Our GDPR policy & our ethical commitments

The General Data Protection Regulation (GDPR) is the formalisation of an ethical marketing approach that protects individual rights.

Far from being an obstacle, we see the GDPR as an opportunity for improvement that we have been advocating for several years now by promoting the development of trust-based relationships between companies and consumers.

In line with our recommendations and the requirements imposed by the GDPR, Dolist is involved as data controller, but also as a processor, in securing the processing of personal data that we carry out on behalf of our customers.

Our GDPR Policy

Download our Personal Data Protection Policy

* Required information

In an effort to strengthen the personal data protection policy, Dolist thus commits itself to comply with the following points, whether or not they are obliged by the GDPR:

General Framework & Risk Anticipation

  • Data Privacy Officer” (DPO).
  • Record of all personal data processing activities
  • Non-disclosure agreement signed by all Dolist employees, who have also been made aware of and trained in the issues of confidentiality and data protection.
  • Limit the handling of our customers’ data to the tasks we are assigned as processors, and ensure they are only performed by authorised individuals
  • Partners and processors comply with security and data protection requirements
  • Adherence to the industry’s professional codes of good conduct: we are a member of the SNCD (French federation for direct marketing) and Signal Spam
  • Reduction of the risks relating to the protection and confidentiality of personal data thanks to the implementation, beforehand, of the necessary legal and technical actions (Privacy by design).
Interface sécurité Dolist

Security & Technical Aspects

  • Since 2015, conduct a security audit.
  • Since 2015, regularly perform intrusion tests and keep a record of security incidents.
  • Since 2016, organise and supervise security-related aspects through a General Policy on Information Security (PGSI – Security and Information General Policy)
  • Ensure customer authentication, security, and the traceability of access to Dolist technologies.
  • Transmit customer data via secure channels.
  • Notify and alert affected customers of security breaches as soon as possible so controllers can react quickly.
  • Hosting of customer data and secure servers:
    • Our customer data is hosted according into a strictly confidential contractual framework, and is isolated and backed up daily
    • Data is encrypted.
    • Application servers are hosted on a virtual platform that is part of our own infrastructure (private Cloud).
    • The technical infrastructure is hosted in a French Data Centre, with secure access that is limited to authorised personnel.
  • Additional advanced security procedures (24/7 supervision of platforms, real-time monitoring, daily backups, etc.)

Customer Support & Compliance with the GDPR

  • We provide our customers with several technical solutions:
    • Opt-in collection of contacts, with proof that consent has been given.
    • A storage period that complies with the GDPR standards.
    • Mechanisms to explicitly protect the rights of data subjects, including subscription cancellation (email addresses are only preserved to ensure that no messages are sent).
    • Anonymisation of the personal data of people who have unsubscribed.
  • We provide a number of additional services:
    • Since 2009, quality audits and database cleaning.
    • Trainings on good practices and collection of contacts.
    • Advice and support for implementing ethical and sustainable marketing strategies.
  • Since 2008, ongoing education of our customers and prospects on good Marketing practices (talks, webinars, white papers, blog, newsletters, etc.).
  • Accreditation of customers to prove they comply with regulations on databases and the cleanliness of their contacts database.
Mise en conformité RGPD et accompagnement

Protecting the Rights & Information of Data Subjects

As data controller, Dolist also ensures that the following commitments are complied with in practice:

  • Update our confidentiality policy/legal notice on the Dolist website.
  • Promote our policy on personal data protection and cookie management
  • Obtain the consent of individuals to collect their personal and behavioural data (cookies) through an explicit request, and preserve the proof.
  • Be transparent about the information collected, the reason for collection, and the storage period on all registration forms and in the website’s legal notice.
  • Comply with the main principles of personal data processing: lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimisation, accuracy, integrity, and confidentiality.
  • In addition to the right of access to and rectification or deletion of personal data, establish the right to the removal of data (the right to be forgotten in the online environment).
  • Limit the use of personal data for profiling.
  • Ensure that data management and processing is performed in Europe, excepting derogations.
  • Do not sell, share, or rent personal data.
  • Only the data necessary for the purpose of the processing is therefore processed: in other words, the amount of data collected is limited as well as the storage period and the number of people having access to the data (Privacy by default).