Date of publication: 02.11.2021
This privacy policy ("Privacy Policy") seeks to explain how ZEBRA BI d.d. and its affiliates (“ZEBRA BI”, “Company”, “we”, "us", "our") use the data you give us through www.zebrabi.com ("Website") and Zebra BI for Power BI Custom Visual - Published ("Custom Visual") on Microsoft AppSource or Privately distributed. Your use of the Website, Custom Visual, or any submission of any information by you to the Website or Custom Visual (directly or indirectly) means that you agree that we may use that data submitted by you in accordance with this Privacy Policy.
At ZEBRA BI d.d. we are aware of the importance of personal data protection. As the controller of personal data, we handle the collected personal data responsibly and in accordance with the applicable regulations in the field of personal data protection, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”, “GDPR”), other applicable regulations on the protection of personal data and our internal acts. In order to implement the principle of fair and transparent processing, we have prepared this Personal Data Protection Policy (“Privacy Policy”), which enables individuals to obtain all relevant information relating to their personal data when using our website https://zebrabi.com/.
The "provider", "website owner", "Custom Visual owner" and "personal data controller" (jointly the "Controller") of https://zebrabi.com/ as defined by the GDPR and other applicable regulations on the protection of personal data is:
Company: ZEBRA BI informacijske rešitve d.d.
Registered seat: Pot za Brdom 104, 1000 Ljubljana, Slovenia
Company ID: 6629997000
VAT ID: SI 35190108
The seat of incorporation: Republic of Slovenia
For all questions and assistance in exercising the rights of individuals, we have appointed a contact center for personal data protection that can be reached via the e-mail address at: support@zebra.bi or via regular post addressed to our Registered seat: ZEBRA BI d.d., Pot za Brdom 104, 1000 Ljubljana, Slovenia with the annotation “Protection of Personal Data”.
The “User” of our website or Custom Visual is any person who uses the website https://zebrabi.com/ and any of the associated websites of Zebra BI d.d. as a visitor or uses Custom Visuals developed by Zebra BI and published on Microsoft AppSourse or Privately distributed.
Personal data is any data that can be used to directly or indirectly identify an individual. A natural person is identifiable directly or indirectly, in particular by providing an identifier, such as name, identification number, location data, web identifier, or by specifying one or more factors specific to the natural person. Depending on the circumstances of each case, we may collect and process the following personal data:
Apart from the user information content you voluntarily share by signing up or authenticating via a 3rd Party Authentication Provider, no other information is collected or aggregated in the Custom Visual and transmitted to our servers. We do not log any actions, events, or data being managed or visualized within the Custom Visual involuntarily.
We are committed to protecting the data you share with us. Zebra BI uses a combination of industry-standard security technologies, procedures, and organizational measures to help protect your data from unauthorized access, use, or disclosure. Company supports online security using secure server technology because we want your data to be safe. We bind our employees and data processors to observe your privacy and confidentiality rights.
We collect and process personal data for the purpose of fulfilling contractual obligations pursuant to Article 6(1), lit. b GDPR or under the equivalent article under other national laws, when applicable. Processing when necessary to fulfill contractual obligations includes processing the personal data of the contracting parties (e.g. employment contracts, employment contracts, company contracts, sales contracts, etc.) and possibly collecting and processing personal data of external contractual collaborators. Personal data required for the fulfillment of contractual obligations (in particular data on date of birth, gender, tax number, contact details, residence data, transaction account data, profession, education, registration number, data on submitted personal documents, and other submitted documents or those personal data necessary for the purpose of the legal relationship) is collected exclusively to the minimum extent permitted for the individual purpose. The stated data is also collected and processed in the phase of concluding agreements, negotiations, responding to your related inquiries, processing your feedback, or providing you with support. We keep several records of personal data processing activities, which show the types of personal data, the purposes of their processing, the basis for collection and processing, retention periods, access to data, etc.
We collect and process personal data in order to ensure compliance. Our products, technologies, and services are subject to export laws of various countries including, without limitation, those of the European Union and its member states, and of the United States of America. You acknowledge that pursuant to the applicable export laws, trade sanctions, and embargoes issued by these countries, we are required to take measures to prevent entities, organizations, and parties listed on government-issued sanctioned-party lists from accessing certain products, technologies, and services through our website or other delivery channels controlled by us. This could include (i) automated checks of any User registration data as set out herein and other information a User provides about his or her identity against applicable sanctioned-party lists; (ii) regular repetition of such checks whenever a sanctioned-party list is updated or when a User updates his or her information; (iii) blocking of access to SAP’s services and systems in case of a potential match; and (iv) contacting a User to confirm his or her identity in case of a potential match. Any such use of your personal data is based on the permission to process personal data in order to comply with statutory obligations (Article 6 para. 1 lit. c GDPR or the equivalent articles under other national laws, when applicable) and our legitimate interest (Article 6 para. 1 lit. f GDPR or the equivalent articles under other national laws, when applicable).
We collect and process personal data based on our legitimate interest pursuant to Article 6 para. 1 lit. f GDPR or the equivalent article under other national laws, when applicable, such as for the purpose of preventing or prosecuting criminal activities (e.g. fraud and to assert or defend against legal claims). When processing personal data based on our legitimate reason, we always weigh the interests of individuals for such processing and our interests as Controllers to determine, whether the interests and fundamental rights of individuals prevail over our interests, to which personal data relate and which require the protection of personal data. In particular, during processing, we respect the principle of minimum data use, whereas personal data has to be relevant and limited to what is necessary for the purposes for which they are processed.
We also collect and process personal data, if you granted prior consent of your personal data in accordance with Article 6(1) lit. a GDPR or the equivalent article under other national laws, when applicable. Processing based on the consent of individuals is conducted for the purpose of direct marketing of our services and products, e.g. for informing about novelties of our services and products, responding to your related inquiries, processing your feedback, or providing you with support via e-mail, telephone or regular mail.
You may at any time withdraw a consent granted hereunder by “unsubscribing”. In case of withdrawal, we will not process personal data subject to this consent any longer unless legally required to do so. In case we are required to retain your personal data for legal reasons, your personal data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on the past processing of personal data by us up to the point in time of your withdrawal. Furthermore, if your use of our offering requires your prior consent, we will not be able to provide the relevant service or offer to you after your revocation. For more information regarding the processing of personal data based on consent, you may contact our contact center for personal data protection that can be reached via the e-mail address at: support@zebra.bi or via regular post addressed to our Registered seat: ZEBRA BI d.d., Pot za Brdom 104, 1000 Ljubljana, Slovenia with the annotation “Protection of Personal Data”.
In addition to ZEBRA BI, the personal data of individuals is also processed by external processors, in particular accounting. In that events, we have concluded an appropriate written agreement on the processing of personal data or a similar agreement in terms of content. We provide personal data to other users of personal data if so required under applicable legislation if there is a legitimate interest or if we have the consent of the individual.
We do not transfer the collected personal data to third countries. In the event that we have transferred the personal data of an individual to third countries, we will ensure the provision and implementation of appropriate measures to ensure the security of personal data and the fundamental rights and freedoms of individuals, in accordance with applicable legislation.
An individual may address a written request to the contact center for personal data protection that can be reached via the e-mail address at: support@zebra.bi or via regular post addressed to our Registered seat: ZEBRA BI d.d., Pot za Brdom 104, 1000 Ljubljana, Slovenia with the annotation “Protection of Personal Data”, to provide the following information regarding the collection and processing of personal data, namely the individual has the following rights:
We will provide the individual with the requested information upon written request without undue delay and in any case within 1 (one) month of receiving the request. This period may be extended, if necessary, by a maximum of 2 (two) additional months, taking into account the complexity and number of requirements. We shall notify the individual of such an extension within 1 (one) month of receiving the request, together with the reasons for the delay. The information provided in this way is provided to the individual free of charge. Where the individual’s requests are manifestly unfounded or excessive, in particular, because they are repeated, we may charge the individual a fee or refuse to act on the request.
