Concerns around data privacy have been on the rise in recent years — and for good reason. As consumers in a technology-driven world, our information has become a new form of currency. Consumer-oriented businesses collect data to create profiles that can, among other things, power more personalized marketing campaigns and introduce people to products that are more relevant to their needs and interests.
As a privacy-first company, ZoomInfo is aware of growing concerns surrounding data collection, processing, and usage. In an effort to promote transparency, we’re pulling back the curtain here to share our rigorous approach and commitment to privacy.
Let’s unpack some of the most common myths surrounding ZoomInfo’s business data collection processes and walk through our commitment to privacy.
Data FAQ: Does ZoomInfo collect your sensitive personal information?
Answer: No. ZoomInfo only collects business-related data.
ZoomInfo is only interested in collecting business-related data about companies and their employees. We are not interested in sensitive personal data.
Sensitive personal data is data that an individual would rarely, if ever, share publicly, such as credit card information or social security numbers. It could also include information about their private life and behaviors, such as religious or political views, gender or sexual orientation, or health or financial information.
ZoomInfo does not collect this type of personal data.
The information ZoomInfo collects is business-related. Business-related data has to do with an individual’s professional status, such as where they work, their work email addresses and phone numbers, where their office is located, whom they report to, their education and employment history, and other work-related information.
We are only interested in helping businesspeople speak to other business people about business. We collect business information to help organizations and the people who work at them, to connect on sales, marketing, and talent recruiting efforts.
Data FAQ: Does ZoomInfo notify you when we add you to our database?
Answer: Yes. We send you a notification to your business email address before or shortly after your data first appears in our database.
ZoomInfo is committed to giving you control over your data. We proactively notify data subjects, with clear instructions on how to modify or delete their data that we’ve collected. We do this before or shortly after adding their information to our database. We also take steps to ensure that anyone who has removed their information from our database will not have their information re-added.
Our robust email notification process alerts individuals when their information is first added to our database. This is a global process, so individuals around the world receive a notification when their information is added to ZoomInfo’s database, regardless of whether local laws require us to provide this notice or not.
ZoomInfo sends out tens of millions of notification emails annually, as part of a process that we put in place back in 2017. Our dedicated email management team is always improving this process to ensure that not only are these emails being sent, but also that they arrive successfully in the individual’s inbox.
Data FAQ: Does ZoomInfo make opting out of its database difficult?
Answer: No. There are multiple ways to opt out of ZoomInfo’s database.
ZoomInfo respects the individual’s right to opt out of our database at any time. You can easily opt out of ZoomInfo’s database in one of three ways:
1. Click on the “Manage your Profile” tab within our Privacy Center to review your profile, see what data has been collected, and update or remove your profile.
2. Email us at email@example.com and request removal.
3. Call (833) 901-0859 and request removal.
Data FAQ: Is ZoomInfo trying to intrusively profile me?
Answer: No. ZoomInfo uses business data to create business-focused profiles to connect business people to talk about business.
Our teams collect data that is relevant for business professionals to connect with one another. The profiles created within our database are business-focused and not extensive. They are what you would expect to find on a business card or a resume.
We look for key data that can help the right people engage with one another at the right time to conduct business. We do not seek to discover other aspects of a contact’s personal life.
Data FAQ: Does ZoomInfo align with privacy regulations in the US and around the world?
Answer: Yes. ZoomInfo’s governance framework aligns with the regulations in our major markets, including the GDPR and CCPA, and we are ISO 27701 certified.
Even before GDPR was enacted in 2018, we implemented a number of internal processes that aligned with compliance regulations in the US and Europe. For example, our Global Notification Plan ensures that we proactively notify contacts when they are added to our database and provide them with the ability to opt out of our database at any time. This aligns with Article 14 of the GDPR, which requires a notification process for data collection, processing, and storing.
