemnity

11.1

The Data Processor indemnifies the Data Controller and holds the Data Controller harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the Data Controller and arising directly or indirectly out of or in connection with a breach of this Data Processing Agreement and/or the EU Data Protection Law by the Data Processor. The Data Controller indemnifies the Data Processor and holds the Data Processor harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the Data Processor and arising directly or indirectly out of or in connection with a breach of this Data Processing Agreement and/or the EU Data Protection Law by the Data Controller.

12. Duration and Termination

12.1

This Data Processing Agreement shall come into effect on the date the Data Controller signs this Data Processing Agreement, which may be through electronic means.

12.2

Termination or expiration of this Data Processing Agreement shall not discharge the Data Processor from its confidentiality obligations pursuant to Article 3.

12.3

The Data Processor shall process Personal Data until the date of termination of the Service Agreement, unless instructed otherwise by the Data Controller, or until such data is returned or destroyed on instruction of the Data Controller.

13. Miscellaneous

13.1

In the event of any inconsistency between the provisions of this Data Processing Agreement and the provisions of the Service Agreement, the provisions of this Data Processing Agreement shall prevail.

13.2

This Data Processing Agreement is governed by the laws of the state of Nevada in the United States. Any disputes arising from or in connection with this Data Processing Agreement shall be brought exclusively before the competent court in Las Vegas, Nevada.

UK Data Processing Agreement

/about-zerobounce/data-processing-agreement-uk/

UK PDF Version: UK Data Processing Agreement

UK Data Processing Agreement

BETWEEN:

The company whose information has been provided as part of the registration process and who will electronically sign these Standard Contractual Clauses (hereinafter to be referred to as: the the “Data Exporter”),

AND

Hertza, L.L.C., a Nevada limited liability company, doing business as “ZeroBounce”, and having its principal place of business at 10 E. Yanonali St., Santa Barbara, California 93101 (hereinafter to be referred to as: the“Data Importer).

HEREBY AGREE AS FOLLOWS:

1. Definitions

For the purposes of the Clauses:

  1. ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘Commissioner’ shall have the same meaning as in the UK GDPR;
  2. ‘the data exporter’ means the controller who transfers the personal data;
  3. ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system covered by UK adequacy regulations issued under Section 17A Data Protection Act 2018 or Paragraphs 4 and 5 of Schedule 21 of the Data Protection Act 2018;
  4. ‘the sub-processor’ means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
  5. ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the UK;
  6. ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

2. Details of the Transfer

The details of the transfer and in particular the special categories of personal data where applicable are:

The Data Exporter will transfer personnel data to be processed by the Data Importer on computer servers located in the European Union. The categories of personal data to be processed includes: first name; last name; gender; city; state; country; Internet Protocol (IP) Address information; and email addresses. The types of data subjects whose information will be processed are individuals. The purposes for which the personal data will be processed include: validation of email lists for deliverability; and removal of known email complainers, abusers and spam traps from email address lists.

3. Third-Party Beneficiary Clause

  1. The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

  2. The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

  3. The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

  4. The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4. Obligations of the data exporter

The data exporter agrees and warrants:

  1. that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the Commissioner) and does not violate the applicable data protection law;
  2. that it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
  3. that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract;
  4. that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
  5. that it will ensure compliance with the security measures;
  6. that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not covered by adequacy regulations issued under Section 17A Data Protection Act 2018 or Paragraphs 4 and 5 of Schedule 21 Data Protection Act 2018;
  7. to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
  8. to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;
  9. that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses;
  10. that it will ensure compliance with Clause 4(a) to (i).