We will only retain your personal data for the needs in accordance with the conditions and for the purposes defined in this Privacy Policy. Personal data is stored on our website and in case of further processing and communication with the User in other databases of the Controller.
The retention period of personal data may vary depending on the applicable legislation (i.e. mandatory law). In the event that the applicable legislation sets mandatory time limits for the storage of personal data, we shall delete personal data after the expiry of the mandatory time limit prescribed by applicable legislation. We shall also delete, destroy, block or pseudonymize personal data after the purpose of processing has been fulfilled, unless the applicable legislation provides otherwise.
Zebra BI is committed to ensuring that your identifiable and non-identifiable personal information is secure. We have put in place suitable physical, electronic and managerial procedures to prevent unauthorized access, modification, disclosure, or loss of your identifiable personal information. However, Zebra BI may disclose personally identifiable information under special circumstances, such as to comply with subpoenas when a users actions may violate this privacy policy and the Terms of Service. Additionally, we are not responsible for any breach of security or actions undertaken by any third parties that receive the information.
If you believe that your personal data is processed in contravention of applicable regulations governing the protection of personal data, you have the right to lodge a complaint with the competent state authority:
State Authority: Information Commissioner of the Republic of Slovenia
Address: Dunajska cesta 22, 1000 Ljubljana, Slovenia
Contact:
T: +386 1 230 97 30
E: gp.ip@ip-rs.si
W: https://www.ip-rs.si/
ZEBRA BI’s website https://zebrabi.com/ uses cookies in order to provide online services, advertising systems, and functionalities that it would not be able to provide without cookies. By visiting and using the website, the User of the website agrees to cookies, and express their consent by clicking on an empty field for a particular purpose of data processing.
A cookie is any information that a website sends to the User's browser, which then stores it in the User's system. A cookie allows a website to remember information about the User's settings until the User closes the current browser window (if the cookie is temporary) or until the cookies are disabled or deleted. Cookies are essential to provide User-friendly online services. The most common e-commerce features would not be possible without cookies. The interaction between the User and the website is faster and easier with the help of cookies. With their help, the website remembers the individual's preferences and experiences, which saves time and makes browsing the website more efficient.
If the User of the website wants to change the way cookies are used in the browser, including blocking or deleting, he can do so by changing the browser settings accordingly. Cookies stored by the browser can be deleted by the User. The process for managing and deleting cookies varies from browser to browser. The User can find more detailed information on how to delete cookies on the website of the browser he is using.
Our website uses the following cookies:
Necessary cookies
Help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Duration: 13 months
Analytics cookies
These cookies help us to understand how visitors engage with the website. We may use a set of cookies to collect information and report site usage statistics. In addition to reporting site usage statistics, data collected may also be used, together with some of the advertising cookies described, to help show more relevant ads across the web and to measure interactions with the ads we show.
Duration: 13 months
Functionality cookies
We use a set of cookies that are optional for the website to function. They are usually only set in response to information provided to the website to personalize and optimize your experience as well as remember your chat history.
Duration: 13 months
Marketing cookies
We use cookies to make our ads more engaging and valuable to site visitors. Some common applications of cookies are to select advertising based on what’s relevant to a user; to improve reporting on ad campaign performance, and to avoid showing ads the user has already seen.
Duration: 13 months
Zebra BI reserves the right, in its discretion, to change, modify, add to, or remove portions of this Privacy Policy (collectively, “Changes”), at any time. Zebra BI will notify you of Changes by posting a revised version of this Privacy Policy incorporating the Changes to its website. Your continued use of the website or Custom Visual following notice of the Changes will mean that you accept and agree to the Changes. Such Changes will apply prospectively beginning on the date the Changes are posted to the website.
END OF PRIVACY POLICY
Date of publication: 02.11.2021
This privacy policy ("Privacy Policy") seeks to explain how ZEBRA BI d.d. and its affiliates (“ZEBRA BI”, “Company”, “we”, "us", "our") use the data you give us through Zebra BI for Excel and Zebra BI Visuals for Microsoft Power BI (jointly "Custom Visuals") published on Microsoft AppSource or Privately distributed. Your use of Custom Visuals or any submission of any information by you to Custom Visuals (directly or indirectly) means that you agree that we may use that data submitted by you in accordance with this Privacy Policy.
Please read this Policy before using Custom Visuals. If you do not want your information to be processed by Custom Visuals, please do not use Custom Visuals and/or provide it to us.
The "Custom Visuals" as described in this Policy apply to any of the visuals from the following list of Custom Visuals developed by Zebra BI:
Apart from the user information content you voluntarily share by signing up or authenticating via a 3rd Party Authentication Provider, no other information is collected or aggregated in the Custom Visual and transmitted to our servers. We do not log any actions, events, or data being managed or visualized within the Custom Visual involuntarily.
Custom Visuals provided by Zebra BI use information that is provided through either the Microsoft Power BI platform or Office 365 platform and/or application to convert it into a visual representation. The process of transformation is executed in the memory of the device that the user is using. Custom Visuals are not storing, sending, and/or reusing your Data for any other purpose than rendering the interactive visualizations in your Microsoft Power BI platform and/or Excel instance.
Your data is never transferred/shared with other parties by Custom Visual.
Custom Visuals do not collect any personal information and do not store it.
We are committed to protecting the data you share with us. Zebra BI uses a combination of industry-standard security technologies, procedures, and organizational measures to help protect your data from unauthorized access, use, or disclosure. Zebra BI supports online security using secure server technology because we want your data to be safe. We bind our employees and data processors to observe your privacy and confidentiality rights.
You are liable for the appropriate use of Custom Visuals. All copyrights in or to the Custom Visual are owned by Zebra BI. If any provision of the Policy is held invalid or unenforceable by a court of competent jurisdiction, the remaining provisions will remain in full force and effect, and such invalid or unenforceable provisions or portion thereof will be deemed omitted. This Policy is governed by and construed in accordance with the laws of the Republic of Slovenia, and the courts of the Republic of Slovenia will have exclusive jurisdiction to adjudicate any dispute arising under or in relation to the Policy.
Should you have any questions about this Policy, the privacy aspects of our Software and/or Services, or would like to submit any request, please contact us:
ZEBRA BI d.d.
Pot za Brdom 104, 1000 Ljubljana, Slovenia
Email: support@zebrabi.com
Zebra BI reserves the right, in its discretion, to change, modify, add to, or remove portions of this Privacy Policy (collectively, “Changes”), at any time. Zebra BI will notify you of Changes by posting a revised version of this Privacy Policy incorporating the Changes to its website. Your continued use of Custom Visuals following notice of the Changes will mean that you accept and agree to the Changes. Such Changes will apply prospectively beginning on the date the Changes are posted to the website.
END OF PRIVACY POLICY
Date of publication: 28.9.2021
The sole "website owner" and "operator" (jointly "ZEBRA BI", “Company”, “We”) of https://zebrabi.com/ and associated websites is:
Company: ZEBRA BI informacijske rešitve d.d.
Registered seat: Pot za Brdom 104, 1000 Ljubljana, Slovenia
Company ID: 6629997000
VAT ID: SI 35190108
Seat of incorporation: Republic of Slovenia
Access to and use of the website are subject to this Terms of use for ZEBRA BI’s website (“Terms of use”), applicable legislation and other regulations referred to in this Terms of use.
