The General Data Protection Regulation (GDPR) is the formalisation of an ethical marketing approach that protects individual rights. Far from presenting an obstacle, we see it as an opportunity to improve performance. We have actually been recommending such an approach for several years by promoting the establishment of trust between companies and consumers.

In line with our own recommendations and the requirements of the GDPR, Dolist is taking action as both a controller and processor to ensure that the personal data processing we perform for our customers is secure.

Dolist has undertaken efforts to comply with regulations on the protection of personal data and has made the following commitments, regardless of whether or not they are required by the future regulation:

General Framework & Risk Anticipation

Name a “Data Privacy Officer” (DPO).
Establish a record of all personal data processing activities.
Familiarise our staff with the principles of confidentiality and the security of personal data, provide training sessions, and establish confidentiality and security agreements.
Limit the handling of our customers’ data to the tasks we are assigned as processors, and ensure they are only performed by authorised individuals.
Ensure that our partners and processors comply with security and data protection requirements.

since 2004
Adhere to the industry’s professional codes of good conduct: we are a member of the SNCD (French federation for direct marketing) and Signal Spam.
Privacy by design – Limiting risks to security and confidentiality of private data by setting up both legal and technical precautions beforehand.

Security & Technical Aspects

since 2015
Conduct a security audit.

since 2015
Regularly perform intrusion tests and keep a record of security incidents.

since 2016
Organise and supervise security-related aspects through a General Policy on Information Security (PGSI – Security and Information General Policy).
Ensure customer authentication, security, and the traceability of access to Dolist technologies.
Transmit customer data via secure channels.
Notify and alert affected customers of security breaches as soon as possible so controllers can react quickly .
Hosting of customer data and secure servers:
    •   Our customer data is hosted according into a strictly confidential contractual framework, and is isolated and backed up daily.
   •   Data is encrypted.
   •   Application servers are hosted on a virtual platform that is part of our own infrastructure (private Cloud).
   •   The technical infrastructure is hosted in a French Data Centre, with secure access that is limited to authorised personnel.
Additional advanced security procedures (24/7 supervision of platforms, real-time monitoring, daily backups, etc.).


Customer Support & Compliance with the GDPR

We provide our customers with several technical solutions:
   •   Opt-in collection of contacts, with proof that consent has been given.
   •   A storage period that complies with the GDPR standards.
   •   Mechanisms to explicitly protect the rights of data subjects, including subscription cancellation (email addresses are only preserved to ensure that no messages are sent).
   •   Anonymisation of the personal data of people who have unsubscribed.
We provide a number of additional services:

since 2009
   •   Quality audits and database cleaning.
•   Trainings on good practices and collection of contacts.
•   Advice and support for implementing ethical and sustainable marketing strategies.

since 2008
Ongoing education of our customers and prospects on good Marketing practices (talks, webinars, white papers, blog, newsletters, etc.).
Accreditation of customers to prove they comply with regulations on databases and the cleanliness of their contacts database


Protecting the Rights & Information of Data Subjects

Update our confidentiality policy/legal notice on the Dolist website.
Promote our policy on personal data protection and cookie management.
Obtain the consent of individuals to collect their personal and behavioural data (cookies) through an explicit request, and preserve the proof.
Be transparent about the information collected, the reason for collection, and the storage period on all registration forms and in the website’s legal notice.
Comply with the main principles of personal data processing: lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimisation, accuracy, integrity, and confidentiality.
In addition to the right of access to and rectification or deletion of personal data, establish the right to the removal of data (the right to be forgotten in the online environment).
Limit the use of personal data for profiling.
Ensure that data management and processing is performed in Europe, excepting derogations.
Do not sell, share, or rent personal data.
Privacy by default – Making sure only necessary data is collected for a particular usage: limiting the access to, amount and the conservation period of said data.


You want more information?
Feel free to contact us→


* Required information

We need to collect the requested information in order to provide you with the requested document(s) via a message sent directly to the specified email address. You can also sign up for our newsletter and occasional offers of services, event invitations, surveys, or other information related to our activity. The information sent is reserved exclusively for use by the communication, customer service and sales departments of Dolist and will in no case be divulged to third parties.
For the purposes of customer relationship management, we retain personal data not more than 3 years following our latest interaction with you.
You have the right to access, correct, oppose and delete any data concerning you personally. To exercise these rights, contact us by email or write to our data processing managers, specifying your email address: Dolist - Jean-Paul LIEUX et Denis OLIVIER - 6 avenue Henry Le Châtelier 33700 Mérignac - FRANCE. We will undertake to respond to your request within a maximum of one month.
If you feel that your rights have been violated, or if we should fail to respond, you are entitled to submit a complaint to the CNIL. CNIL Declaration N°1276250.