Clause 5. Obligations of the Data Importer

  1. to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  2. that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  3. that it has implemented the following technical and organisational security measures before processing the personal data transferred:

    ZeroBounce takes the following security measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access:

    • All Personal Data received hereunder will be stored and processed in the EU;
    • In addition to the above, ZeroBounce is an active participant in the EU-US and Swiss-US Privacy Shield Programs;
    • ZeroBounce has restricted access to four personnel members with the ability to directly access files containing personal information on ZeroBounce servers, each of whom have agreed to maintain the confidentiality of any personal information;
    • All data uploads and downloads sent between ZeroBounce and its customers flow through third party CloudFlare’s servers in the EU;
    • In addition to the above, CloudFlare is an active participant in the EU-US Privacy Shield Program;
    • The ZeroBounce support team does not have access to CloudFlare;
    • CloudFlare maintains its own security protections to block threats and limit abusive bots and crawlers. See https://support.cloudflare.com/hc/en-us/articles/205177068-Step-1-How-does-Cloudflare-work-
    • Any information that is uploaded by a ZeroBounce customer to ZeroBounce.net is transmitted via SSL through CloudFlare, and all files are stored in an encrypted file using a standard algorithm for protection of stored data defined by IEEE P1619 on ZeroBounce servers in the EU; and
    • If customer elects to receive files via email, such files shall be sent encrypted, with a password via a separate email.
  4. that it will promptly notify the data exporter about:

    (i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation;

    (ii) any accidental or unauthorised access; and

    (iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

  5. to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
  6. at the request of the data exporter to submit its data-processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the Commissioner
  7. to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
  8. that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
  9. that the processing services by the sub-processor will be carried out in accordance with Clause 11;
  10. to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6. Liability

  1. The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

  2. If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

    The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

  3. If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor shall be limited to its own processing operations under the Clauses.

Clause 7. Mediation and Jurisdiction

  1. The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:

    1. to refer the dispute to mediation, by an independent person or, where applicable, by the Commissioner;
    2. to refer the dispute to the courts in England and Wales.
  2. The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8. Cooperation with supervisory authorities

  1. The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.

  2. The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.

  3. The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

Clause 9. Governing Law

The Clauses shall be governed by the law of the Country of the United Kingdom in which the data exporter is established, namely England and Wales.

Clause 10. Variation of the Contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from (i) making changes permitted by Paragraph 7(3) & (4) of Schedule 21 Data Protection Act 2018; or (ii) adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11. Sub-Processing

  1. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.

  2. The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.

  3. The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the laws of the county of the United Kingdom where the exporter is established.

  4. The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

Clause 12. Obligation after termination

  1. The parties agree that on the termination of the provision of data-processing services, the data importer and the sub-processor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.

  2. The data importer and the sub-processor warrant that upon request of the data exporter and/or of the Commissioner, it will submit its data-processing facilities for an audit of the measures referred to in paragraph 1.

BY CLICKING THE “I HAVE READ THESE STANDARD CONTRACTUAL CLAUSES AND ACCEPT” BUTTON BELOW, YOU EXPRESSLY AGREE TO BE BOUND BY, AND STRICTLY ADHERE TO, ALL OF THE TERMS OF THESE STANDARD CONTRACTUAL CLAUSES. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THESE STANDARD CONTRACTUAL CLAUSES, DO NOT ACCESS OR USE ANY PART OF THE ZEROBOUNCE HOSTED SERVICE FROM THE UK. THE DATE OF THE STANDARD CONTRACTUAL CLAUSES IS THE DATE YOU ACCEPT.

Enterprise Plans

/about-zerobounce/enterprise-plans/

As your company grows, so does your need for powerful tools that can support your expansion. Our Enterprise plans offer you just the perfect mix of capacity, simplicity, and automation – so you can save resources and thrive.

Enterprise Plans: what’s in it for you

There are many things you need to juggle when running a large company, and we understand time is of the essence. One thing you won’t need to worry about is keeping your email databases up-to-date.

To accommodate our larger partners, we put together a set of exclusive benefits to help you scale and evolve with ease. Take a look at what you get access to once you activate your Enterprise Plans.

Designated Account Manager

When validating large batches of email addresses, you may need some guidance as to how you can make the most of our service. As soon as your Enterprise plan starts, we’ll assign one of our email validation experts to assist you. From discussing your technical needs to advising you on the ins and outs of the email verification process, your Account Manager will always be there for you.