The website, including all content and publications, is for informational purposes only. ZEBRA BI does not assume any responsibility for any damage resulting from the use of the website or the content on it. ZEBRA BI carefully and diligently strives to ensure that the content published on the website shows the current and true situation but does not assume any responsibility for any linguistic or content deficiencies, the accuracy of information, technical or other errors, occasional website malfunctions or insufficiently updated content on the site. As there are certain links on the website to other, external websites that are not directly associated with ZEBRA BI, we do not assume any responsibility for the content obtained through external websites, as well as for the protection of personal data and respect for privacy on these websites.
The User of the website (the “User”) is any individual who uses this website and associated websites of ZEBRA BI as a registered or unregistered visitor. Use of the website means that the User agrees to this Terms of use and, as a User of the website, has been previously clearly and comprehensively acquainted with this Terms of use.
ZEBRA BI is the sole owner of all intellectual property rights and copyrights in the broadest sense over the copyrighted content published on the website. Any further reproduction, distribution, modification, public display and broadcasting or other forms of use of copyrighted work, copyrighted content and logo without prior knowledge or permission of ZEBRA BI are prohibited. The website is also not allowed to be used in any connection between the User and ZEBRA BI that does not exist. In the event that the User uses a link to the website in a way that is contrary to this Terms of use or applicable law, ZEBRA BI may request the immediate cessation of use of the website or its link. Users may use the content on the website solely for their private use, and the content may be used in a manner consistent with applicable legislation and without prejudice to our good name, reputation or business. ZEBRA BI and the authors of the content are not responsible for any harmful consequences of further private use.
ZEBRA BI constantly strives to protect personal data and ensure privacy. We handle the personal data you entrust us with in accordance with applicable regulations in the field of personal data protection, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”, “GDPR”), other applicable regulations on the protection of personal data and our internal acts. More information on the processing of personal data and the protection of privacy is available in our Privacy Policy.
Zebra BI reserves the right, in its discretion, to change, modify, add to, or remove portions of this Terms of use (collectively, “Changes”), at any time. Zebra BI will notify you of Changes by posting a revised version of this Terms of use incorporating the Changes to its website. Your continued use of the website following notice of the Changes will mean that you accept and agree to the Changes. Such Changes will apply prospectively beginning on the date the Changes are posted to the website.
These Terms of use and any claims arising out of or relating to this Terms of use and its subject matter shall be governed by and construed under the laws of the Republic of Slovenia, without reference to its conflicts of law principles. In the event of any conflicts between foreign law, rules, and regulations, and Slovenia law, rules, and regulations, Slovenian law, rules, and regulations shall prevail and govern, and the parties hereby submit to the exclusive jurisdiction of the Slovenian Courts.
For all questions and assistance to Users, we have appointed a contact centre that can be reached via e-mail address at: support@zebra.bi or via regular post addressed to our Registered seat: ZEBRA BI d.d., Pot za Brdom 104, 1000 Ljubljana, Slovenia.
END OF TERMS OF WEBSITE USE
Date of publication: 26.1.2024
This End-user License Agreement (“EULA” or the “Agreement”) applies between ZEBRA BI d.d. (“ZEBRA BI”, “Company”, “We”) and you (the “Licenses”, “End-user”, “you”), whereas you accept all these terms and conditions for licensing ZEBRA BI product(s) hereunder, which may include associated software components, media, printed materials, and “online” or electronical documentation (collectively, the “Software Product”).
By using the Software product in any manner, you are bound by this Agreement, as well as any terms incorporated by reference in this Agreement. If you are accepting this Agreement on behalf of a company, organization, government, or other legal entity, you represent and warrant that (i) you are authorized to do so, (ii) the entity agrees to be legally bound by this Agreement, and (iii) neither you nor the entity are barred from using the Software product or accepting this Agreement under the laws of the applicable jurisdiction. This Agreement is enforceable against you and any entity that obtained the Software product and, on whose behalf, they were used. IF YOU DO NOT HAVE SUCH AUTHORITY OR IF YOU DO NOT WISH TO BE BOUND TO THIS AGREEMENT DO NOT USE THE SOFTWARE PRODUCT.
This Agreement governs your use of the Software product. Except as otherwise specified, this Agreement does not apply to Third-Party Products, which are governed by their own terms and conditions.
“ZEBRA BI” means the ZEBRA BI entity with which you are entering into this Agreement. If you have previously entered into an agreement with a ZEBRA BI entity, then “ZEBRA BI” means that entity. If you have not previously entered into an agreement with a ZEBRA BI entity, then “ZEBRA BI” means the entity identified in the following:
Company: ZEBRA BI informacijske rešitve d.d.
Registered seat: Pot za Brdom 104, 1000 Ljubljana, Slovenia
Company ID: 6629997000
VAT ID: SI 35190108
Seat of incorporation: Republic of Slovenia
“Business Partner”
means a legal entity or individual that requires access to the Software product in connection with Licensee’s internal business operations, such as suppliers, distributers or customers of Licensee.
“Confidential Information”
means, with respect to Licensee: Licensee’s marketing and business plans and/or financial information, and with respect to ZEBRA BI: (A) the Software product and other ZEBRA BI materials, including without limitation the following information regarding the Software product: (i) computer software codes, programming techniques and programming concepts, methods of processing, system designs embodied in the Software product; (ii) benchmark results, manuals, program listings, data structures, flow charts, logic diagrams, functional specifications, file formats; and (iii) discoveries, inventions, concepts, designs, flow charts, documentation, product specifications, application program interface specifications, techniques and processes relating to the Software product; and (B) product offerings, product pricing, product availability, technical drawings, algorithms, processes, ideas, techniques, formulas, data, schematics, trade secrets, know-how, improvements, marketing plans, forecasts and strategies. In addition, Confidential Information of either ZEBRA BI or Licensee (the party disclosing such information being the “Disclosing Party”) includes information which the Disclosing Party protects against unrestricted disclosure to others that (i) the Disclosing Party or its representatives identifies as confidential at the time of disclosure; or (ii) should reasonably be understood to be confidential given the nature of the information and the circumstances surrounding its disclosure; including, without limitation, information from, about or concerning any third party that is disclosed under this Agreement.
“Designated User/s”
means the identified quantity of users, including employees, internal or external collaborators and other business partners of the End-user/ Licensee that are agreed upon in EULA Order Form or otherwise approved by the parties as appropriate for Use of the Software product.
“Effective date”
means the effective date set out in this Agreement or EULA Order Form as “Effective date”. In the event that the Licensee has not concluded an EULA Order Form with ZEBRA BI or the Effective date is not set out in this Agreement, the Effective date should mean the date that the Software product is made available by ZEBRA BI to Licensee in accordance with required steps, as described on ZEBRA BI’s Website.
“EULA”
means this “End-user License Agreement” executed between ZEBRA BI and Licensee for the purchase of License to use the Software product as well as any terms incorporated by reference in this Agreement.
“EULA Order Form”
means the “EULA Order Form” that is executed between ZEBRA BI and Licensee and is incorporated by reference to this Agreement and governed by the terms of this Agreement.
“Intellectual Property Rights”
means patents of any type, design rights, utility models or other similar invention rights, copyrights, mask work rights, trade secret or confidentiality rights, trademarks, trade names and service marks and any other intangible property rights, including applications and registrations for any of the foregoing, in any country, arising under statutory or common law or by contract and whether or not perfected, now existing or hereafter filed, issued, or acquired.
“Keycode”
means a password protected member account, generated by ZEBRA BI, which grants the Licensee access to the Software product.
“Licensee”
means the end-user who is further identified in this Agreement as the “End-User”, to whom this Agreement, as well as any terms incorporated by reference in this Agreement, apply.
”Party” or “Parties”
mean Licensee and/or ZEBRA BI.
