ZoomInfo is legal because its collection processes only aggregate business-related data, such as work email addresses or the job titles of a company’s employees. Generally speaking, lawmakers view information of this type differently than more sensitive information like browser history, health or financial information, or any other information about a person in a family or household capacity – which ZoomInfo does not collect or share. We also employ an internal team dedicated to proactively monitoring our data and research practices to ensure alignment with all relevant data protection and privacy laws, such as the GDPR and CCPA. If at any point an individual wishes to have their information removed from ZoomInfo’s database, they may do so by contacting us via our public privacy policy.
Here is how we comply with two major regulations: the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR):
CCPA Compliance
As a data broker, we are required to register with the State of California and provide consumers with clear and conspicuous notice regarding what data we collect, how it is used, and the rights consumers have, including the right to opt out of our database. We have implemented a comprehensive notice and choice program, and we will not include anyone in the database unless they have directly received notice from us. So you can be confident the data you get from us is CCPA compliant.
In addition we have taken affirmative steps to ensure our ongoing commitment to privacy including:
- Product Enhancements: We have enhanced our products to help our customers address CCPA obligations, including the publishing of notice dates and consumers who have requested removal, our consumer location and compliance API, and our customer master suppression list to propagate opt outs from your CRM and MAT systems directly in the ZoomInfo Powered by DiscoverOrg platform.
- Privacy Center Implementation: We have developed a comprehensive Privacy Center so consumers can proactively manage their data preferences and profiles.
- Privacy Policy and Website Update: We have proactively reviewed and updated our privacy policy and website assets to ensure transparency.
- Expansion of Privacy Communication Options: We have expanded the number of ways that data subjects are able to reach out to our privacy team, including the provisioning of a toll-free number to leave inquiries.
- Data Team Expansion: We have enhanced our data team to ensure proactive management of the data with comprehensive project management reviews.
- Data Inventory Accuracy Analysis: We have increased the accuracy and integrity of all data we host, by leveraging the resources of our internal and external data sources.
- Employee Training and Awareness: We conduct employee awareness and training to ensure ongoing compliance.
GDPR Compliance
ZoomInfo is dedicated to GDPR compliance, and we employ several GDPR and privacy experts on our executive team who are working hard to ensure full compliance with the regulation in our data practices. These include our General Counsel, Corporate Counsel, Head of Privacy and Compliance, our Data Protection Officer, and our Senior Vice President of Data and Research (a licensed attorney).
Prior to the GDPR becoming law (in fact, about three years ago), ZoomInfo implemented a plan to provide notice to all EU-based contacts in our database. The notices state that we are processing their business contact information in our database to provide to our paying clients for their marketing purposes. We give each person the right to opt-out of our database upon request and have been honoring such requests since we implemented the notice program.
Within our secure and password-protected customer platform, we publish a list of contacts who have recently opted out of our database. Customers are asked to check this list regularly and independently honor those opt-outs, unless they have a separate, independent lawful basis to continue to process and store that data.
ZoomInfo continues to process only business contact information for EU contacts: company, job title, work email address, work phone number, etc. We do not provide sensitive personal information of any kind, e.g. health information, political or religious ideology, internet search history, etc. We simply provide the type of information that is typically found on a business card, an email signature block, or a public professional profile.
ZoomInfo also has a Director of Data Practices, who serves as the company’s Data Protection Officer. This person is responsible for several things, including:
- Maintaining comprehensive records of all data processing activities conducted by the company
- Serving as the point of contact between the company and GDPR Supervisory Authorities
- Educating the company and employees on important compliance requirements
- Serving as a resource for customers and strategic partners regarding the company’s ongoing compliance with data protection and privacy regulations
- Conducting audits to ensure compliance and address potential issues proactively
- Training staff involved in data processing
Please visit our Privacy Center for more information on our policies and to manage your privacy preferences.