The General Data Protection Regulation (GDPR) is the formalisation of an ethical marketing approach that protects individual rights. Far from presenting an obstacle, we see it as an opportunity to improve performance. We have actually been recommending such an approach for several years by promoting the establishment of trust between companies and consumers.
In line with our own recommendations and the requirements of the GDPR, Dolist is taking action as both a controller and processor to ensure that the personal data processing we perform for our customers is secure.
Dolist has undertaken efforts to comply with regulations on the protection of personal data and has made the following commitments, regardless of whether or not they are required by the future regulation:
General Framework & Risk Anticipation
|Name a “Data Privacy Officer” (DPO).|
|Establish a record of all personal data processing activities.|
|Familiarise our staff with the principles of confidentiality and the security of personal data, provide training sessions, and establish confidentiality and security agreements.|
|Limit the handling of our customers’ data to the tasks we are assigned as processors, and ensure they are only performed by authorised individuals.|
|Ensure that our partners and processors comply with security and data protection requirements.|
|Adhere to the industry’s professional codes of good conduct: we are a member of the SNCD (French federation for direct marketing) and Signal Spam.|
|Privacy by design – Limiting risks to security and confidentiality of private data by setting up both legal and technical precautions beforehand.|
Security & Technical Aspects
|Conduct a security audit.|
|Regularly perform intrusion tests and keep a record of security incidents.|
|Organise and supervise security-related aspects through a General Policy on Information Security (PGSI – Security and Information General Policy).|
|Ensure customer authentication, security, and the traceability of access to Dolist technologies.|
|Transmit customer data via secure channels.|
|Notify and alert affected customers of security breaches as soon as possible so controllers can react quickly .|
|Hosting of customer data and secure servers:|
|• Our customer data is hosted according into a strictly confidential contractual framework, and is isolated and backed up daily.|
|• Data is encrypted.|
|• Application servers are hosted on a virtual platform that is part of our own infrastructure (private Cloud).|
|• The technical infrastructure is hosted in a French Data Centre, with secure access that is limited to authorised personnel.|
|Additional advanced security procedures (24/7 supervision of platforms, real-time monitoring, daily backups, etc.).|
Customer Support & Compliance with the GDPR
|We provide our customers with several technical solutions:|
|• Opt-in collection of contacts, with proof that consent has been given.|
|• A storage period that complies with the GDPR standards.|
|• Mechanisms to explicitly protect the rights of data subjects, including subscription cancellation (email addresses are only preserved to ensure that no messages are sent).|
|• Anonymisation of the personal data of people who have unsubscribed.|
|We provide a number of additional services:|
| • Quality audits and database cleaning.
• Trainings on good practices and collection of contacts.
• Advice and support for implementing ethical and sustainable marketing strategies.
|Ongoing education of our customers and prospects on good Marketing practices (talks, webinars, white papers, blog, newsletters, etc.).|
|Accreditation of customers to prove they comply with regulations on databases and the cleanliness of their contacts database|
Protecting the Rights & Information of Data Subjects
|Update our confidentiality policy/legal notice on the Dolist website.|
|Promote our policy on personal data protection and cookie management.|
|Obtain the consent of individuals to collect their personal and behavioural data (cookies) through an explicit request, and preserve the proof.|
|Be transparent about the information collected, the reason for collection, and the storage period on all registration forms and in the website’s legal notice.|
|Comply with the main principles of personal data processing: lawfulness, fairness, transparency, purpose limitation, storage limitation, data minimisation, accuracy, integrity, and confidentiality.|
|In addition to the right of access to and rectification or deletion of personal data, establish the right to the removal of data (the right to be forgotten in the online environment).|
|Limit the use of personal data for profiling.|
|Ensure that data management and processing is performed in Europe, excepting derogations.|
|Do not sell, share, or rent personal data.|
|Privacy by default – Making sure only necessary data is collected for a particular usage: limiting the access to, amount and the conservation period of said data.|
|You want more information?
Feel free to contact us→