Empowering our customers to drive value in every digital engagement with integrity, trust and confidence
Transparency is our policy
We understand that you must be able to entrust your chosen marketing automation provider with one of your most valuable assets – data. To gain that trust, we continue to invest in technology and resources to build security and privacy into our platform. We operate a policy of transparency and aim to provide you with the information you need to feel confident in using Engagement Cloud.
We want you to be thrilled with our technology and the services we provide. If we fall short of the incredibly high standards we set ourselves, we’ll do our everything in our power to put things right. We’ll always be here to listen, act swiftly and take accountability. Our Customer Promise is our satisfaction guarantee and our commitment to providing solutions you’re delighted with.
dotdigital has implemented an ISO 27001 certified Information Security Management System (ISMS); designed to identify and manage risks to the Confidentiality, Integrity, and Availability of information. This is maintained by a dedicated Information Security team who can be contacted at email@example.com. Our management approved Information Security Policy can be found here.
Our ISMS has been externally audited by a UKAS accredited certification body – Alcumus ISOQAR. Our ISO 27001 certificate can be validated here, by searching for certificate number 18479.
We are also Cyber Essentials Plus Certified, and validation of this can be found by searching for “dotdigital” on the National Cyber Security Centre website here.
We’ve also put together a list of Technical and Organisational Security Measures that we employ to keep your data safe.
Information on our platform status and historic availability is publicly available, so you are kept up-to-date with service incidents and planned maintenance:
status.dotdigital.com– Here you will find our current system status, as well as information on scheduled maintenance. Here you will also be able to subscribe to as-they-happen service notifications.
uptime.dotdigital.com – Here you can find historic availability information, broken down by region or service function.
Privacy, Data Protection and Compliance
dotdigital has expanded upon it’s ISO 27001 certification, by achieving certification against the ISO 27701 standard – for privacy information management. This too can be validated with our UKAS accredited certification body – Alcumus ISOQAR. Our Privacy Information Management System (as well as our wider privacy and compliance programs) is owned by an appointed Data Protection Officer (DPO). The team can be contacted at firstname.lastname@example.org.
GDPR-specific data processing agreements and EU Model Contract Clauses are in place between dotdigital and its subsidiaries, as well as service providers processing data. A full list of these providers (and the role they play) can be found below in the Service Partners section. You can find dotdigitals Terms of Service here, and our data processing addendum here.
Further information on Data Protection legislation can be found here.
We’ve also got some handy resources and FAQs on the GDPR, and Brexit which can be found here and here respectively.
Platform Locations & Data Storage
dotdigital uses cloud service providers in order to provide a secure, responsive and scalable services. To safeguard the confidentiality, integrity and availability of data, only industry leading providers with state-of-the-art facilities are used. Contracts including security requirements are in place, including GDPR-specific data processing Agreements and EU Model Contract Clauses.
Microsoft Azure and the Google Cloud Platform are used to host infrastructure that powers dotdigital’s SaaS platforms. Depending on the location of your account, data will be stored in one of the following regions.
- The Engagement Cloud EU region utilises the Microsoft Azure North and West Europe facilities, and Google’s Europe region.
- The Engagement Cloud US region utilises the Microsoft Azure Central US, and East US 2 facilities, and Google’s Americas region.
- The Engagement Cloud Australia region utilises the Microsoft Azure Australia East. and Australia SouthEast facilities, and Google’s Sydney facility.
- Customers using our CPaaS and legacy SMS platforms will have data stored in Microsoft Azure North and West Europe, and Google’s UK facilities.
For more information on the physical locations of these facilities please refer to these Microsoft and Google articles.
NOTE: The Engagement Cloud Live Chat and SMS features are powered by aforementioned infrastructure hosted in the EU. Clients in all regions are able to enable these features, but should be aware that data collected and used by these features will be stored and processed in the EU.
In order to maintain a stable platform, it may become necessary in certain circumstances to permit system access to Microsoft, Google and their agents.
Environment and Sustainability