Highest standards for data protection and data security
Meeting the highest standards for data protection and data security is not just a legal requirement – it’s also smart business. As a technology and service provider, we ourselves see it as our responsibility to meet the highest standards for compliance issues. These include, among others, the maximum requirements for information security, availability and retention, the inclusion of privacy by design in all of our customer projects, and data protection-friendly functions and presettings in our real-time marketing automation technology, ELAINE®.
We would be happy to help you meet legal regulations in your digital dialogue marketing. Leading companies with the strictest compliance standards rely on our technology and expertise, including companies from highly regulated markets such as the financial sector, like ING-DiBa, the Generali Group and even large corporations like the BMW GROUP, which have special compliance requirements due to their complex corporate structures.
Certified under ISO 27001 and ISO 27018
ISO/IEC 27001 is the international standard used to assess and certify the management of information security processes in companies. In addition to information technology, ISO/IEC 27001 also includes the relevant business processes in particular and describes the requirements in place for the organisation and technical systems, as well as the activities that are suitable for permanently guaranteeing the security level determined on the basis of a risk assessment.
ISO 27018 is a standard that specifically regulates the processing of personal data in cloud environments. It stipulates strict legal data protection requirements for providers of cloud services and describes monitoring mechanisms and guidelines for the implementation of measures that ensure the protection of personal data in a cloud environment. The standard includes legal data protection requirements from the General Data Protection Regulation and adapts these specifically for information security risks in the cloud computing field.
Whitelisting – CSA-Certified
We are a member of the Certified Senders Alliance (CSA), one of the most important international whitelist providers. The CSA acts as a neutral interface between mailbox providers and senders of commercial emails. The goal of the CSA is to increase the quality of commercial emails (e.g. newsletters, invoices, order confirmations). To achieve this goal, the CSA establishes legal and technical quality standards.
We meet the standards of the CSA and have therefore been certified as a sender by the CSA, so that our customers benefit from whitelisting and other advantages of CSA certification. As a certified CSA member, we help you ensure that your marketing and service emails get delivered.
Software hosted in Germany
Companies are responsible for data protection and data security breaches, even if the data is stored and processed by a third party. Due to the strict legal standards concerning data protection and data security in Germany (e.g. protecting your data from unauthorised access), we host technology and data on German servers as a matter of course, unless you request another arrangement.
As such our real-time marketing automation technology, ELAINE®, has been certified with the ‘Software hosted in Germany’ seal.
SGB-compliant data processing by assignment
Insurance companies must comply with special data protection requirements because they process particularly sensitive social security data. Social security data protection is governed in Book X of the German Social Code (SGB X).
Through our solutions we offer SGB-compliant data processing by assignment, which takes into account all of these special legal data protection requirements.
Location and privacy code of conduct
Customer-centred digital dialogue marketing increasingly takes the customer’s location into account, e.g. when sending coupons for business located near the customer. Location data is personal data that is considered especially sensitive and requiring protection.
With the location and privacy code of conduct, we commit ourselves to obtaining the consent of the customer to collect their location data, and then collecting and analysing location-related data only within a permissible scope and using adequate measures to protect this data from misuse. We want to protect users’ privacy and ensure transparent user communications.