How MarketingPlatform complies with GDPR
First and foremost, all our data is securely located within the borders of EU. Therefore your business is on a very safe footing when you choose MarketingPlatform as the supplier of your Marketing Automation platform.
MarketingPlatform more than meets the EU GDPR and the Danish Data Protection Act. No one else has access to the data you import, collect and thus store in MarketingPlatform.
The GDPR legislation states that it is important to avoid storing data outside the EU unless it is absolutely necessary. At MarketingPlatform, we help your business comply with these laws.
Secure servers – located in the Netherlands
All data is stored and processed on our dedicated, secure Google Cloud Platform servers which are themselves physically located in the Netherlands.
These servers stand behind high-performance firewalls, are regularly updated with the latest versions of operating systems, and are scanned daily for vulnerabilities.
Delivery of emails to recipients
In addition, we handle ourselves the actual delivery of your emails to the recipient’s server or service (eg Gmail, TDC or Hotmail / Outlook.com). This is something the vast majority of our competitors have outsourced to foreign companies. Our servers are located in Ballerup (Denmark) with the hosting company Sentia in the Interxion facility (will be moved to Google Cloud upon correct support of BYOIP – Bring Your Own IP – in large scale).
This means that the sensitive delivery information and statistics in the MTA itself (the special SMTP server for outgoing emails) are under our sole control and resident on their own servers.
GDPR features in MarketingPlatform
As your data processor, it is our most important task to ensure your business can live up to your responsibility as the data controller in as worry-free a way as possible. Therefore, we have developed a range of special features that aligns with the Danish Data Protection Act the EU’s GDPR directive.
The dilemma is the documentation requirement versus the right to be forgotten and data deleted – not to be confused with the possibility of unsubscribing from a newsletter. In addition, all persons also have a right to receive detailed information of what has been collected and recorded about them.
The Data Inspectorate has approved the process of keeping an absolute minimum of information in order to comply with documentation requirements.
Upon re-enrollment, the person will receive a confirmation email (SMS if the permission is on SMS), where the recipient must actively click on a confirmation link. This is the same procedure as the familiar process you know from any other confirmed sign-up.
After the recipient has confirmed the registration, a new contact card will be generated with a new unique SubscriberID.
In MarketingPlatform, the original permission, ie the GDPR deleted contact, will still be preserved. Most of all, this is in order to document the original permission, but also to avoid doubt that the requested deletion has been completed.
Flow from a sign-up to a re-enrollment
A contact can be recorded in MarketingPlatform in several different ways. Either through a web form created in MarketingPlatform and inserted on your company website or webshop, through an integration with CMS, webshop, popup solution or the like – or by import from Excel, CSV, or as an import through DataSync that can handle very large and complicated data volumes.
The contact can either be verified before it is inserted into MarketingPlatform or confirmed via a web form or automation flows in MarketingPlatform. After the contact is confirmed, they can begin to receive campaigns.
If the person unsubscribes via a received newsletter, their status will change to Unsubscribed. Thus, the contact will no longer receive campaigns or automated flows that send out campaigns.
There is a difference between a completely standard unsubscribe, in which the person has not expressed a wish to be deleted, and an explicit request for data deletion, and perhaps at the same time, the retrieval of registered information.
The “pause” simply breaks the contact card, whereas an “erase” removes all unnecessary information and directly blocks that email address from signing up to other lists. It is important to distinguish between unsubscribing and a GDPR approved deletion. When operating your business with multiple lists, for example, required by multiple brands, unsubscribing from one list does not necessarily mean unsubscribing from all other lists – the other brand(s).
We have chosen this procedure because an unsubscribed person at a later date can contact and request to be provided with all their registered data. If a deletion was made directly on an unsubscribe request, it would be difficult to comply with the law’s requirements for full details regarding registered and recorded information.
After a person, a contact has been deleted following GDPR processes, he or she may wish to be re-registered. This can either be done through an MarketingPlatform web form where the person completes the form and receives an email for confirmation or through the special Resubscribe feature that also sends a message to the person and asks for confirmation of the desire to be re-registered.
We cannot see your data
All data you enter into MarketingPlatform naturally belongs to you and your company. We are just your data processor. This data can be exported from our platform at any time.
In addition, we have made it impossible for our employees to identify the people behind your contacts in MarketingPlatform. An automated rule removes 40% of the email address or mobile number – and replaces it with an asterisk.
We also can not export the data without your prior approval.
In this way, we secure the safety of people that make up your company data in the best possible way. It is neither a requirement in the Danish Data Protection Act nor the GDPR, but an additional protection we have chosen to provide at MarketingPlatform. Furthermore, of course, the data is encrypted in our databases.
And so the ring has ended from signing up over security to re-registration.
Encryption on disk level
Furthermore all content on harddrives (all types of storage) are encrypted. So below the pseudo encryption is a real strong encryption.