Get Started
COMPLIANCE & TRUST

GDPR & India DPDP Compliance

Our data protection framework for European and Indian users under GDPR and DPDP Act.

1. Introduction

ZentoCloud Technologies is committed to safeguarding personal data under both:

  • GDPR (General Data Protection Regulation) – EU/EEA
  • DPDP Act 2023 (Digital Personal Data Protection Act) – India

Our policies ensure transparency, accountability, and lawful processing for all global client deployments.

2. Categories of Data We Process

Under GDPR & DPDP, ZentoCloud may collect and process:

  • Name, business email address, phone numbers, and professional job title
  • Business registry and logistical details for ERP/CRM software onboarding
  • Product usage logs and server request logs
  • Technical metadata (IP addresses, device user agents, browser properties)
  • Customer support email histories and diagnostic tickets

3. Legal Basis for Processing (GDPR)

GDPR requires a specific legal basis for each type of personal data processing:

  • Consent – voluntarily provided information via demo and scoping forms
  • Contractual necessity – necessary actions to deliver custom ERP, CRM, and SaaS software
  • Legitimate interests – improving platform performance, security, and fraud audits
  • Legal obligations – financial auditing, tax regulations, and security reporting

4. Purpose of Data Use (DPDP & GDPR)

ZentoCloud processes personal data for the following specific purposes:

  • Providing and maintaining customized ERP, CRM, SaaS, and database systems
  • Customer onboarding, tech support, and SLA maintenance
  • Platform security auditing, cache tuning, and performance profiling
  • Product features engineering and release enhancements

5. User Rights (GDPR & DPDP)

Our global users are equipped with the following statutory rights under GDPR and DPDP:

  • Right to access personal data files held on our systems
  • Right to correct, update, or amend outdated records
  • Right to withdraw consent at any time without penalty
  • Right to erasure (the "Right to be Forgotten" under GDPR)
  • Right to restrict or object to automated data processing
  • Right to data portability in structured machine-readable formats
  • Right to grievance redressal through the Data Protection Board (DPDP)

6. Consent Rules

Consent under GDPR and DPDP must be freely given, specific, informed, and unambiguous. ZentoCloud ensures:

  • Clear explanations of data usage on all intake forms
  • Granular, simple opt-in and opt-out checkboxes
  • No pre-checked fields or forced consent conditions
  • Simple email-based consent withdrawal processes

7. Data Security Measures

We deploy robust enterprise-grade security controls, including:

  • Complete encryption of sensitive data at rest (AES-256) and in transit (SSL/TLS 1.3)
  • Role-based access controls and IP whitelisting for employee terminals
  • Advanced network firewalls and edge protection rules
  • Regular code vulnerability assessments and server penetration audits
  • Strict vendor vetting with signed Data Processing Agreements (DPAs)

8. Data Retention Policy

We retain your personal data only for as long as necessary to fulfill the business services you contracted, or to comply with statutory legal records regulations. Users can request deletion at any time, subject to tax or contractual retention laws.

9. Third-Party Sharing & Processors

ZentoCloud does not sell or lease personal data. Limited sharing occurs with vetted processors:

  • Cloud hosting and network CDN infrastructure providers
  • Centralized database backup repositories
  • Secure email servers and communication dashboard APIs

All third-party partners are bound by strict contractual confidentiality agreements.

10. Cross-Border Data Transfers

GDPR: Transfers of European user data outside the EEA are governed by approved Standard Contractual Clauses (SCCs).

DPDP: Transfers of Indian personal data follow the statutory guidelines and geographical restrictions set by the Government of India.

11. Breach Notification

GDPR: Users and supervisory authorities are notified of qualifying data breaches within 72 hours of discovery.

DPDP: Notifications are dispatched to the Data Protection Board and affected individuals in accordance with DPDP rules.

12. Contact & Data Protection Officer (DPO)

For privacy inquiries, rights execution, or complaints, reach out to our DPO:

Email: knock@zentocloud.com
Phone: +91 92650 54310
HQ Address: Shop no.17, 1st Floor, Amarasar Fatak, Amarsar, Wankaner, Morbi, Gujarat - Pin 363621

ZentoCloud
Get Started