How eMailPlatform complies with GDPR
First and foremost, all our data is securely located in Denmark. Therefore your business is on a very safe footing when you choose eMailPlatform as the supplier of your Marketing Automation platform.
Next, eMailPlatform is owned and controlled by creator and founder, Kim Østergaard, a Danish citizen and resident in Denmark. We are thus free of foreign interests, or external government requirements.
eMailPlatform more than meets the EU GDPR and Personal Data Act. No one else has access to the data you import, collect and thus store in eMailPlatform. Furthermore, your data is stored in Denmark’s most secure and certified data centre.
The GDPR legislation states that it is important to avoid storing data outside the EU unless it is absolutely necessary. At eMailPlatform, we help your business comply with these laws.
Secure servers located in Denmark
All data is stored and processed on our secure dedicated servers, physically located in Ballerup at Interxion. The data centre in Ballerup is a TIER III + data centre. The highest achievable safety level in Denmark.
Delivery of emails to recipients
In addition, we handle ourselves the actual delivery of your emails to the recipient’s server or service (eg Gmail, TDC or Hotmail / Outlook.com). This is something the vast majority of our competitors have outsourced to foreign companies.
GDPR features in eMailPlatform
As your data processor, it is our most important task to ensure your business can live up to your responsibility as the data controller in as worry-free a way as possible. Therefore, we have developed a range of special features that extend beyond Danish Persondatalov and the EU’s GDPR directive.
The dilemma is the documention requirement versus the right to be forgotten and data deleted – not to be confused with the possibility of unsubscribing from a newsletter. In addition, all persons also have a right to receive detailed information of what has been collected and recorded about them.
The Data Inspectorate has approved the process of keeping an absolute minimum of information in order to comply with documentation requirements.
Upon re-enrollment, the person will receive a confirmation email (SMS if the permission is on SMS), where the recipient must actively click on a confirmation link. This is the same procedure as the familiar process you know from any other confirmed sign-up.
After the recipient has confirmed the registration, a new contact card will be generated with a new unique SubscriberID.
In eMailPlatform, the original permission, ie the GDPR deleted contact, will still be preserved. Most of all, this is in order to document the original permission, but also to avoid doubt that the requested deletion has been completed.
Flow from a sign-up to a re-enrollment
A contact can be recorded in eMailPlatform in several different ways. Either through a web form created in eMailPlatform and inserted on your company website or webshop, through an integration with CMS, webshop, popup solution or the like – or by import from Excel, CSV, or as an import through DataSync that can handle very large and complicated data volumes.
The contact can either be verified before it is inserted into eMailPlatform or confirmed via a web form or automation flows in eMailPlatform. After the contact is confirmed, they can begin to receive campaigns.
If the person unsubscribes via a received newsletter, their status will change to Unsubscribed. Thus, the contact will no longer receive campaigns or automated flows that send out campaigns.
There is a difference between a completely standard unsubscribe, in which the person has not expressed a wish to be deleted, and an explicit request for data deletion, and perhaps at the same time, the retrieval of registered information.
The “pause” simply breaks the contact card, whereas an “erase” removes all unnecessary information and directly blocks that email address from signing up to other lists. It is important to distinguish between unsubscribing and a GDPR approved deletion. When operating your business with multiple lists, for example, required by multiple brands, unsubscribing from one list does not necessarily mean unsubscribing from all other lists – the other brand(s).
We have chosen this procedure because an unsubscribed person at a later date can contact and request to be provided with all their registered data. If a deletion was made directly on an unsubscribe request, it would be difficult to comply with the law’s requirements for full details regarding registered and recorded information.
After a person, a contact has been deleted following GDPR processes, he or she may wish to be re-registered. This can either be done through an eMailPlatform web form where the person completes the form and receives an email for confirmation or through the special Resubscribe feature that also sends a message to the person and asks for confirmation of the desire to be re-registered.
We cannot see your data
All data you enter into eMailPlatform naturally belongs to you and your company. We are just your data processor. This data can be exported from our platform at any time.
We also can not export the data without your prior approval.
In this way, we secure the safety of people that make up your company data in the best possible way. It is neither a requirement in the Personal Data Act nor the GDPR, but an additional protection we have chosen to provide at eMailPlatform. Furthermore, of course, the data is encrypted in our databases.
And so the ring has ended from signing up over security to re-registration.
As always, our support is looking forward to hearing from you. You can contact them at firstname.lastname@example.org or by phone +45 72 44 44 44.