Data Processing Addendum
What is DPA?
The
Data Processing Addendum is an agreement you make with Zoho Corporation
to process your personal data based on GDPR/CCPA regulations. This
agreement is an addendum to our terms of service and privacy policies
that govern the processing of your data. Learn more about our privacy
policies
hereWhat is GDPR?
The
General Data Protection Regulation (GDPR) is a European privacy
regulation that addresses the processing of personal data of European
residents. It aims to strengthen the security and protection of personal
data in the EU, and harmonize the EU data protection law. Broadly, it
sets out multiple data protection principles and requirements, which
must be adhered to when processing personal data. Learn more about GDPR
and
Zoho's compliance with GDPRWhat is CCPA?
The
California Consumer Privacy Act (CCPA) is a statute intended to protect
the privacy of the residents of California, USA. The CCPA applies to
any business, including any for-profit entity that collects consumers'
personal data, that does business in California, and satisfies at least
one of the following thresholds:
- Has annual gross revenues above $25 million.
- Buys or sell the personal information of 50,000 or more consumers or households.
- Earns more than half of its annual revenue from selling consumers' personal information.
How does DPA work?
- A user signs in to their Zoho account to initiate the DPA. The DPA form can be found under the Privacy tab.
- After
receiving a request from the user, Zoho's legal team will proceed with
the verification process. Once the request is approved, the user will
receive an email from Zoho Sign, which will contain a link to the DPA.
Note:
Zoho's legal team reserves the right to reject a DPA request. If your
request was not approved, the reason for rejection will be available in the DPA section under the Privacy tab. You
can assign representatives for your organization such as Data
Protection Officer, Privacy Representative, and Ownership Nominee. The
representatives will be contacted to convey important information
regarding privacy and security or legal disputes.
What is a Data Protection Officer?
A
Data Protection Officer is the representative of your organization, and
is responsible for overseeing your company’s data protection strategy
and its implementation to ensure compliance required by the GDPR or
other data protection laws.
What is a Privacy Representative?
A
Privacy Representative acts as a point of contact for your
organization, and is responsible for running and maintaining the privacy
program at your organization.
What is a Ownership Nominee?
A
contact who is assigned the Transfer Account Ownership role will
receive the ownership of the organization account if the current owner
leaves the organization.
How to initiate DPA
- Sign in to your Zoho account.
- Click Data Processing Addendum under Privacy.
- Choose the organization to initiate DPA (if you have multiple organizations).
- Click Initiate Now.
- Fill in the necessary details, then click Submit.
- If
you have multiple service organizations, you can initiate a DPA request
separately or you can merge with already signed organization by
clicking Add to existing signature.
Note:- Only the administrator of an organization can initiate a DPA request.
-
Under
Categories of Data, the users have to enter data that they want Zoho to process.
What to do after initiating DPA
After initiating DPA, the process status will stay in pending signature till
the legal team reviews and approves your request. Once your request is
approved, you will receive an email from Zoho. Upon signing the document
you received via email, the DPA process will get completed. Learn how
- Click Manage Your Contact under Privacy.
- Click Add Contact.
- Your personal details except Designation will already be auto filled.
- Fill in your Organization details such as Name, Company Address, Industry Type, then click Next.
- Fill in your contact's details, then click Add.