“Software product”
means either:
(i) ZEBRA BI visuals for Power BI;
(ii) ZEBRA BI Charts;
(iii) ZEBRA BI Tables;
(iv) ZEBRA BI Cards;
(v) ZEBRA BI Tables for Office;
(vi) ZEBRA BI Charts for Office; and
(vii) other Software products offered by ZEBRA BI and agreed upon between the parties in EULA Order Form;
depending on which Software product the Licensee has purchased under this Agreement and EULA Order Form, as well as corresponding online electronic documentation, associated media and printed materials, including the source code (where applicable), example programs and the documentation, licensed to the Licensee under this Agreement. Software product does not include Third-Party products.
“Subscription”
means the subscription-based model of Software product purchase with automatically renewal at the end of each subscription period, as determined in this Agreement or EULA Order Form.
“Third-Party product”
means any third-party information, website, product, service, or materials referenced in, accessible through, or provided in connection with, the Website or Software product.
“Use”
means to, directly or indirectly, activate the processing capabilities of the Software product, install, execute, access, employ the Software product, or display information resulting from such capabilities.
"Use Tracking"
"Website"
means ZEBRA BI’s possibility to track, monitor, collect and analyse Licensee’s Use of the Software product for Office (including Software products Zebra BI Charts for Office and Zebra BI Tables for Office), as determined in this Agreement.
means ZEBRA BI website located at www.zebrabi.com (including all associated internet country codes), together with all ZEBRA BI websites and webpages accessible there.
The use of the singular in capitalized terms also includes the plural and vice versa. The use of either gender in capitalized terms also includes others. The headings, paragraphs and highlights in this Agreement are intended for convenience only and do not affect the very interpretation of this Agreement and have no legal or contractual effect. This Agreement will be interpreted without application of any strict construction in favour of or against you or ZEBRA BI.
Software product is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. All of the ZEBRA BI’s Intellectual Property Rights are and shall remain the exclusive property of ZEBRA BI respectively. The Software product is licensed, not sold. ZEBRA BI is willing to grant the Licensee a right to use Software product pursuant to this Agreement and/or EULA Order Form.
Subject to Licensee’s compliance with this Agreement and/or EULA Order Form, ZEBRA BI grants to Licensee a non-exclusive, non-transferable, subscription-based license to Use the Software product at specified site(s) to run Licensee’s internal business intelligence operations, unless terminated in accordance with this Agreement. ZEBRA BI grants the Licensee a right to install and use copies of the Software product by Designated users on its computer and in cloud service running a validly licensed copy of the Microsoft Power BI application and/or Power BI service and/or Microsoft Office for which the Software product were designed (e.g. “Power BI Desktop”, “Power BI Desktop Optimized for Report Server”, “Power BI Service”, “Power BI mobile app for Android or iPhone”, “Microsoft Excel”, “Microsoft PowerPoint”, etc.).
ZEBRA BI may generate and make available to the Licensee a Keycode that will allow the Licensee/s Designated users to access and Use the Software product. The license to Use the Software product is embedded into the Keycode and Software product itself and is valid for Designated users (i.e. quantity of Licensee’s Designated users as agreed upon in EULA Order Form or as selected by the Licensee). Licensee agrees that the Use of Software product will only be made available for Designated users and installed on devices in direct possession of the Licensee. Licensee must comply with all applicable laws and regulations regarding the Use of Software product, including domestic and international export legislation that applies to the Software product. The use of the Software product may be permitted to Licensee’s Business Partners only through screen access, solely in conjunction with the Licensee’s Use, and may not be used to run any of Business Partner’s business operations.
Licensee is permitted to back up data in accordance with good information technology practice and for this purpose to create the necessary backup copies of the Software product. Backup copies on transportable discs or other media devices must be determined as backup copies and bear the same copyright and authorship notice as the original media devices, unless technically infeasible.
It is technically possible to add automation and embed the Software product’s functionality into another products or service. Adding or embedding the Software product’s functionality is compliant with this Agreement, if: (i) the added automation or embedding does not exceed the quantity of agreed upon Designated users; (ii) the added automation or embedding is conducted in accordance with Software product’s Use restrictions under this Agreement or EULA Order Form.
ZEBRA BI may allow End-users to Use the Software product in object-code form only, for a determined trial period and solely for the purpose of allowing End-users to evaluate the Software product. By applying for a trial use, fulfilling the trail use form, clicking the “I agree” button or otherwise accessing or Using the Software product, End-users are bound by this Agreement as well as any terms incorporated by reference in this Agreement and confirm that they have read and understood this Agreement. The trial use shall commence on the date the Software product is made available by ZEBRA BI to End-users and will automatically terminate upon expiration of the determined trial period. Upon expiration or termination of the trial use, the granted license for Software product shall immediately terminate and the End-user shall irretrievably destroy the Software product.
Licensee may request and ZEBRA BI may provide support services related to the Software product (“support services”). All support services shall be considered as a part of the Software product and are subject to this Agreement and EULA Order Form. Support services are charged in accordance with ZEBRA BI’s price list and agreed upon in EULA Order Form.
Except as permitted and non-excludable under applicable law, this Agreement or EULA Order Form, the Licensee will not, directly or indirectly (i) reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of / or included in the Software product, documentation or data related to the Software product; (ii) modify, translate or create derivative works based on Software product; (iii) copy (except for archival purposes or in accordance with this Agreement distribute, lease, pledge, assign, sublicense or otherwise transfer or encumber rights to the Software product; (iv) distribute or publish Keycodes; (v) Use the Software product for timesharing or service bureau purposes or otherwise for the benefit of a third party; (vi) or remove any proprietary notices, labels; (vii) make any Use of or perform any acts with respect to Software product other than as expressly permitted in accordance with this Agreement or EULA Order Form.
ZEBRA BI shall be permitted to audit the Use of Software product by the Licensee in its sole discretion, which may include on-site and/or remote audits. Licensee shall reasonably cooperate in the conduct of such audits. In the event an audit reveals that the Licensee underpaid license fees and or ZEBRA BI’s support services, the Licensee shall pay such underpaid fees based on ZEBRA BI’s price list and terms and conditions in effect at the time of the audit. In the event an audit reveals that the Licensee has Used the Software product in excess (i.e. has exceeded the agreed upon quantity of Designated users in EULA Order Form or as selected by Licensee), the Licensee shall pay such excess Use of Software product based on ZEBRA BI’s price list and terms and conditions in effect at the time of the audit, and shall execute an additional EULA Order Form to affect the required licensing of any excess Use of Software product. ZEBRA BI may delegate or request an internal / external collaborators or other business partner to perform such an audit.
Licensee acknowledges that ZEBRA BI may collect information on Licensee’s Use of the Software product for Office, including Personal Information, and may use such Personal information: (i) to modify, improve, or enhance the Software product for Office or Licensee’s ability to access and Use the Software product for Office; (ii) to provide the Licensee with better support services, including understanding of the Use of Software product for Office; (iii) to maintain and promote contact with the Licensee, including managing relationships and marketing; (iv) to ensure compliance with applicable legislation; (v) for the purposes of legitimate interests pursued by ZEBRA BI in accordance with applicable legislation, except where such interests are overridden by the interests of fundamental rights and freedoms of the Licensee; or (vi) for a secondary purpose where it is closely related, such as storing, deleting or anonymizing Personal information and statistical, historical or scientific research. Use Tracking is subject to Confidentiality obligations under this Agreement and ZEBRA BI does not track, monitor, collect or analyze any Confidential Information of the Licensee used or inputted for visualization in the Software product for Office. Use Tracking is turned on by default and the Licensee may contact ZEBRA BI’s support team to opt-out of Use Tracking, whereas the Licensee cannot opt-out of Use Tracking for the purpose of modifying, improving, or enhancing the Software product for Office or Licensee’s ability to access and Use the Software product for Office.
