TDS Zid Odoo Connector
by PT TechNion
ربط زد مع أودو
GDPR Privacy Notice
General Data Protection Regulation (EU/UK) disclosure for merchants and data subjects whose data is processed through TDS Zid Odoo Connector, operated by PT TECHNION DIGITAL SOLUTIONS.
Data Controller
PT TECHNION DIGITAL SOLUTIONS acts as the data processor operating the TDS Zid Odoo Connector middleware. The merchant (Zid store owner) is the data controller for end-customer personal data that flows through the connector. PT TECHNION DIGITAL SOLUTIONS processes merchant account data as a controller for account and session management purposes.
Legal Basis for Processing
- Contract performance (Art. 6(1)(b) GDPR): Processing is necessary to provide the connector service the merchant has subscribed to — authenticating via Zid OAuth, relaying orders and inventory, and maintaining session state.
- Legitimate interests (Art. 6(1)(f) GDPR): Security logging, fraud prevention, rate limiting, and service reliability monitoring.
- Legal obligation (Art. 6(1)(c) GDPR): Retention of records required by applicable tax or accounting laws.
Categories of Personal Data Processed
- Merchant account data: Zid merchant ID, store ID, administrator email, OAuth access tokens (encrypted at rest).
- Order & customer data (relayed): End-customer names, delivery addresses, email addresses, order line items, and payment references contained in Zid orders forwarded to the merchant's Odoo instance.
- Technical data: Hashed IP addresses, hashed user-agent strings for session security, webhook event metadata, and sync operation logs.
- Financial data: Invoice amounts, VAT identifiers, and tax data required for Odoo accounting workflows.
Data Transfers Outside the EEA
The connector service is operated from servers that may be located outside the European Economic Area (EEA). When personal data is transferred internationally, PT TECHNION DIGITAL SOLUTIONS applies appropriate safeguards including Standard Contractual Clauses (SCCs) where required. The Zid platform is operated from Saudi Arabia; merchants should refer to Zid's own GDPR documentation for transfers originating from the Zid API. The merchant's Odoo instance is hosted by the merchant or their chosen provider, who is responsible for their own transfer compliance.
Your Rights Under GDPR
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data where no overriding legal basis for retention exists.
- Right to restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
Data Retention
OAuth tokens and merchant sessions are retained only while the merchant account is active and for a short period afterwards to support audit and security purposes. Sync logs and webhook records are retained on a rolling operational schedule. Personal data within relayed order records is retained only as long as required to complete the sync operation, after which it is not stored in the connector database beyond hashed references needed for idempotency.
Security Measures
OAuth access tokens and API credentials are encrypted at rest using AES-256-GCM. Session tokens are stored server-side only — no sensitive credentials are exposed to the browser. TLS encryption is enforced for all data in transit. IP addresses stored in logs are hashed (not stored in plain text) for security audit purposes.
How to Exercise Your Rights
Submit a data subject request to privacy@tnion.com. Please include your full name, the email associated with your merchant account, and a description of your request. We will respond within 30 days (extendable by 2 months for complex requests). We may request identity verification before disclosing or deleting data.
Contact & DPO
PT TECHNION DIGITAL SOLUTIONS — tnion.com · privacy@tnion.com · support@tnion.com