Privacy Policy

This is an important notice regarding your privacy and the way in which A & E Sistemas SA de CV (referred to as “Zumpul”, “we” or “us” in this policy) collects and makes use of your personal data. We want to be open and transparent with you, and therefore encourage you to contact us if you have any questions about this policy or the ways in which we use your personal data.

We take our privacy responsibilities seriously and are committed to protecting and respecting your privacy. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We abide by the following principles while processing your data:

This privacy notice will inform you of:

What information do we hold about you?

We may collect, store and use personal data about you (referred to throughout this privacy policy as personal information):

Types of Data collected

Google User data handling

Zumpul is designed as G Suite Marketplace application. We adhere to a set of best practices of secure enterprise application development defined by Google.

We use OAuth 2.0 for G Suite authentication and authorization.

Our application doesn't work with nor doesn't access any data in consumer Google accounts (

Our application is built with a single purpose: to allow companies with G Suite to centrally manage email signatures for users in their domain.

The list below contains all the scopes we use for API access to customer data. We also specify for what exact purpose we need it and as you can see, we often use only a small part of the granted access level.

View customer related information

View details (e.g., contact email, organization title etc) of the customer.

General information about a company like domain and address is used for initial setup of Company profile or timezone.

View group subscriptions on your domain

View details (e.g., memberships and roles) of group subscriptions in your domain

We currently don't load any Group related data, but functionality allowing signature assignment based on Group membership is under development.

View groups on your domain

View details (e.g., name, members) and metadata (e.g., login details) of groups on your domain

Same as the previous scope.

View organizational units on your domain

View metadata (e.g., name and description) of organizational units

We import organizational units as User Groups in Zumpul.

View and manage the provisioning of users on your domain

Provision and delete users on your domain, view and modify details (e.g., name, address, and phone number) and metadata (e.g., login details) of users on your domain

We use it only for read-only access to the list of users, user details, and OU membership. However, a functionality to sync user information back to G Suite Directory (which requires modifying user details) is under development.

View user schemas on your domain

View details (e.g., custom field names and types) of user schemas on your domain

We use this scope to load user contact information that is saved in custom schemas.

Manage your basic mail settings

View primary email address, view and manage primary Reply-To, display name and signature, view and manage vacation responder settings, view and manage filters, view and manage POP settings, view and manage IMAP settings, view forwarding settings, view mail delegates with access to your account, view "Send mail as" aliases

We use it only to load existing Send as addresses which is necessary to change users signatures using the following scope.  This is a required scope for an actual change of the signature. We need to update settings of the send as to change signatures.

View your email address

View the email address associated with your account

We use it for User identification.

View your basic profile info

View your full name, profile picture and profile URL View any publicly available information on your Google+ profile (if you have one or create one in the future)

We use it to load profile pictures for users.

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Generally we do not rely on consent as a legal basis for processing your personal data.

We have set out below a description of all the ways we plan to use personal data, the legal bases we rely on to do so, and whether we process that data as data controller or processor. We have also identified what our legitimate interests are where appropriate.

Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.


We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Retention of Data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your Legal Rights

Under certain circumstances, you have rights under the data protection laws in relation to your personal data.

If you wish to exercise any of the rights set out above, please contact


You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Policy Modifications

We may change this Privacy Policy from time to time. If/when changes are made to this privacy policy, we will email users who have given us permission to do so. We will post any changes here, so be sure to check back periodically. However, please be assured that if the Privacy Policy changes in the future, we will not use the personal information you have submitted to us under this Privacy Policy in a manner that is materially inconsistent with this Privacy Policy, without your prior consent.