Zoho TeamInbox is GDPR ready
The General Data Protection Regulation (GDPR) is a European Data Protection regulation enforced by the EU Commission to protect the fundamental right to privacy for every EU residents. GDPR came into effect on the 25th of May, 2018. Any organization that works with EU residents' personal data in any manner, irrespective of location, has obligations to protect the data. Zoho TeamInbox is fully committed to protecting your data. Any information you provide is processed in accordance with applicable data protection laws. Read on to know what we do to ensure that we are completely GDPR compliant.
Personal Data Collection - Ever Compliant
At Zoho TeamInbox, we honor our users' privacy and are always careful about the data we collect. We never have used user data for advertising and we never will. We will never ask our users for information beyond what is absolutely required for the functioning of the product. Wherever we collect user data, we will clearly state its purpose and the manner in which it will be used.
Zoho TeamInbox's GDPR Readiness
We've set certain rules and strategy on how to process personal data. Here's how we do it.
Zoho TeamInbox has security built into every layer of the product. In particular, we have proved our commitment to data privacy and protection by meeting the industry standards for ISO 27001, and SOC 2 Type 2. Also, Zoho Corporation participates in and has certified its compliance with the EU-U.S. We trust that compliance with GDPR will motivate us to move towards the highest standards of operations in protecting customer data.
Data Hosting (Locality)
Zoho Servers are located in most secure data centers in the US, EU, CN and IN. The region in which we host your service data depends upon the domain on which you registered your Zoho TeamInbox.
The following table lists the Zoho domains and the respective hosting locations.
|Account Registration Domain||Hosting Region (Data Center)|
|US (United States)|
|EU (European Union)|
|AU (Australia and New Zealand)|
We use the latest and secure ciphers like AES_CBC/AES_GCM 256 bit/128 bit keys for email encryption. These ensure that your Zoho TeamInbox data is protected from unauthorized access, disclosure or modification. All data is encrypted at rest and in transit. We believe our highly secure physical controls at data centers and transit level encryption ensures that your data stays well protected.
Users have access only to the inboxes they are members of. The inbox memberships can be controlled and modified by the inbox or team admin. In addition to this, users will have access to messages and email drafts that are shared with them.
Users can edit all of their personal information except the registered email address. However, we could assist you in replacing the email address associated with your Zoho TeamInbox account. You can write to us to request a replacement.
We have appropriate functionalities in our interface to allow users to delete their data. Use the Delete option to delete your data. When you delete a user, the data associated with the user will be scheduled for deletion, and will be deleted within 30 days of actual user deletion.
We export data from your Zoho TeamInbox account upon request. Write to us if needed and we'll export your data for you.
The data retention period in Zoho TeamInbox is 30 days. When you delete messages they are moved to Trash, where they stay for 30 days. The data in Trash can be restored, until they are automatically cleaned up by the system. After that the messages will be permanently deleted from our database.
Data Disclosure is the level of access within the service, where only authorized users can access, alter or delete service data. The organization administrator can assign permissions to users and thereby can allow or restrict data access to them.
Data audits help you secure your system and monitor for unexpected changes or usage trends. Zoho TeamInbox records every activity that happens in your organization and the org admin will have access to these logs. We can export the audit log for you in CSV format upon request.