GDPR & India DPDP Compliance

1. Introduction

ZentoCloud Technologies Pvt. Ltd. is committed to safeguarding personal data under both:

• GDPR (General Data Protection Regulation) – EU/EEA
• DPDP Act 2023 – India

Our policies ensure transparency, accountability and lawful processing for global clients.

2. Categories of Data We Process

Under GDPR & DPDP, ZentoCloud may process:

• Name, email, phone, job title
• Business details for ERP/CRM onboarding
• Product usage logs
• Technical metadata (IP, device, browser)
• Support communication records

3. Legal Basis for Processing (GDPR)

GDPR requires a legal basis for each type of data processing:

• Consent – voluntarily provided information
• Contractual necessity – ERP/CRM/SaaS services
• Legitimate interests – analytics, fraud prevention
• Legal obligations – compliance, security

4. Purpose of Data Use (DPDP & GDPR)

ZentoCloud processes personal data for:

• Providing ERP, CRM, SaaS and automation services
• Technical support and onboarding
• Security, analytics and performance monitoring
• Service improvements and feature development

5. User Rights (GDPR & DPDP)

Users have the following rights under both laws:

• Right to access data
• Right to correct or update data
• Right to withdraw consent
• Right to deletion (Right to be Forgotten – GDPR)
• Right to restrict processing
• Right to data portability (GDPR)
• Right to grievance redressal (DPDP)

6. Consent Rules

Both GDPR and DPDP require explicit, informed consent. ZentoCloud ensures:

• Clear explanation of data usage
• Easy opt-in & opt-out mechanisms
• No forced or bundled consent
• Withdrawal at any time

7. Data Security Measures

• Encrypted data at rest and in transit
• Strict access control policies
• Multi-layered security firewalls
• Regular audits and vulnerability scans
• Secure data centers with signed agreements

8. Data Retention Policy

We retain data only for as long as necessary to deliver services, or as required by law. Users may request deletion under GDPR/DPDP rules.

9. Third-Party Sharing & Processors

ZentoCloud does not sell personal data. Limited sharing occurs with:

• Hosting/infrastructure providers
• Database & cloud services
• Email & communication tools

All processors follow strict contractual data protection obligations.

10. Cross-Border Data Transfers

GDPR: Transfers outside the EU follow SCCs (Standard Contractual Clauses) and approved safeguards.
DPDP: Transfers outside India follow permitted jurisdictions and compliance rules.

11. Breach Notification

GDPR: Users and authorities notified within 72 hours.
DPDP: Users notified as per regulatory guidelines.

12. Contact & Data Protection Officer (DPO)

Email: knock@zentocloud.com
Phone: +91 86719 44702
Address: The Spire 2, 219, BRTS, 150 Feet Ring Rd, Near Shital Park,
Opp. Plexus Med Care, Rajkot, Gujarat 360007