In early 2022, we hired our first Chief Compliance Officer, Simon McDougall, a world-renowned privacy expert. McDougall previously worked as a privacy regulator for the Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
At ZoomInfo, we maintain an active privacy compliance strategy. We have also been expanding our organization globally, welcoming more than 500 additional employees outside of the US. As we continue to grow into new markets, our teams work diligently to remain agile and refine compliance measures in accordance with evolving privacy regulations.
Data FAQ: The CPPA and GDPR require consent for data processing. Is ZoomInfo compliant with these statutes?
Answer: It is a common misconception that consent is needed to process data under the GDPR and the CCPA. The two regimes differ, but consent is not required in either.
The GDPR lays out six legal bases of processing, all of which are of equal standing. In order to lawfully process data under the GDPR, companies must utilize one of the six legal bases. One legal basis exists where the data subject has provided consent. Another basis exists for purposes of the “legitimate interests” pursued by the company or a third party, except where overridden by the interests or fundamental rights and freedoms of the data subject. ZoomInfo relies upon the legitimate interest legal basis for the processing of data subject to the GDPR.
We think it is clear that ZoomInfo’s legitimate interest in processing business contact data, to organize and make it available to our customers for B2B sales, marketing, and recruiting purposes, is not outweighed by the fundamental rights and freedoms of the data subjects given the limited impact of this data on an individual’s private life, the fact that individuals would reasonably expect their business contact information to be shared for these purposes, and that this information is widely disclosed.
Unlike the GDPR, the CCPA does not require a legal basis for processing personal data. Consent is required only in limited circumstances, such as when a business enrolls an individual into a financial incentive program (e.g., loyalty programs). However, consent is not required in order to collect, process, or sell personal data. ZoomInfo respects the applicable requirements of the CCPA, including the right for consumers to request to opt-out of the sale of their personal data.
Data FAQ: Does ZoomInfo support phone spammers?
Answer: No. ZoomInfo’s platform and contract agreements restrict spam calling.
We believe that every business call should be pertinent to all parties involved. We collect work phone numbers and, in some cases, mobile phone numbers, to help salespeople, marketers, and talent managers connect with the right people to have productive, meaningful conversations. ZoomInfo customer contracts also require that businesses only use our data to contact individuals for the purposes of B2B sales or marketing.
To further support individual privacy, our SalesOS platform supports the suppression of phone numbers on nine global “Do Not Call” lists. When the Do Not Call suppression toggle is enabled in ZoomInfo’s platform, the phone numbers of individuals who have registered with one or more of these nine lists will not be included in any of the sales and marketing search results within our database. When salespeople or marketers try to access one of these contacts, a pop-up will appear with a message explaining that the contact has registered for a Do Not Call list and that their phone number is being suppressed from the search results.
Note: Some Do Not Call lists have B2B exemptions. This varies on a country-by-country basis.
Data FAQ: Can ZoomInfo read my emails via “Community Edition”?
Answer: No. Our Community Edition software only identifies contact information within email headers, signature blocks, and email contact books.
ZoomInfo’s Community Edition opens the door for many small businesses to access our platform and data without tapping into their budgets. In exchange for free access to Community Edition, Community Edition subscribers help populate the ZoomInfo database with the information contained in email headers, signature blocks, and email contact books, such as name, job title, company, email address, and phone number.
We have no visibility into, nor interest in, the actual content of subscriber emails. Subscribers run a program, in their own environment, that extracts only the email addresses in the header of the incoming emails (i.e., to/from/cc) and the contact information contained in email signature blocks and email address books.
This email address data is then sent to ZoomInfo to match against existing contact information in our database. Our sophisticated Privacy Parser ensures that only business-related contact information is collected during this process.
As a privacy-first company, we will always work to support business conversations without compromising the privacy and security of individuals. If you have any additional questions about ZoomInfo’s data privacy practices and policies, please check out our newly refreshed Privacy Center for more information.
Please note that the above is provided for informational purposes only. ZoomInfo is not qualified to and does not intend to provide legal advice of any kind. The information provided by ZoomInfo should never be relied upon as a substitute for independent legal advice.