Data Processing Addendum
What is DPA?
The Data Processing Addendum is an agreement you make with Zoho Corporation to process your personal data based on GDPR/CCPA regulations. This agreement is an addendum to our terms of service and privacy policies that govern the processing of your data. Learn more about our privacy policies
here.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European privacy regulation that addresses the processing of personal data of European residents. It aims to strengthen the security and protection of personal data in the EU, and harmonize the EU data protection law. Broadly, it sets out multiple data protection principles and requirements, which must be adhered to when processing personal data. Learn more about GDPR and
Zoho's compliance with the GDPR.What is CCPA?
The California Consumer Privacy Act (CCPA) is a statute intended to protect the privacy of the residents of California, USA. The CCPA applies to any business, including any for-profit entity that collects consumers' personal data, that does business in California, and satisfies at least one of the following thresholds:
- Has annual gross revenues above $25 million.
- Buys or sell the personal information of 50,000 or more consumers or households.
- Earns more than half of its annual revenue from selling consumers' personal information.
How does DPA work?
Only the administrator of an organization can initiate a DPA request.
- A user signs in to their Zoho account to initiate the DPA. The DPA form can be found under the Privacy tab.
- After receiving a request from the user, Zoho's legal team will proceed with the verification process. Once the request is approved, the user will receive an email from Zoho Sign, which will contain a link to the DPA.
- The user needs to sign the DPA via Zoho Sign to complete the process. A copy of the addendum will be sent to the user via email.
Zoho's legal team reserves the right to reject a DPA request. If your request was not approved, the reason for rejection will be available in the DPA section under the Privacy tab.
You can
assign representatives for your organization such as Data Protection Officer, Privacy Representative, and Ownership Nominee. The representatives will be contacted to convey important information regarding privacy and security or legal disputes.
What is a Data Protection Officer?
A Data Protection Officer is the representative of your organization, and is responsible for overseeing your company’s data protection strategy and its implementation to ensure compliance required by the GDPR or other data protection laws.
What is a Privacy Representative?
A Privacy Representative acts as a point of contact for your organization, and is responsible for running and maintaining the privacy program at your organization.
What is a Ownership Nominee?
A contact who is assigned the Transfer Account Ownership role will receive the ownership of the organization account if the current owner leaves the organization.
How to initiate DPA
- Sign in to your Zoho account.
- Click Data Processing Addendum under Privacy.
- Click Initiate Now.
- Fill in the necessary details, then click Submit.
Under Categories of Data, the users have to enter data that they want Zoho to process.
- Sign in to your Zoho account.
- Click Manage Your Contact under Privacy.
- Click Add Contact.
- Your personal details except Designation will already be auto filled.
- Fill in your Organization details such as Name, Company Address, Industry Type, then click Next.
- Fill in your contact's details, then click Add.