ZEBRA BI will invoice and Licensee will pay in advance annual fees for Use of Software product during the duration of Subscription as set forth in EULA Order Form or in accordance with the subscription rate the Licensee has selected. Annual fees shall include the price of the Software product Use for Designated users (i.e. quantity of Licensee’s Designated users as agreed upon in EULA Order Form or as selected by Licensee). Unless otherwise specified in EULA Order Form, Licensee shall pay annual fees in advance upon receipt of invoice or payment by credit card, if enabled by ZEBRA BI. Payment by credit card shell be subject to the conditions separately agreed upon between ZEBRA BI and the payment provider.
ZEBRA BI will not modify the annual fees charged to Licensee during each Subscription year (i.e. during a period of one year), unless otherwise specified in EULA Order Form. Upon the expiration of each Subscription year (i.e. at the beginning of each renewal term), ZEBRA BI may increase annual fees by an amount that does not exceed 5% of the fees the Licensee has selected or as set forth in EULA Order Form, unless otherwise specified in EULA Order Form. Licensee acknowledges that the annual fees are subject to change in accordance with this Agreement and agrees to pay applicable annual fees in advance, unless this Agreement and/or EULA Order Form is terminated.
All withholdings, value added tax (“VAT”), Sales and other taxes or other contributions required by applicable legislation, if any, resulting from the payments made to ZEBRA BI pursuant to this Agreement will be the sole responsibility of Licensee, and Licensee will be responsible for paying any such VAT, sales, use, excise and other taxes relating to its receipt of the Software Product this Agreement. A failure on ZEBRI BI’s part to invoice Licensee for any applicable taxes does not relieve Licensee of the liability to pay such taxes, and Licensee must pay to the applicable taxing authority any such taxes which may be due as a result of your purchase.
In the event that a currency conversion takes place, Licensee agrees that it will be completed at the transaction exchange rate set for the relevant currency exchange. The transaction exchange rate is adjusted regularly and includes a currency conversion spread applied and retained by payment providers on the base exchange rate to form the rate applicable to Licensee’s conversion.
This Agreement, jointly with rights and obligations arising hereunder, shall become effective as of the Effective date and shall continue in effect thereafter unless this Agreement or EULA Order Form are terminated. The Software product will be made available for Use to the Licensee for the duration of Subscription as determined in EULA Order Form or as selected by the Licensee. This Agreement will automatically terminate upon the termination of EULA Order Form. This Agreement can also be terminated, without prejudice to rights hereunder, in accordance with the following: (i) the Licensee may terminate this Agreement for any reason, but only after payment of all fees then due and owing to ZEBRA BI, with a written notice with at least a 30-day notice period; (ii) ZEBRA BI may immediately terminate this Agreement, jointly with a termination of EULA Order Form, in the event of Licensee’s material breach of any provisions of this Agreement, including Licensee’s failure to pay any fees due and owed to ZEBRA BI, Licensee’s bankruptcy, insolvency or other assignment for the benefit of creditors. For the avoidance of any doubt, termination of this Agreement shall strictly apply to all Software product under this Agreement and/or EULA Order Form, their appendices and other binding documents. Partial terminations of this Agreement by Licensee shall not be permitted in respect of any part of this Agreement and/or EULA Order Form, their appendices and other binding documents. Termination of this Agreement results in automatic termination of EULA Order Form.
Upon termination of this Agreement by either party for any reason or expiration of Licensee’s Subscription: (i) ZEBRA BI will cease to make available the Use of Software product and the Licensee will cease Use of all Software products; (ii) Licensee shall irretrievably destroy or upon ZEBRA BI’s request deliver to ZEBRA BI all copies of the documentation and Confidential Information in every form, except to the extent it is legally required to keep it for a longer period in which case such return or destruction shall occur at the end of such period; (iii) upon request, Licensee shall be entitled to a refund for any months that the Software product was not used, but paid in advance, unless in the event of Licensee’s material breach of any provisions of this Agreement, including Licensee’s failure to pay any fees due and owed to ZEBRA BI, Licensee’s bankruptcy, insolvency or other assignment for the benefit of creditors; and (iv) any fees owed to ZEBRA BI will immediately become due and payable in full (i.e. termination shall not relieve Licensee from its obligation to pay fees that remain unpaid). All sections of this Agreement that expressly provide for survival, or by their nature should survive, will survive termination of this Agreement, including, without limitation, confidentiality, indemnification, warranty disclaimers, and limitations of liability.
All rights not expressly granted by ZEBRA BI to Licensee in this Agreement are hereby reserved by ZEBRA BI. There are no implied rights save to the extent rights cannot be excluded by applicable legislation. Licensee may not use, imitate, or copy, in whole or in part, any ZEBRA BI trademark, service mark, logo, or other branding without, in each instance, ZEBRA BI’s prior written consent, in ZEBRA BI’s discretion.
As between the parties, the Software product, including, without limitation, any and all application programming interfaces, software, documentation, images, video, content, logos, page headers, custom graphics, design and user interface elements, scripts, and other materials contained therein or provided in connection therewith, and all modifications, enhancements, and updates thereto, as well as all Intellectual Property Rights associated with any of these materials are owned by ZEBRA BI. Licensee has no right or license in/or to the ZEBRA BI’s Intellectual Property Rights other than the right to Use the Software product, in compliance with this Agreement, during the Subscription.
ZEBRA BI does not claim Intellectual Property Rights and Licensee retains all rights in and related to the Licensee’s data. ZEBRA BI may use the Licensee provided trademarks solely for the purpose of providing and supporting Software product. Licensee represents and warrants that, for all such data provided, Licensee owns or otherwise controls all necessary rights to do so and to meet your obligations under this Agreement. To the extent permitted by applicable legislation, ZEBRA BI takes no responsibility and assumes no liability for any data provided by Licensee or any third party.
Licensee will defend, indemnify, and hold ZEBRA BI and its suppliers or affiliates, and the respective directors, officers, employees and agents of each, harmless from and against any and all claims, losses, damages, liabilities and costs (including, without limitation, reasonable attorneys’ fees and court costs) arising out of or relating to your breach of / incompliance with this Agreement, EULA Order Form, or use by Licensee or any third party (authorized, permitted or enabled by Licensee) of the Software product, except to the extent the foregoing directly result from ZEBRA BI’s own gross negligence or willful misconduct. ZEBRA BI reserves the right, at its own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by Licensee.
ZEBRA BI hereby represents and warrants that properly licensed Software product will perform substantially as described by ZEBRA BI. ZEBRA BI furthermore represents and warrants that it has the power and authority to grant the rights and licenses granted to Licensee under this Agreement.
The Software product is licensed to Licensee on an "as is”, “as available” and “with all faults” basis. ZEBRA BI on behalf of its licensors, suppliers and affiliates, disclaims all other warranties, express or implied, including but not limited to, any implied warranties of merchantability, fitness for a particular purpose, title and non-infringement with regards to the Software product, to the extent permitted under applicable legislation. ZEBRA BI does not warrant that the Software product will satisfy Licensee’s requirements or that it will operate without defect or error.
ZEBRA BI gives no warranties, guarantees, or conditions about (i) the ability of the Software product to perform without limitation, restriction or interruption in any given environment, (ii) the accuracy, completeness, or content of the Software product, (iii) the accuracy, completeness, or content of any linked sites, and / or (iv) Third-party products, and ZEBRA BI assumes no liability or responsibility therewith, to the extent permitted under applicable legislation.
ZEBRA BI shall be liable for intentional conduct, gross negligence, as well as, in situations where ZEBRA BI is liable according to mandatory and/or statutory legislation. In cases of slight negligence that do not represent a breach of material contractual obligations, the fulfilment of which facilitates the performance of this Agreement, ZEBRA BI will not be liable.
ZEBRA BI will not be responsible under this Agreement (i) if the Software product is not used in accordance with this Agreement and/or EULA Order Form; (ii) if the liability is caused by Licensee; (iii) if the Software product is used in conjunction with any Third-Party products for which the Licensee lacks sufficient rights from the Third-Party for such use; or (iv) for any Licensee’s activities not permitted under this Agreement or EULA Order Form.
