DATA PROTECTION & DATA SECURITY

Highest standards for data protection and data security

Meeting the highest standards for data protection and data security is not just a legal requirement – it’s also smart business. As a technology and service provider, we ourselves see it as our responsibility to meet the highest standards for compliance issues. These include, among others, the maximum requirements for information security, availability and retention, the inclusion of privacy by design in all of our customer projects, and data protection-friendly functions and presettings in our real-time marketing automation technology, ELAINE.

We would be happy to help you meet legal regulations in your digital dialogue marketing. Leading companies with the strictest compliance standards rely on our technology and expertise, including companies from highly regulated markets such as the financial sector, like ING-DiBa, the Generali Group and even large corporations like the BMW GROUP, which have special compliance requirements due to their complex corporate structures.

Certified under ISO 27001 and ISO 27018

ISO/IEC 27001
ISO/IEC 27001 is the international standard used to assess and certify the management of information security processes in companies. In addition to information technology, ISO/IEC 27001 also includes the relevant business processes in particular and describes the requirements in place for the organisation and technical systems, as well as the activities that are suitable for permanently guaranteeing the security level determined on the basis of a risk assessment.

ISO/IEC 27018
ISO 27018 is a standard that specifically regulates the processing of personal data in cloud environments. It stipulates strict legal data protection requirements for providers of cloud services and describes monitoring mechanisms and guidelines for the implementation of measures that ensure the protection of personal data in a cloud environment. The standard includes legal data protection requirements from the General Data Protection Regulation and adapts these specifically for information security risks in the cloud computing field.

TÜV Rheinland
ISO

Whitelisting – CSA-Certified

We are a member of the Certified Senders Alliance (CSA), one of the most important international whitelist providers. The CSA acts as a neutral interface between mailbox providers and senders of commercial emails. The goal of the CSA is to increase the quality of commercial emails (e.g. newsletters, invoices, order confirmations). To achieve this goal, the CSA establishes legal and technical quality standards.

We meet the standards of the CSA and have therefore been certified as a sender by the CSA, so that our customers benefit from whitelisting and other advantages of CSA certification. As a certified CSA member, we help you ensure that your marketing and service emails get delivered.

CSA zertifiziert

Software hosted in Germany

Companies are responsible for data protection and data security breaches, even if the data is stored and processed by a third party. Due to the strict legal standards concerning data protection and data security in Germany (e.g. protecting your data from unauthorised access), we host technology and data on German servers as a matter of course, unless you request another arrangement.

As such our real-time marketing automation technology, ELAINE, has been certified with the ‘Software hosted in Germany’ seal.

Software hosted in Germany

SGB-compliant data processing by assignment

Insurance companies must comply with special data protection requirements because they process particularly sensitive social security data. Social security data protection is governed in Book X of the German Social Code (SGB X).

Through our solutions we offer SGB-compliant data processing by assignment, which takes into account all of these special legal data protection requirements.

STGB

Location and privacy code of conduct

Customer-centred digital dialogue marketing increasingly takes the customer’s location into account, e.g. when sending coupons for business located near the customer. Location data is personal data that is considered especially sensitive and requiring protection.

With the location and privacy code of conduct, we commit ourselves to obtaining the consent of the customer to collect their location data, and then collecting and analysing location-related data only within a permissible scope and using adequate measures to protect this data from misuse. We want to protect users’ privacy and ensure transparent user communications.

parallax background LOCATION & PRIVACY CODE OF CONDUCT

Awards for data protection and data security

We have won multiple awards for our extraordinary services in data protection and IT security, including the CASED Security Award, the ECO Internet Award and the International Business Award, among others.
eco Internet Award
Cased Award