GDPR - The GDPR(General Data Protection Regulation) is a regulation that sets guidelines for the collection and processing of personal data of EU (European Union) residents. It is enforceable from May 25, 2018. The GDPR will replace an older data privacy directive - Directive 95/46/EC of the European Parliament. Learn more about GDPR compliance in Zoho Marketing Automation

 

Personal Data - Any information related to an identified/identifiable data subject. (E.g., name, gender, address, ID card number, contact number, email address, location data, IP address, or health status of the contacts)

 

Data Subject - A natural person in the EU whose personal data is used in your business.

 

Data Controller - An entity that collects the personal data of individuals and uses it in its business for specific purposes. You are a Data Controller of the contacts data if you use Zoho Marketing Automation to market to your contacts (Data Subjects).

 

Data Processor - An entity that helps a controller in the processing of data based on the instructions given by the controller for specific purposes. A data processor doesn't have control over the data they process. Zoho Marketing Automation is the data processor of your contacts data on your behalf, acted upon by your instructions on how and when to process the data.

 

Data Processing Basis - A lawful set of procedures for collecting and processing data.

 

Consent - The permission for something to happen or agreement to do something.

 

Contract - An agreement where there's an element of exchange and which is legally binding. For example, the technical support provided by a product that you use is contract.

 

Legal Obligation - A situation that requires a data controller to process data to stay compliant with the law. For example, an employer is bound to disclose the salary details of employees as tax law are a legal reason to bind to.

 

Vital Interest - An interest necessary to preserve someone's life. For example, when an individual is admitted to a hospital in a critical health condition, it is necessary to establish the health details of the individual to save their life.

 

Public Task - A task that requires a government body to process data in public interest. This is limited to government bodies. For example, government bodies can use the personal data of citizens to pass on vital information to the public during emergencies (When a person is missing or locating a suspect might require a body to share the personal information of that respective individual).

 

Legitimate Interest - A lawful business interest which a data subject can reasonably expect to require processing of their data, and which does not infringe on the rights of the data subject.

Direct Marketing - When an individual enquires about the services offered by an organization, it's implied that the organization can process that particular individual's information.

Fraud Prevention - In negative cases like default of payment, organizations can use the personal data of respective individuals to collect payment.

 

Right to be Forgotten/Erasure - It is a right of data subjects (Contacts) to request that any personal information be removed from your records (contact information present in Zoho Marketing Automation). For example, you (Data Controller) are a user of Zoho Marketing Automation (Data Processor) and you would feed in your contact(Data Subjects) information to the application to market to them. Your contacts can now request that their personal information be removed from your records at any point in time.

 

Right to Object - Data subjects can prohibit/stop usage of data for specific purposes. For example, your contacts (Data Subjects) can opt out of your mailing list at any point in time. They can object to processing of their data and easily withdraw their consent.

 

Right to Rectification - Contacts can request that their incorrect/incomplete data be rectified. This can be done in two ways,

Right to Data Portability - Data subjects can get a copy of their information in a readable format upon their request. This can be done in two ways,

Right to be Informed - The data subjects' right to be well-informed about the usage of their personal data. This gives you the responsibility of being transparent with your contacts about what you do with their data.