Responding to individual requests for access, correction, and deletion of data under applicable privacy laws
Under applicable privacy laws, which includes the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), a data subject may request that you provide access to, download, correct, or delete personal data processed by Zuora.
Zuora provides self-service functionality that enables you to:
- Identify the personal data of your subscribers
- Provide a copy of the data
- Correct the data
- Delete or anonymize the data
If you have technical questions about this article, submit a request at Zuora Global Support.
Identify and download personal data
Personal data of subscribers is stored primarily in Customer Accounts and Contacts. You can identify and download this personal data by exporting data from the Account data source and the Contact data source. See Generate a Data Source Export for more information.
Depending on the configuration of your Zuora tenant, personal data of subscribers may also be stored in custom fields of other business objects and custom objects. To identify the custom fields and custom objects that may contain personal data, review the labels and descriptions of the custom fields and custom objects that are defined in your tenant. See View Custom Fields and Custom object records for more information.
After identifying the custom fields and custom fields that may contain personal data, you can download the personal data by exporting data from the relevant data sources.
Edit and correct personal data
You can use the Zuora user interface to edit and correct personal data related to individual subscribers. See Manage Customer Accounts for more information.
You can use the REST API to edit and correct personal data on a batch basis. See the Zuora API Reference for information about the available REST API operations, including:
Delete or anonymize personal data
Zuora makes available different mechanisms to perform data deletion. You can use the following steps to permanently anonymize certain personal data related to an individual. Permanently anonymizing data is sometimes referred to as scrubbing the data.
However, Zuora is not advising that any or all of the steps below are required for deletion under applicable privacy laws. You choose whether to export any data you want to retain or archive for business purposes and which methods you want to deploy for deletion. If you have questions about what data you need to delete when you receive a request from an individual subscriber, you should contact your legal counsel for guidance.
After the data is deleted or anonymized, it cannot be recovered. If you change your mind about the deletion, Zuora is not responsible for retrieving or restoring data which you have deleted or anonymized.
After you delete or anonymize personal data, you will no longer have access to the personal data. In addition, functionality that relies on anonymized fields may no longer operate.
Complete the following steps to delete or anonymize the personal data:
Use the REST API operation, Scrub a payment method, to anonymize the payment methods associated with an individual. See Scrub Payment Methods for more information.
Anonymize the following Account fields:
- Account Name
- Account Number (If an account has posted invoices, closed accounting periods, journalized transactions, the Account Number field cannot be anonymized.)
- CRM Account ID
- PO Number
- Tax Exempt Certificate ID
- VAT ID
- Any custom fields that contain personal data
Certain fields, such as CRM Account ID, may be used for the integration with other systems. Anonymizing these fields may impact integration. If you want other systems to receive the anonymized data, do not anonymize these fields.
For information about how to change the values of these field, see Edit and Correct Personal Data.
Anonymize the following Contact fields:
- First Name
- Last Name
- Personal Email
- Address fields, including Address 1, Address 2, and so on
- Phone fields, including Home Phone, Mobile Phone, and so on
You can use use the Scrub a contact API operation to scrub the sensitive data of a specific contact. You can also change the values of these fields by referring to Edit and Correct Personal Data.
Remove the billing documents:
After you have anonymized account and contact data, regenerate all invoices, credit memos, and debit memos.
Use the REST API operation, Create a job to hard delete billing document files, to start the deletion of billing documents for specific accounts. You can use the REST API operation, Retrieve a job of hard deleting billing document files, to check the status of the deletion.
Anonymize payments by changing the Reference ID field for each transaction. You can use the Update API operation.
Note that you can only update the Reference ID for external payments. Currently, it is not possible to change the Reference ID field for electronic payments or refunds.
Remove the email and call-out notification history. To do this, submit a request at Zuora Global Support for further information.
Optional: Use the REST API operation, Delete, to remove the Export objects. Export objects correspond to data source exports. This step is optional because each exported file is only available for 7 days.
To delete any other objects, use the REST API operation, Delete.