ZEBRA BI will in no event be liable in aggregate amount or in excess of the total fees / payments received by ZEBRA BI from Licensee for the Software product licenses during the 12-month period immediately preceding the event resulting in such liability. ZEBRA BI will not be liable in any amount for special, incidental, consequential, or indirect damages, loss of good will or profits, work stoppage, data loss, computer failure or malfunction, legal fees, court costs, interest or exemplary or punitive damages.
Confidential Information must not be used or reproduced in any form except as required to accomplish the intent of this Agreement. Any reproduction of any Confidential Information of the Disclosing Party shall remain the property of the Disclosing Party and shall contain any and all confidential or proprietary notices or legends which appear on the original. With respect to the Confidential Information of the Disclosing Party, the party receiving the Confidential Information (“Receiving Party”) shall: (i) keep the Confidential Information strictly confidential and not disclose such information to any person within or outside its organization, except as permitted according this Agreement; (ii) prevent disclosure of Confidential Information to any third party, using at least the same degree of care one usually employs in own affairs of similar character, whereas the parties shall limit internal dissemination of Confidential Information within its own organization to individuals on a “need to know basis“, provided that there is a clear understanding by such individuals of their obligation to maintain the confidential status of such information and restriction of its use solely to the purpose specified herein, (iii) not use the Confidential Information for any purpose other than the purpose of Using the Software product, without the prior written consent of the disclosing Party; (iv) keep all documents in hardcopy or electronic form prepared or obtained in connection with the Software product safe and separate from other documents, and not to make them available to any person, except to those employees, who are bound to an equivalent confidentiality obligation; (v) make only such copies of Confidential Information as strictly necessary for the purpose of Using Software product; (vi) not keep any copies and, at the request of the disclosing Party, destroy or hand over all documents and data obtained or prepared in connection with this Agreement or EULA Order Form; (vii) notify the disclosing Party immediately, if Confidential Information has been disclosed to or is in the possession of a third party. The obligation of confidentiality shall continue to remain in force for a period of 5 (five) years after the last disclosure, and, with respect to trade secrets, for so long as such trade secrets are protected under applicable legislation.
Obligation of confidentiality shall not apply and the Receiving Party shall have no confidentiality obligation with respect to information that: (i) is or becomes publicly known through no fault of the Receiving Party; (ii) is already known to the Receiving Party at the time of disclosure; (iii) is received by the Receiving Party from a Third-Party without similar restriction as to non-disclosure and without breach of this Agreement; (iv) has been or is independently developed by the Receiving Party; (v) is required to be disclosed by law, or by a requirement of a regulatory body or stock exchange, where disclosure shall not occur until, where reasonable practicable, the Receiving Party has notified the Disclosing Party of any possible disclosure and the Disclosing Party has been afforded the opportunity to review such disclosure and to attempt to prevent or limit any such disclosure.
Licensee may not assign its rights or obligations under this Agreement or EULA Order Form without the prior written consent of ZEBRA BI, which ZEBRA BI may refuse in its sole discretion. Any attempted assignment without prior written consent from ZEBRA BI will be deemed null and void. In the event that ZEBRA BI consents to an assignment, there will be a license assignment fee imposed by ZEBRA BI in the amount set forth in EULA Order Form. ZEBRA BI may assign its rights and/or obligations under this Agreement or EULA Order Form at any time. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.
ZEBRA BI reserves the right, in its discretion, to change, modify, add to, or remove portions of this Agreement (collectively, “Changes”), at any time. ZEBRA BI will notify you of Changes by sending an email to the address identified in your ZEBRA BI account and by posting a revised version of the Agreement incorporating the Changes to its Website. Your continued use of the Software product following notice of the Changes (or posting of this Agreement incorporating the Changes in the event your email address is no longer valid, is blocked, or is otherwise not able to receive the notice) will mean that you accept and agree to the Changes. Such Changes will apply prospectively beginning on the date the Changes are posted to the Website.
If any provision of this Agreement is found to be illegal, invalid or unenforceable, that provision will be limited or eliminated to the minimum extent necessary so that the Agreement will otherwise remain in full force and effect and enforceable. The illegal, invalid or unenforceable provision will be replaced by a valid and enforceable provision which approximates as closely as possible the intent of the invalid or unenforceable provision. This will also apply in the event of contractual gaps.
This Agreement, jointly with any applicable EULA Order Form, constitutes the complete agreement between ZEBRA BI and Licensee and supersedes all prior or contemporaneous discussions, representations, and proposals, written or oral, with respect to the subject matters discussed herein.
If either Party should waive any breach of any provision of this Agreement, it shall not thereby be deemed to have waived any preceding or succeeding breach of the same or any other provision hereof.
All notices shall be in writing and shall be deemed duly given when delivered to the address identified in your ZEBRA BI account or addresses set forth in EULA Order Form. Apart from any notice of termination or notice of material breach, which shall occur by exchange of letters in writing, the requirement of a written form (“in writing”) is met by exchange of letters or other written form, including email or other electronic means used by both parties.
This Agreement and any claims arising out of or relating to this Agreement and its subject matter shall be governed by and construed under the laws of the Republic of Slovenia, without reference to its conflicts of law principles. In the event of any conflicts between foreign law, rules, and regulations, and Slovenia law, rules, and regulations, Slovenian law, rules, and regulations shall prevail and govern, and the parties hereby submit to the exclusive jurisdiction of the Slovenian Courts. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement and is hereby expressly excluded.
Except for the payment obligations hereunder and as agreed upon in EULA Order Form, neither Party shall be liable to the other for any delay or non-performance of its obligations hereunder in the event and to the extent that such delay or non-performance is caused by conditions beyond the reasonable control of the performing party that prevents either Party for fulfilling its obligations under this Agreement and which such Party cannot avoid or circumvent (“Force Majeure Event”).
Licensee acknowledges and agrees that for the purpose of this Agreement, ZEBRA BI may collect, use, transfer and disclose personal data pertaining to Designated Users as well as any other employees and directors of the Licensee relevant for carrying out the intent of this Agreement. Such personal data may be collected from the Licensee or directly from the relevant individuals. The Parties acknowledge that with regard to such personal data processed hereunder, ZEBRA BI shall be regarded as the Data Controller under the applicable General Data Protection Legislation. ZEBRA BI shall process any such personal data in accordance with its privacy policies and practices, which will comply with all applicable requirements of the General Data Protection Legislation.
END OF EULA
Date of publication: 29.05.2022
Company Name: Zebra BI d.d.
Company Service Name: Zebra BI visuals for Power BI
Company Service Description: Zebra BI is a Microsoft-certified add-in for Power BI, empowering users to create standardized and impactful dashboards that meet the IBCS® guidelines. This add-in makes it possible to establish best practice reports in a few clicks. Limited training, programming, or formulas are required.
Company's contact person: Maruša Govekar
Company's contact person email: sales@zebrabi.com
Company's contact person phone number: 00386 1 256 0 286
Company's address - Pot za Brdom 104, 1000 Ljubljana, Slovenia
Zebra BI is an independent software vendor and we do not provide customized software or services. Our software is Microsoft certified, which ensures the highest security and privacy standards for cloud services. Since we're not a SaaS service but a 3rd party Power BI visual we're fully reliant on Microsoft's security policies. We regularly go through a Microsoft certification process which enforces the highest security standards and ensures our compliance in various different areas.
Microsoft Certified Power BI visuals are Power BI visuals in AppSource that meet the Microsoft Power BI team code requirements. These visuals are tested to verify that they don't access external services or resources, and that they follow secure coding patterns and guidelines. Zebra BI visuals comply with these standards.
You can find an in-depth description of what is included in the certification process in Microsoft Power BI Certificatification Requirements document.
