This Statement of Data Practices provides an overview of the way in which Zyme handles data received by Zyme in providing its channel data management solutions. In this Statement, "Vendors" are Zyme’s customers who are manufacturers of products and brand owners who contract with "Channel Partners" to distribute or resell their products.
Zyme provides channel data management solutions to Vendors by receiving and processing downstream sales and inventory information pertaining to Vendors’ products worldwide. This information is received in the form of Vendor-specific point of sale and inventory data and incentive claims from Channel Partners dealing in Vendor’s goods (collectively, "Transaction Data"). The Transaction Data may be transmitted directly by a Channel Partner to Vendors via a Vendor portal or other means, and passed through to Zyme by Vendor, or directly by a Channel Partner to Zyme, as a Vendor-authorized third party, via Zyme’s portal or other means. Through its SaaS solutions and associated services, Zyme performs data cleansing, enrichment, and analysis operations on Transaction Data to support Vendor’s business processes such as rebate payments, returns, logistics, channel operations, sales intelligence, and audit/compliance procedures. Zyme utilizes identifying information regarding product SKUs, serial numbers, locations, business entities downstream in the buying channel, etc., provided in Transaction Data, in conjunction with publically available information, and Zyme developed content, to provide identity-matching and data resolution services to Vendors, to help them better utilize the data.
Zyme understands the sensitive nature of Transaction Data and takes appropriate steps to protect Transaction Data in accordance with the standard of care determined by its contractual relationship with Vendor(s), but, in no event less than the degree of care it uses to protect its own confidential information.
Zyme maintains ISO 27001 compliance and takes appropriate security measures to protect against unauthorized access, alteration, disclosure or destruction of all forms of data it processes and holds. These measures include firewalls and encryption; internal controls and external audits of Zyme’s data collection, storage and processing practices, and security measures; as well as physical security measures to guard against unauthorized access to systems. Zyme limits information access to those persons in the organization who have a business need to process or handle such information. Zyme prohibits any of its employees from using any information it receives for purposes of trading in stock markets.