Customer Solution Engineer

We strive to make email verification easy for you, and our platform allows you to clean your list in three easy steps: upload – validate – download. Should any complex issues arise, your Customer Solution engineer is hands-on. He or she knows our system in and out and is ready to troubleshoot any glitch. You’ll be up and running in no time.

Dedicated Customer Success Engineer

Let’s say you’ve validated your email list, got your results, and are ready to import your results back into your email service provider. Before you send a new email, take some time to understand your ZeroBounce report. If you’re not sure whether certain contacts are safe to use, your Customer Success engineer is there to answer any questions. He gathers feedback, shares it with the team, and together they offer the insight you need. Plus, you can reach out to your Customer Success engineer anytime to adjust your email verification strategy for the best results.

Pricing benefits

The more email addresses you verify, the less your pay for each validation – this is our overall pricing principle at ZeroBounce. However, companies that choose the Enterprise Plans receive unique pricing benefits. You validate a high number of contacts. Not only do we want you to enjoy your bonus services, but we work with you to find the most advantageous pricing plan for your business.

Custom agreements

We know how important is it for you to feel safe and protected while validating your email list with ZeroBounce. That’s why we take this mission seriously. Thanks to our custom agreements, you can rest assured that we protect your confidentiality.

SLA: 99.99% guaranteed uptime

When you have so many daily tasks to complete and goals to fulfill, you want to know you’re using the most reliable tools. With the ZeroBounce Service Level Agreement (SLA), you get 99.99% uptime on our email verification platform. You can count on us.

24/7 technical support

What customers love the most about ZeroBounce is the accuracy we guarantee on email validation. Their second favorite thing is that we offer 24/7 customer support. With the Enterprise Plans, all of your perks are accessible 24/7. Need your Account Manager or your Customer Success engineer? You can talk to them anytime and find a solution to any issue you may encounter while – or after – cleaning your list.

Email validation coaching

When it comes to email validation, even the savviest of email marketers run into unknown territory sometimes. Maybe you’re not sure what to do about the catch- all emails we discover in your list. Or perhaps you get some soft bounces and don’t know how to interpret the codes and how to handle them. Such situations can occur, and it gives you peace of mind knowing you have someone who will shed some light on these dilemmas. The Enterprise Plans come with free email validation coaching – just reach out and ask, we’ve got you covered.

Early BETA access to all new features

Just like you and your business, ZeroBounce is constantly evolving. We’re on a mission to perfect our service and offer you the best email validation and email deliverability platform. And you get to be a part of the journey.

Our developers and engineers are always working on a new product. As part of the Enterprise Plans, you get to test the BETA versions, share your feedback, and help us make ZeroBounce better for you. We grow together like we’ve been doing from day one.

Apart from all the above benefits, you have access to the features that make ZeroBounce a favorite of thousands of customers worldwide:

  • global content delivery network
  • unsurpassed data protection, with military-grade encryption on your files
  • our innovative A.I. email scoring and catch-all validation service
  • a powerful and reliable API that you can use either in bulk or in real time, for both email validation and email scoring
  • free deduplication: we remove duplicate email addresses from your database at no charge
  • email data appending: get missing information added to your list, such as your subscribers’ name, gender, and location.

Why should I get the Enterprise Plans?

If you’re on the fence about getting the Enterprise Plans, think about it this way: you could sign up for any of our subscriptions and enjoy all the great features ZeroBounce offers, at a set retail price. Or you could opt for a plan that gives you just what you need – and a bit more – at rates that are exclusive to you.

The Enterprise Plans are custom-made to provide you with all the tools and assistance you need, 365 days a year. Also, the enterprise-level features save you resources, allow you to delegate and automate, and help you increase productivity within your team. Finally, we can adjust your plan anytime to continuously support your growth.

What are the requirements for Enterprise Plans?

If you’re ready to start an Enterprise account, or switch from your existing subscription, reach out to us today. An account manager will meet with you and discuss your monthly service expectations.

