Spørgsmål? Ring til os på 72 44 44 44
Select Page

How eMailPlatform complies with GDPR

First and foremost, all our data is securely located in Denmark. Therefore your business is on a very safe footing when you choose eMailPlatform as the supplier of your Marketing Automation platform.

Next, eMailPlatform is owned and controlled by creator and founder, Kim Østergaard, a Danish citizen and resident in Denmark. We are thus free of foreign interests, or external government requirements.

eMailPlatform more than meets the EU GDPR and Personal Data Act. No one else has access to the data you import, collect and thus store in eMailPlatform. Furthermore, your data is stored in Denmark’s most secure and certified data centre.

The GDPR legislation states that it is important to avoid storing data outside the EU unless it is absolutely necessary. At eMailPlatform, we help your business comply with these laws.

Secure servers located in Denmark

All data is stored and processed on our secure dedicated servers, physically located in Ballerup at Interxion. The data centre in Ballerup is a TIER III + data centre. The highest achievable safety level in Denmark.

The servers are located behind high-performance firewalls, updated regularly with the latest versions of operating systems and scanned daily for vulnerabilities. Our subdatabase is Sentia, which conducts server-level maintenance and updates.

Delivery of emails to recipients

In addition, we handle ourselves the actual delivery of your emails to the recipient’s server or service (eg Gmail, TDC or Hotmail / Outlook.com). This is something the vast majority of our competitors have outsourced to foreign companies.

View form the delivery engine in eMailPlatform (MTA) – a small look behind the technology that ensures the optimal delivery capacity for sent campaigns
This means that the sensitive delivery information and statistics in the MTA itself (the special SMTP server for outgoing emails) are under our sole control and resident on their own servers.

GDPR features in eMailPlatform

As your data processor, it is our most important task to ensure your business can live up to your responsibility as the data controller in as worry-free a way as possible. Therefore, we have developed a range of special features that extend beyond Danish Persondatalov and the EU’s GDPR directive.

The dilemma is the documention requirement versus the right to be forgotten and data deleted – not to be confused with the possibility of unsubscribing from a newsletter. In addition, all persons also have a right to receive detailed information of what has been collected and recorded about them.

It is easy to download a contact’s registered data. Choose Export info in the upper right corner and request exports in JSON or Excel format
A contact card in eMailPlatform contains a wide range of information that the person either entered themselves, has been enriched from integrations with other systems – or derived from the behaviour of the recipient. A behaviour can be the opening of a newsletter, a click, update of information, or other underlying processes such as geographical location and much more.
The eMailPlatform contact card is threefold, with mandatory fields like email and mobile number in the upper left. You can add your own fields to the customer at the top right and collected behaviour at the bottom. Pay special attention to our MailRating system, which measures the contact’s “commitment” – here’s the contact VIP.
If someone wants to be deleted according to GDPR, simply select Delete. Delete removes all unnecessary fields on the contact card, removes the contact from all lists, exports, and other data sets. However, it will always be possible to search the contact card again if you know the full email address. That way, eMailPlatform makes it easy for you to meet the documentation requirement.
The same contact as above, here subjected to GDPR deletion. Email Permission is added to ‘Deleted’ and the only information stored is the permission field – when the person has signed up and confirmed sign up, as well as from which IP address the actions were taken
Imagine a situation where a person has requested to be deleted. As a data controller, you make sure it happens and delete any communication with the person. The following day, the person elects to accuse your company of SPAM. By making a search on the person’s email address in eMailPlatform, the deleted profile shown above will appear and your company can comply with the documentation requirement.

The Data Inspectorate has approved the process of keeping an absolute minimum of information in order to comply with documentation requirements.

Function for re-subscribing a GDPR deleted contact.
If a GDPR deleted person is to be re-registered, select Resubscribe at the top left of the contact card. A popup box then says that this requires a confirmed sign-up. We have done so to protect you and your company from unintentional re-enrollment.

Upon re-enrollment, the person will receive a confirmation email (SMS if the permission is on SMS), where the recipient must actively click on a confirmation link. This is the same procedure as the familiar process you know from any other confirmed sign-up.

After the recipient has confirmed the registration, a new contact card will be generated with a new unique SubscriberID.

Re-subscribed contact card which has email address as the only information that the person wanted to re-enter during confirmed signing in.
The redirected contact has a completely average MailRating and no other information. Subscriber Source will be Resubscribed and thus very easily identifiable.

In eMailPlatform, the original permission, ie the GDPR deleted contact, will still be preserved. Most of all, this is in order to document the original permission, but also to avoid doubt that the requested deletion has been completed.

Flow from a sign-up to a re-enrollment

A contact can be recorded in eMailPlatform in several different ways. Either through a web form created in eMailPlatform and inserted on your company website or webshop, through an integration with CMS, webshop, popup solution or the like – or by import from Excel, CSV, or as an import through DataSync that can handle very large and complicated data volumes.

The contact can either be verified before it is inserted into eMailPlatform or confirmed via a web form or automation flows in eMailPlatform. After the contact is confirmed, they can begin to receive campaigns.

If the person unsubscribes via a received newsletter, their status will change to Unsubscribed. Thus, the contact will no longer receive campaigns or automated flows that send out campaigns.

There is a difference between a completely standard unsubscribe, in which the person has not expressed a wish to be deleted, and an explicit request for data deletion, and perhaps at the same time, the retrieval of registered information.

The “pause” simply breaks the contact card, whereas an “erase” removes all unnecessary information and directly blocks that email address from signing up to other lists. It is important to distinguish between unsubscribing and a GDPR approved deletion. When operating your business with multiple lists, for example, required by multiple brands, unsubscribing from one list does not necessarily mean unsubscribing from all other lists – the other brand(s).

We have chosen this procedure because an unsubscribed person at a later date can contact and request to be provided with all their registered data. If a deletion was made directly on an unsubscribe request, it would be difficult to comply with the law’s requirements for full details regarding registered and recorded information.

After a person, a contact has been deleted following GDPR processes, he or she may wish to be re-registered. This can either be done through an eMailPlatform web form where the person completes the form and receives an email for confirmation or through the special Resubscribe feature that also sends a message to the person and asks for confirmation of the desire to be re-registered.

We cannot see your data

All data you enter into eMailPlatform naturally belongs to you and your company. We are just your data processor. This data can be exported from our platform at any time.

Around 40% of the email address or the mobile number will always be replaced with an asterisk.
In addition, we have made it impossible for our employees to identify the people behind your contacts in eMailPlatform. An automated rule removes 40% of the email address or mobile number – and replaces it with an asterisk.

We also can not export the data without your prior approval.

In this way, we secure the safety of people that make up your company data in the best possible way. It is neither a requirement in the Personal Data Act nor the GDPR, but an additional protection we have chosen to provide at eMailPlatform. Furthermore, of course, the data is encrypted in our databases.

And so the ring has ended from signing up over security to re-registration.

As always, our support is looking forward to hearing from you. You can contact them at support@emailplatform.com or by phone +45 72 44 44 44.