More information can be accessed in the Microsofts' official documentation here: https://docs.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-certified.
Zebra BI's certification icon on Microsoft Appsource marks the certification.
The client’s data resides in the Power BI platform. Zebra BI visuals only display the data, which it gets through the Power BI API calls. No data is stored within the visual and no data is sent outside of the Power BI platform, meaning Zebra BI does not make external API calls. Our add-in only communicates through Power BI infrastructure.
Zebra BI receives data through Microsoft Power BI's public API service. We only process the data and can't modify or alter it in any way. Microsoft's custom visual certification also guarantees that we are not accessing external services or exposing the data outside of our visual.
For more information please refer to the official Microsoft documentation on third party visuals that possess a certification badge: https://docs.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-certified
Zebra BI does not handle data access. Data access is done separately through Microsoft Power BI and completely handled by Microsoft.
Zebra BI does not require log-in, rather it only works with the license key. Login is required through Microsoft Power BI.
Zebra BI is an add-on to Microsoft Power BI therefore user entitlements and provisioning and/or user group memberships management is done directly via the Microsoft Power BI.
If a customer uses shared/generic accounts for Power BI, then Zebra BI visuals will also be accessed through them.
Zebra BI visuals do not monitor and manage access to Microsoft Power BI.
Our product is Microsoft certified, meaning we do not track or store any data. Power BI takes care of all such requirements. Each product update that we launch goes through re-certification process again (which delays our launch cycle for 3 weeks) making sure that we still comply with all of their security procedures and requirements.
You can read more about the architecture of third party Microsoft certified visuals here: https://docs.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-certified
or here: https://zebrabi.com/zbi_blog/microsoft-approved-zebra-bi-visuals-for-power-bi-certified/.
Pentest report: due to Zebra BI being a third-party visual for Microsoft Power BI we're completely in line with their Penetration testing processes. Based on the fact that there is already existing internal usage of Microsoft Power BI at RBI the same Penetration testing report is applicable.
Code scan report: this is performed and handled by Microsoft as a part of the certification process of each Microsoft Power BI visual.
List of external dependencies: Zebra BI is fully dependant on Microsoft CV API and MSFT tools. Upon request a list of applicable packages is available.
How does change management work? The Zebra BI developer team prepares an updated version with new features and bug fixes that get published on AppSource on a monthly basis.
For you, the updates are seamless and simple. Your reports get updated automatically the next time when you open them - this means you don't have to do anything to update your visuals.
Each of these updates and upgrades go through a recertification process with Microsoft, so from the security point of view, the visuals always comply with security standards.
What is ZebraBI written in? - Typescript.
How often does the license last for? And therefore how often does the license key change? The provided license key is valid for one year. At a yearly anniversary if you decide to extend the subscription, you receive a new license key.
Code scan is part of the certification process and it is performed each time we launch a product update (on a monthly basis). Based on the fact that Zebra BI is running in a sandboxed environment within the Power BI and only visualizes the data it receives through Microsoft's Power BI Custom visuals API, there is currently no way for a user to inject HTML code into our visual, which significantly reduces the options for a security breach.
Zebra BI internal QA process ensures all vulnerability scans are performed regularly at least once per month and all vulnerability points are reviewed before each product update. All product updates go through the Microsoft recertification process as well.
No vendor management is in place. All product development, support, etc. is done in-house.
All open vulnerabilities are addressed immediately and implemented in the version of Zebra BI visuals. Depending on the severity, the fix can be submitted to Microsoft immediately or waits until the next product update and product certification.
Zebra BI checks the background of all our employees and contractors and ensures that are done in compliance and within the scope of the applicable national and EU legislation.
Zebra BI has its security and privacy policies defined and available on the public URL: https://zebrabi.com/legal/?doc=privacy-policy. Zebra BI has strict internal information security risk management processes in place. The processes are regularly assessed, reviewed, and communicated to all employees on a monthly basis.
We are not allowed to track any user information or user activity within the visuals. Since all the data is hosted by Microsoft Power BI, no one can access it without permission and Zebra BI visuals cannot share it outside of the Power BI platform. Even for troubleshooting purposes, Zebra BI employees cannot access customer’s data without someone sharing a report with us explicitly.
Informational Security is handled by our Lead Software Developer, Rok Jesenšek (rok.jesensek@zebrabi.com).
Nobody outside Zebra BI has access to customers’ data, access is managed only through the Power BI Admin Center.
No third-party service vendors have access to Zebra BI.
Zebra BI receives data through Microsoft Power BI's public API service. We only process the data and can't modify or alter it in any way. Microsoft's custom visual certification also guarantees that we are not accessing external services or exposing the data outside of our visual.
For more information, please refer to the official Microsoft documentation on third-party visuals that possess a certification badge: https://docs.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-certified.
Zebra BI internal QA process ensures all vulnerability scans are performed regularly at least once per month and all vulnerability points are reviewed before each product update. All product updates go through Microsoft recertification process as well.
Zebra BI does not review Microsoft's security policies. The only vulnerability assessment Microsoft is willing to share is a matter of public knowledge.
Zebra BI is an independent software vendor and we do not provide customized software or services. Our software is Microsoft certified, which ensures the highest security and privacy standards for cloud services.
Since we're not a SaaS service but a 3rd party Power BI visual we're fully reliant on Microsoft's security policies. We regularly go through a Microsoft certification process which enforces the highest security standards and ensures our compliance in various different areas. You can find an in-depth description of what is included in the certification process in Microsoft Power BI Certificatification Requirements document.
We have standard employment and health insurance according to local and EU legislation, but we do not have coverage for any risk, security or other types of infringement - which is usually required for professional services or custom development companies.
Zebra BI does not offer Service Level Agreements. The scope and scale of support services is defined within our End User License Agreement, available in the following link: https://zebrabi.com/legal/?doc=eula
Zebra BI visuals do not store or process any data (all the data is handled by the Power BI). Each time our visuals undergo Microsoft certification, a guarantee that we do not store any data is issued. (Microsoft certification) Furthermore, when processing and displaying the data at runtime, the visuals cannot share the data outside of the Power BI platform.
Zebra BI has specifically designated and defined areas in the offices which are physically separated and secured because they might contain sensitive data.
Zebra BI has multi-layer access control and alarm systems in place limiting access to any unauthorized personnel.
Zebra BI enforces a clear desk and clear screen policy for all employees and includes all relevant training as a part of each employee's onboarding. A strict "lock screen" policy is in place for all laptops ensuring a maximum allowed period of the 60s before re-login is required.
Zebra BI has multi-layer protection against malware in place ranging from antivirus protection on all computers, advanced firewalls, and threat detection systems.
Zebra BI has all maintenance activity monitored and logged in Bitbucket.
Zebra BI has in place a multi-layer DLP concept which is available upon request.
Due to the nature of Zebra BI being a third-party Power BI visual, Zebra BI does not have access to customer data and therefore cannot be used in any non-productive environments. Power BI takes care of all data security.
Zebra BI is completely in line with Microsoft Power BI's Penetration testing processes. Based on the fact that there is already existing internal usage of Microsoft Power BI at your company, the same Penetration testing report is applicable.
Zebra BI internal QA process ensures all vulnerability scans are performed regularly at least once per month and all vulnerability points are reviewed before each product update. All product updates go through Microsoft recertification process as well.
We do not receive security vulnerability advisories from organizations such as CERT. All open vulnerabilities are addressed immediately and implemented in the next version of Zebra BI visuals. Depending on the severity, the fix can be submitted to Microsoft immediately or waits until the next product update and product certification.
Our change program and product update certification process entail Microsoft team review of Zebra BI source code ensuring that Zebra BI visuals don't access external services or resources and that they follow secure coding patterns and guidelines.