Certifications and Accreditations

/about-zerobounce/certifications-and-accreditations/

From the time ZeroBounce was only a business idea, security was at the top of our minds. We wanted to create an accurate email verification service that would operate safely and fulfill the most advanced data protection standards.

Today, it gives our customers great peace of mind knowing that their data is in good hands while they can focus on restoring the quality of their email lists.

Take a look at the list of certifications and accreditations ZeroBounce received. They all confirm our dedication to protecting your files while you enjoy using our email verifier.

SOC2

SOC 2 is a report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Zerobounce was audited by a certified auditing firm and is proud to have successfully met the criteria of SOC 2 compliance effective March 31st, 2020.

SOC2 Certification: https://assureprofessional.com/certs/20596030.html
SOC2 Certification https://assureprofessional.com/certs/20596030.html
SOC2 Certification https://assureprofessional.com/certs/20596030.html

Cyber Smart Defence

ZeroBounce received a Cyber Smart Defence (CSD) certification in 2018 to safeguard our system from any potential security breaches. Created by world-class experts in cybersecurity, CSD ensures our email verification platform remains a safe space for partners and customers worldwide.

CSD mitigates cybersecurity issues for corporations such as Emirates Airlines and Carrefour. At ZeroBounce, CSD specialists run periodical IT security audits, penetration tests, and vulnerability assessments. Furthermore, our team participates in periodic training sessions with the CSD team to stay on top of the latest cybersecurity developments.

PCI Compliance

PCI stands for Payment Card Industry, which is a set of standards that ensures all online transactions involving credit cards are made safely. ZeroBounce adheres to PCI standards to protect customers’ data during the payment process on zerobounce.net.

We partner with world-class, well-respected cybersecurity companies to assess our systems on a monthly basis. These comprehensive tests focus on all aspects of our application. Ensuring all transactions take place safely and responsibly is paramount to us.

EU GDPR Compliance

The General Data Protection Regulation (GDPR) aims to improve data privacy laws across Europe and create a safer online environment for consumers worldwide. ZeroBounce became EU GDPR Compliant a few months before the new regulations came into force on May 25, 2018.

Our email list verification platform abides by all GDPR requirements, established by the European Parliament and the Council of the European Union. Following GDPR protocols ensures your data is safeguarded while you validate your email lists and make payments on our platform. ZeroBounce is committed to processing personal data that is subject to the GDPR in a lawful, fair, and transparent manner.

Our Data Protection Officer conducts regular assessments on ZeroBounce’s GDPR compliance. Moreover, a third-party security company runs monthly audits to confirm our ongoing commitment to your data privacy.

Privacy Shield Framework

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks are sets of regulations that provide companies with the mechanisms to transfer personal data securely during transatlantic commerce. The EU-US and Swiss-US Privacy Shield Programs require annual registration and re-certification.

ZeroBounce joined the Privacy Shield voluntarily and complies with the Framework’s requirements. These requirements revolve around privacy principles such as notice, access, choice, and accountability for onward transfer. As a data processor, ZeroBounce provides users with a secure upload mechanism and uses encryption ciphers for the email databases download process.

Since December 2017, our company has been an active participant in the EU-U.S. and Swiss-U.S. Privacy Shield Programs.

BBB Accredited Business

The Better Business Bureau (BBB) is an organization whose mission is to foster trust between businesses and consumers and to support best practices in the marketplace. The BBB sets standards that maintain and encourage good marketplace behavior and helps build a more transparent business community.

After careful evaluation by the BBB Board of Directors, the organization established that ZeroBounce meets BBB accreditation standards. Some of these standards include a positive track record in the marketplace, adherence to fair advertising and selling, and the honest representation of products and services.

Our company became a BBB Accredited Business in September 2017.

ZeroBounce has taken all necessary steps to renew each of these certifications and accreditations. Our team is collaborating with third-party experts who help us periodically assess our status and undertake thorough compliance measures.

BBB Certification
BBB Certification
https://www.zerobounce.net/images/pdf/BBBCertification.pdf