Zoho has always been mindful of its users' rights to data privacy and protection. With GDPR, we've taken a closer look at what we do in order to be compliant with this regulation. Read more about Zoho's GDPR policy.
What is GDPR?
The General Data Protection Regulation (GDPR) has been in effect since May 25th, 2018. It's a regulation in the EU that aims to give individuals granular-level control of their personal data. The GDPR imposes obligations to all organizations in the world that target or collect data related to people in the EU.
What is personal data?
Personal data is any information that relates to an individual who can be directly or indirectly identified. This includes, but is not limited to, name, email address, location information, ethnicity, gender, biometric data, website cookies, and photos.
The person whose data is processed
The person or organization that decides why and how personal data will be processed
The person or organization that processes the data on behalf of the Data Controller
How is Orchestly GDPR complaint?
To start with, Zoho has always respected user privacy—we have never used your data to serve ads, and never will. Orchestly collects only required data, stores it securely, and provides transparency in data processing. That said, we have also made some changes to ensure the additional level of security that GDPR encourages.
Organization owners can track every event at an organization with audit logs, and know who did what, and when.
The OAuth 2.0 protocol is used in Orchestly APIs for authentication and authorization processes.
Your personal details are shared with marketplace vendors only after obtaining your consent. We do not save any credentials that might be used to log into any third-party services. And in case you use tokens generated by third-party applications while using extensions, we save an encrypted version of those tokens. Learn more.
You can protect confidential customer data with encryption. On encrypting the fields, the text is converted into cipher, and can be accessed by authorized users only. Learn more.
Orchestly integrates with Zoho Directory to help facilitate smooth logins. Learn more.
Role-Based Access Control
Organization owners and admins can determine who has access to what, and which permissions they have.Learn more.
Disclosure of Data
Orchestly features like two-factor authentication, role-based access, field-level permissions, data encryption, and the ability to limit access to layouts and processes ensure that you have a tight control over who can access what.
With OWASP secure coding practices, DDoS protection, data centers across the globe, compliance certifications including ISO 27001 and SOC-2 Type II, and other security, privacy, and compliance practices, Zoho ensures that your data is secure. Read more.
Rights of Data Subject and Data Controller
Right to access
Organization owners can access all customer information recorded in Orchestly. For example, a lead's information if a sales process is automated with Orchestly, or an employee's details if employee onboarding is automated. Job owners can access the customer information in the jobs they own. Other users can access customer information only if they have necessary permissions.
Right to rectification
Organization owners can edit organization details, customer information, and business processes at any time. Other users can edit customer information and business processes based on their access privileges.
Right to erasure
As an organization owner, you can delete any customer information or business process, any time you want. Other users can do so only if they have necessary permissions. As an organization owner, you can also choose to discontinue our services at any time, by deleting the organization. If you choose to delete your account, we'll add it to the deletion queue, and will be deleted in the next clean-up cycle.
Right to restrict processing
As an organization owner, you can stop processing a customer's record when required. Any user other than the organization owner can do so if they have the required permissions. Read more.
Right to data portability
Organization owners can create a backup of all the information in their organization. A password-protected link of the backup will then be emailed to the organization owner. This link will expire after 7 days and the exported ZIP file will be deleted. Learn more about this here. Users can also export all jobs, or a particular job that they have access to, as XLS or CSV files.
Disclaimer: The information presented herein should not be taken as legal advice. We recommend that you seek legal advise on what you need to do to comply with the requirements of GDPR.