More information can be accessed in the official documentation here: https://docs.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-certified.
Microsoft certification ensures secure coding development, training, code reviews, vulnerability scanning, using correct libraries, code versioning tools implemented, and source code check-up.
Zebra BI operation system is dependent on Power BI. Our development team, however, needs to ensure that up-to-date libraries are used in order to pass Microsoft certification.
Only our published product which can be found on AppSource is available for your use.
Development and testing are done on our own data, as we do not have access to any customer data.
To access our support, you can write to dedicated team of in-house specialists which is available for mail/on-call direct support Mon-Fri, between usual working hours in the CET time zone.
Premium Support Services can be acquired with Enterprise licensing package (1000 users or more).
The premium support services include but are not limited to:
Zebra BI is an add-on to Microsoft Power BI, therefore we are fully dependent on Power BI SIEM solutions.
In the case of failure, restarting or reloading the Power BI environment will restart all the processes.
Zebra BI will notify customer without undue delay after verification of a security incident; continuously inform the customer of the measures we are taking or intend to take and use all reasonable efforts to avoid such
incidents.
All incidents are communicated to the end-user via official channels in the turnaround of 24 hours.
Official channels include but are not limited to: Zebra BI official website, LinkedIn and Twitter accounts as well as direct communication through email to the official Zebra BI account holder on the RBI side.
END OF SECURITY ASSESSMENT
Version: 1.0.0
Last modified: 30. 1. 2023
Zebra BI for Microsoft Office is an add-in for Microsoft Excel and Microsoft PowerPoint obtainable solely via Microsoft AppSource. Zebra BI empowers users to create standardized and impactful dashboards in a few clicks with only limited training and no programming. It runs entirely in the Office sandbox environment and neither collects nor stores any user data outside its local running environment. As such it avoids most of the security risks SaaS BI solutions usually introduce.
Zebra BI for Office comprises of two add-ins:
Both add-ins are available for Excel and PowerPoint.
Zebra BI Tables for Excel, Zebra BI Tables for PowerPoint, Zebra BI Charts for Excel, and Zebra BI Charts for PowerPoint are all official Microsoft Office Add-ins and thereby comply with all of Microsoft’s publishing requirements and processes as specified in Deploy and publish Office Add-ins and Commercial marketplace certification policies.
Zebra BI for Office can only be obtained from Microsoft AppSource. The add-in code is served via HTTPS from an Azure App Server controlled by Zebra BI.
As with all AppSource add-ins, updates are seamless and automatic.
Zebra BI for Office runs in a sandboxed environment within Microsoft Office and accesses user data only through Microsoft's Office add-ins API.
After the add-in has been inserted no further data or code is fetched from anywhere.
Retail license: Office 2016, 2019, 2021, Office 365: Version 2105 (Build 14026.20308)
Volume license: Office 2021: Version 1808 (Build 10730.20102)
Authentication is done via Microsoft SSO.
Permissions required to run Zebra BI for Office are profile
and openid
as defined in Microsoft Graph API.
These are in term used to get the following account data via MSAL:
tenant ID
- unique identification of the organization to which the user belongs as assigned by Microsoft,object ID
- unique identification of the user as assigned by Microsoft,full name
- full name of the user identified by object ID,email
- email of the user identified by object ID.Data obtained thereby is used for license verification and is not retained.
Users wishing to use data linking from Excel to PowerPoint also need to grant Zebra BI for Office read permission to Microsoft Sharepoint.
License is verified each time the Zebra BI for Office add-in is loaded. The verification is performed via an external license server fully developed and run by Zebra BI.
The licensing server receives a JSON Web Token (JWT) containing tenant ID, object ID, and email and responds with license information. Communication with the Zebra BI licensing server is done via a secure HTTPS connection. The server is running on Microsoft Azure.
As Zebra BI of Office is an Office Add-in all user and permission management is done in Microsoft Office itself.
Zebra BI for Office runs in a sandboxed environment within Microsoft Office and accesses user data only through Microsoft's Office add-ins API. Zebra BI does not collect nor store any user data outside the local running environment.
For the most part user data access is read-only. Only exceptions are:
Code for Zebra BI is stored using version control. We employ 4-eye review with branch protection and push to production deployment only possible by a pull request. Therefore any changes to the code and the deployed version have an audit trail and can only be done by select employees.
Zebra BI checks the background of all employees to the extent permissible by applicable national and EU legislation.
We annually review permissions and access levels of all employees.
Permission and access revocation is part of our standard offboarding.
We have in place a continual process of identifying, prioritizing, mitigating and remediating vulnerabilities.
We apply the same vulnerability management process to all Zebra BI software as well all systems that are involved in serving or operating the former.
Security vulnerabilities are to be reported to security@zebrabi.com and only there.
Our Vulnerability handling processes follows the ISO/IEC 30111 standard.
END OF SECURITY ASSESSMENT
Certified Power BI visuals are Power BI visuals in AppSource that meet the Microsoft Power BI team code requirements. These visuals are tested to verify that they don't access external services or resources, and that they follow secure coding patterns and guidelines.
Certified Power BI visuals offer more features than non-certified visuals. For example, you can export to PowerPoint, or display the visual in received emails when a user subscribes to report pages.
The certification process tests include but aren't limited to:
Yes. Every time a new version of certified visual is submitted to the Marketplace, the visual's version update goes under the same certification checks.
The version update certification is automatic. If the update is rejected because of a violation, an email is sent to the developer explaining what needs to be fixed.
No. A certified visual can't lose its certification with a new update. Instead, the update would be rejected.
https://docs.microsoft.com/en-us/power-bi/developer/visuals/power-bi-custom-visuals-faq
To get your Power BI visual certified, it must meet the requirements listed in this section.
Power BI visual has to be approved by Partner Center. Before requesting certification, it is recommended that you publish your Power BI visual in AppSource.
Before submitting Power BI visual for certification,we verify that:
Although you don't have to publicly share your code in GitHub, the code repository has to be available for a review by the Power BI team. The best way to do this is by providing the source code (JavaScript or TypeScript) in GitHub.
The repository must contain:
If your Power BI visual uses private npm packages, or git submodules, you must provide access to the additional repositories containing this code.
To understand how a Power BI visual repository looks, review the GitHub repository for the Power BI visuals sample bar chart.
Use the latest version of the API to write the Power BI visual.
The repository must include the following files:
Command requirements
Make sure that the following commands don't return any errors.
Use the latest version of powerbi-visuals-tools to write the Power BI visual.
Compile your Power BI visual with pbiviz package. If you're using your own build scripts, provide a npm run package custom build command.
Make sure you follow the Power BI visuals additional certification policy list. If your submission doesn't follow these guidelines, you'll get a rejection email from Partner Center with the policy numbers listed in this link.
Follow the code requirements listed below to make sure that your code is in line with the Power BI certification policies.
The policies listed in this section apply only to Power BI visuals offers.
Your visual source code must conform to the visual code repository requirements. The code repository for your visual should be available and correctly formatted.
Your source code should be readable, maintainable, expose no functionality errors, and correspond to the provided visual's package.
Your source code should comply with all security and privacy policies. Source code must be safe and not pass or transmit customer data externally.
Running visual development related commands on top of your visual source code should not return any errors.
Visual consumption should not expose any errors or failures and must ensure the functionality of any previous version is preserved.
Power BI Visual additional certification does not apply automatically to updated visuals. All updates to certified Power BI Visuals must also be certified as part of the submission process.
Visuals that rely on access to external services or resources are not eligible to be certified Power BI visuals. You may submit duplicate versions of visuals to the Marketplace: a non-certified version that uses external services or resources, and a certified version that does not use external services or resources. The offer that accesses external services or resources must clearly state so in the description.
https://docs.microsoft.com/en-us/legal/marketplace/certification-policies#1180-power-bi-visuals