Privacy policy for Zoho Payments
INTRODUCTION
In addition to Part I and Part III of Zoho's general privacy policy, this privacy policy explains Zoho's privacy practices with respect to the processing of personal information about you and your customers in relation to your use of Zoho Payments. If you are a customer of a Zoho Payments user, this privacy policy is not applicable to you and you should contact Zoho Payments user for information on how your data is processed.
Part I – Information Zoho collects about you or your Customers
Information that you or your Customers provide us
i. Setting up of Zoho Payments Account: In order to use Zoho Payments, you need a Zoho Payments Account. Zoho conducts a KYC process before creating a Zoho Payments Account and as part of this KYC process we may collect personally identifiable information about you or representatives of your business. Apart from region specific acceptable verification information and documents, we may collect:
- Information about your business such as:
- legal name, address, phone number, employer identification number, tax identification number, company structure, type of the business, details about the websites, description about the business, and product sold or the service sold;
- Support related information such as support address, support email address, and support phone number;
- Information about you or representative of your business such as:
- Name, date of birth, email address, phone number, address, social security identification number, position/title/shareholding in the business.
ii. Payout Processing: Apart from the information mentioned above, we collect your bank account information (such as credit or debit card number, account number, and account holder name), currency, country, routing number, and payout and payment statement descriptors) to process your payments initiated through Zoho Payments.
iii. Payment Processing: In order to process payments for you, we collect, use and share certain information related to your customers. This may include name, payment method information (such credit or debit card number, card expiry date, card CVV, and account information), email address, phone number, billing details and shipping details including shipping address, details of the product purchased, card holder name, currency, tax amount and purchase amount.
Information that we collect automatically
i. Information from browsers, devices and servers: When you or your customers visit our websites, we collect information that web browsers, devices and servers make available, such as the internet protocol address, browser type, language preference, date and time of access, time zone, time spent on sites, information about operating system, information about device (such as screen resolution, device manufacturer and model), plug-ins, Add-ons, pages visited, and links clicked. We also collect the URLs using which your customers make payments to you. We collect these to understand more about visitors, to detect, monitor, prevent and take actions against fraudulent activities.
ii. Cookies and tracking technologies: We use temporary and permanent cookies to identify users of our services, to enhance user experience and to monitor, detect, and prevent fraudulent activities. We embed unique identifiers in our downloadable products to track usage of the products. We also use cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors and users, understand email campaign effectiveness and for targeted visitor and user engagement by tracking your activities on our websites. We mostly use first-party cookies and do not use third-party cookies or other third-party tracking technologies on our websites for non-essential or intrusive tracking. You can learn more about the cookies used on our websites here. You can also learn more about Zoho's stance against non-essential and intrusive third-party cookies and tracking technology here. We also use first-party Local Storage Objects (LSOs) such as HTML5 to store content information and preferences to provide certain features.
Information that we collect from third parties
i. Information from identity verification providers: To help us provide you Zoho payments, we engage certain third party service providers for identity verification, fraud detection and fraud prevention. We receive certain personal information about you and your potential household members such as name, social security identification number, date of birth, direct or indirect political exposure, current and previous addresses, your company name, and tax payer identification number, contact details such as primary and other phone number(s), status of the phone number(s), carrier information, Credit information about your business from such service providers when we (i) set-up your Zoho Payments Account; and (ii) process your payments initiated through Zoho Payments.
ii. Other sources: We collect identity related information (such as name, address, phone number, country) about you to monitor, detect, prevent fraudulent activities from other sources like website monitoring service providers, our business partners, financial service providers, and publicly available sources.
Part II – Who we share information with
Zoho group and third party sub-processors: In order to provide services and technical support for our products, the contracting entity within the Zoho group engages other group entities and third parties.
Identity verification providers: We may need to share some of your personal information that you provide to us during setting up of your Zoho Payments Account or when you process payments, with third-party identity verification service providers and website monitoring services to help us verify your identity and to detect and prevent fraud. These service providers are required to use your personal information in accordance with applicable data protection and privacy laws.
Third-party integrations you have enabled: Zoho Payments may support integrations with third-party products and services. If you choose to enable any third-party integrations, you may be allowing the third party to access the data and personal information in your account. We encourage you to review the privacy practices of the third-party services and products before you enable integrations with them.
Part III – Purposes for collecting and using your information
We may use your personal information for the following purposes :
- To provide you, your customers and other Zoho Payments users with Zoho Payments service (including but not limited to setting up and maintenance of your Zoho Payments Account and processing of your payments through Zoho Payments);
- To verify your identity and for detection and prevention of fraudulent transactions or activities;
- To comply with any legal requirements that apply to Zoho (including but not limited to compliance with the requirements under "know your customer", anti-money laundering laws, or anti - terrorism laws).
- To understand how you use Zoho Payments, to monitor and prevent problems, and to improve our service;
- To analyze trends, administer our websites, and track visitor navigations on our websites to understand what visitors are looking for and to better help them;
- To ask you to participate in surveys, or to solicit feedback on Zoho Payments;
- To provide customer support, and to analyze and improve our interactions with you;
- To monitor and improve marketing campaigns and make suggestions relevant to you.
- To communicate with you (such as through email) about Zoho Payments, changes to this Privacy Policy, terms of service or other important notices.
Part IV – Purposes for collecting and using your Customer's information
Except in connection with your use of Zoho Payments (which may involve sharing of your customer's personal information with banks and other third party providers who help us in offering you Zoho Payments), we will never use the personal information of your customers in any manner unless they are a direct customer of one or more of our Zoho services.
Part V – Fraud prevention
Zoho may process information relating to you or your customer to detect and prevent fraudulent activities.
Part VI – Your obligation to notify your customer
Your customers may not be aware of the fact that Zoho will process their personal information in connection with your use of Zoho Payments. You agree that you will notify your customers either by posting a privacy policy on your website or by any other reasonable means that explains to your customers how you (and how we on your behalf) collect and process their personal information. It is your obligation to get necessary consents from your customers to allow us to collect (from you or your customers directly), process, retain and share information.
Part VII – Compliance with Applicable Data Protection Laws
(i) Role of Zoho: We process all the personal information in compliance with applicable data protection and privacy laws including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). When we process informartion according to your instructions, we process the information on your behalf and our role is "processor" or "service provider" (as the terms are defined under GDPR and CCPA respectively). When we process information other than according to your instructions (such as for identity verification, fraud prevention, marketing, or compliance with our legal obligations), we act as a "controller" or "business" (as the terms are defined under GDPR and CCPA respectively).
(ii) Compliance with Data Subject Requests: Data Protection and Privacy Laws provide certain rights (such as right to know and access the information processed, right to request rectification or correction, right to object to the processing, right to restrict processing, right to data portability, and right to opt out of sale of personal information) to the data subjects.
If you are a customer of Zoho Payments, we provide you the ability to comply with these data subject requests. If we receive a data subject request directly from your customer or user (relating to the information for which we act as a processor), we will notify you of such request within reasonable time or redirect the data subject to you. It is your responsibility to comply with these data subject requests in accordance with applicable data protection and privacy laws. If we receive a data subject request (relating to the information for which we act as a controller), we will comply with the data subject requests as required by applicable data protection and privacy laws. Please note that we do not sell your personal information (as the term is defined under CCPA).
Part VIII – Retention of information
We retain your personal information for as long as it is required for the purposes stated in this privacy policy. Sometimes, we may retain your information for longer periods as permitted or required by law, such as to monitor, detect and prevent fraud, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, accounting, or to comply with other legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.