Personal Data - Any information related to an identified/identifiable data subject. (E.g., name, gender, address, ID card number, contact number, email address, location data, IP address, or health status of the contacts)

Data Subject - A natural person in the EU whose personal data is used in your business.

Data Controller - An entity that collects the personal data of individuals and uses it in its business for specific purposes. You are a Data Controller of the contacts data if you use Zoho Campaigns to market to your contacts (Data Subjects).

Data Processor - An entity that helps a controller in the processing of data based on the instructions given by the controller for specific purposes. A data processor doesn't have control over the data they process. Zoho Campaigns is the data processor of your contacts data on your behalf, acted upon by your instructions on how and when to process the data.

Data Processing Basis - A lawful set of procedures for collecting and processing data.

Consent - The permission for something to happen or agreement to do something.

• In need of consent - You can receive contacts consent using "Manage Consent" option in Zoho Campaigns.
• Express consent - You can update expressed contacts consent in Zoho Campaigns.

Contract - An agreement where there's an element of exchange and which is legally binding. For example, the technical support provided by a product that you use is contract.

Legal Obligation - A situation that requires a data controller to process data to stay compliant with the law. For example, an employer is bound to disclose the salary details of employees as tax law are a legal reason to bind to.

Vital Interest - An interest necessary to preserve someone's life. For example, when an individual is admitted to a hospital in a critical health condition, it is necessary to establish the health details of the individual to save their life.

Public Task - A task that requires a government body to process data in public interest. This is limited to government bodies. For example, government bodies can use the personal data of citizens to pass on vital information to the public during emergencies (When a person is missing or locating a suspect might require a body to share the personal information of that respective individual).

Legitimate Interest - A lawful business interest which a data subject can reasonably expect to require processing of their data, and which does not infringe on the rights of the data subject.

• Direct Marketing - When an individual enquires about the services offered by an organization, it's implied that the organization can process that particular individual's information.
• Fraud Prevention - In negative cases like default of payment, organizations can use the personal data of respective individuals to collect payment.

Right to be Forgotten/Erasure - It is a right of data subjects (Contacts) to request that any personal information be removed from your records (contact information present in Zoho Campaigns). For example, you (Data Controller) are a user of Zoho Campaigns (Data Processor) and you would feed in your contact(Data Subjects) information to the application to market to them. Your contacts can now request that their personal information be removed from your records at any point in time.

Right to Object - Data subjects can prohibit/stop usage of data for specific purposes. For example, your contacts (Data Subjects) can opt out of your mailing list at any point in time. They can object to processing of their data and easily withdraw their consent.

Right to Rectification - Contacts can request that their incorrect/incompleted data be rectified.

• Through Zoho Campaigns - Your contacts can request to have their data held by Zoho Campaigns rectified by updating their profile.
• Through You - Or, they can request that you rectify their data.

Right to Data Portability - Data subjects can get a copy of their information in a readable format upon their request.

• Data subjects - Data can easily export a copy of their information from the systems through encrypted files.
• You - You can easily export your data from Zoho Campaigns.

Right to be Informed - The data subjects' right to be well-informed about the usage of their personal data. This gives you the responsibility of being transparent with your contacts about what you do with their data.

Disclaimer: Compliance with the GDPR requirements is possible only with the combination of people, process, and technology. Zoho Campaigns has made the best efforts to provide solutions that you can use to comply with the law. The information presented here should not be taken as legal advice. We always recommend that you approach legal counsel to advise on the best ways to ensure GDPR compliance.