How eMailPlatform adheres with the GDPR
Secure servers – located in the Netherlands
All data is stored and processed on our dedicated, secure Google Cloud Platform servers which are themselves physically located in the Netherlands.
These servers stand behind high-performance firewalls, are regularly updated with the latest versions of operating systems, and are scanned daily for vulnerabilities.
Delivery of emails to recipients
Additionally, we handle the actual delivery of your emails to the recipient’s server or service (e.g. Gmail, Hotmail/Outlook.com), something the vast majority of our competitors have outsourced to foreign companies.
This means that the sensitive delivery information and statistics in the MTA itself (the special SMTP server for outgoing emails) are under our complete control and reside on our own servers.
GDPR features in eMailPlatform
As your data processor, it is our most important task to ensure that your business can live up to your responsibility as the data controller. Therefore, we have developed a range of special features that extend beyond the EU’s GDPR directive.
The dilemma is the document requirement versus the right to be forgotten and deleted – not to be confused with the possibility of unsubscribing from a newsletter. In addition, all persons also have a right to receive what has been collected and recorded by information.
A contact card in eMailPlatform contains a wide range of information that the person either has entered or has been enriched from integrations with other systems – or derived from the behavior of the recipient. A behavior can be the opening of a newsletter, a click, update of information, or other underlying processes such as geographical location and much more.
If someone wants to be deleted according to GDPR, simply select Delete. Delete removes all unnecessary fields on the contact card, removes the contact from all lists, exports, and other data sets. However, it will always be possible to search the contact card again if you know the full email address. That way, eMailPlatform makes it easy to meet the documentation requirement.
Like this post so far? Follow us on Facebook so you never miss out.
Imagine the situation where a person has wanted to be deleted. As a data controller, you have to make sure it happens by deleting any communication with the person. The following day, the person decides to accuse your company of sending out SPAM. By making a search on the person’s email address in eMailPlatform, the above deleted profile will appear and your company can comply with the documentation requirement.
The Data Inspectorate has approved the process of keeping an absolute minimum of information to comply with the documentation requirement.
If a GDPR deleted person is to be re-registered, select Resubscribe at the top left of the contact card. A popup box says that it requires a confirmed signing up. We have done so to protect you and your company from unintentional re-enrollment.
Upon re-enrollment, the person will receive a confirmation email (SMS if the permission is on SMS), where the recipient must actively click on a confirmation link. Just as you know it from any other confirmed signing up.
After the recipient has confirmed the registration, a new contact card will be generated with a new unique SubscriberID.
The redirected contact has an average MailRating and no other information. Subscriber Source will be Re-subscribed and thus very easily identifiable.
In eMailPlatform, the original permission, i.e. the GDPR deleted contact, will still be preserved. Most of all, to document the original permission, but also to avoid doubt that the deletion has been completed.
Flow from sign-up to re-enrollment
A contact can be recorded in eMailPlatform in several different ways. Either through a web form created in eMailPlatform and inserted on your company website or webshop, through an integration with CMS, webshop, popup solution or the like – or by import from Excel, CSV or as import through DataSync that can handle very large and complicated data volumes.
The contact can either be verified before it is inserted into eMailPlatform or confirmed via a web form or an automation flows in eMailPlatform. After the contact is confirmed, this can receive promotions.
If the person signs up in a received newsletter, the status will change to Unsubscribed, i.e. unsubscribed. Thus, the contact will no longer receive campaigns or automated flows that send out campaigns.
There is a difference between a completely normal unsubscribe where the person has not wanted to be deleted, and then a desired deletion and possibly simultaneous disclosure of registered information.
Unsubscribe then “pauses” the contact card, whereas deletion removes all unnecessary information and directly blocks that email address from signing up to other lists. It is important to distinguish between an enrollment and a GDPR approved deletion. Operating your business with multiple lists, for example, required by multiple brands, an enrollment from one list does not necessarily mean an enrollment from the other list – the other brand.
We have chosen this procedure because a signed-in person can contact and request registered data later. If a deletion was made directly on a cancellation, it would be difficult to comply with the law’s requirement for insight into registered information.
After a person, a contact, has been GDPR deleted, he or she may wish to be re-registered. This can be done either through an eMailPlatform web form, where the person completes the form and receives an email for confirmation, or through the special Re-subscribe feature, which also sends a message to the person, and asks that confirm the desire to be re-registered.
We can not see your data
All data you enter into eMailPlatform belongs to you and your company. We are just your data processor. And the data can be exported from our platform at any time.
In addition, we have made it impossible for our employees to identify the people behind your contacts in eMailPlatform. A rule removes 40% of the email address or mobile number – and replaces it with an asterisk.
We also can not export the data without your prior approval.
In this way, we ensure the people in the best way possible for your company data. It is neither a requirement in the Personal Data Act nor the GDPR, but an additional protection we have provided at eMailPlatform. Besides, of course, the data is encrypted in our databases.
As always, our support is looking forward to hearing from you. Create your free account today.
Book your free demo of eMailPlatform now. We will show you eMailPlatform in action and answer all the questions you have before starting your email marketing journey.