• Platform

    • Customer experience and data platform

      Unify and enrich customer data, surface opportunities and orchestrate cross-channel messaging from one platform.

      Learn more »
    • Email and SMS marketing automation

      Build personalized customer journeys and automate email and SMS campaigns in a snap with our drag-and-drop program builder.

      Learn more »

    Popular

    • Cross-channel marketing
    • Email marketing
    • SMS marketing
    • Retargeting
    • Transactional messaging
    • Acquisition
    • Real-time APIs
    • Customer data
    • Single customer view
    • Segmentation
    • Personalization
    • Artificial intelligence
    • Marketing attribution
    • What's new

    People

    • Services and support

      Our team of experts is here to help you overcome every marketing challenge.

    • Why Dotdigital?

      Our focus on privacy, security, and sustainability make the difference.

  • Industries

    • Ecommerce
    • Retail
    • Travel
    • B2B
    • Finance
    • View industry stories
    • Not-for-profit
    • Education

    Featured Case Study

    Converse gain greater footing in international markets with the power of live chat

    Learn more »
  • Partnerships

    • Integration partners

      Enhance your tech stack with our partners

    • Agency partners

      Solve complex problems with our partners

    • View all partners

      Browse our ecosystem of partners.

    Popular integrations

    • Adobe Commerce
    • BigCommerce
    • Shopify
    • Microsoft Dynamics
    • Salesforce

    Featured partners

    • Attraqt
    • Overdose Digital
    • Silverbear
    • Yotpo
    • Zendesk Sell
  • Success

    • Blog

      Learn how to engage your customers

    • Guides

      Get best practices and insights from experts

    • Case studies

      See the success of Dotdigital's customers

    • Events and webinars

      Hear from industry experts and leaders

    Platform learning

    • Help center
    • Developer hub
    • Training hub
    • Trust center

    Featured Case Study

    Nutri Advanced sees 470% year-on-year increase in revenue from email automations

    Learn more »
  • Pricing
Login Talk to us

Trust Center

Privacy and the GDPR

General Data Protection Regulation (GDPR)

On May 2018, a European privacy law, the General Data Protection Regulation (GDPR), came into effect. The GDPR imposes rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

Dotdigital has extensive expertise in protecting data, championing privacy, and complying with complex regulations. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently complying with the GDPR.

We are committed to our principles of cloud trust, data protection, and data security. We intend to provide platform functionality to address the privacy demands of our customers. As the GDPR enforcement takes full swing, here is what else you can expect from us:

  • Technology that meets your needs: You can leverage our specific platform functionality to meet your GDPR obligations for areas including deletion, rectification, transfer of, access to, and objection to the processing of personal data.
  • Contractual commitments: Relationships with Dotdigital are supported with contractual commitments for our services, including security standards, support, and timely notifications in accordance with the new GDPR requirements.
  • Sharing our experience: We will share the information that we gather through various Data Protection Authorities and other reputable organizations, so you can adapt what we have learned to help you craft the best path forward for your organization.

While Dotdigital is fully committed to helping you successfully comply with the GDPR, it is important to recognize that compliance is a shared responsibility. New requirements – like greater data access and deletion rules, risk assessment procedures, a Data Protection Officer role for many organizations, and data breach notification processes – will mean changes for your organization. When it comes to GDPR compliance, it’s not just European organizations that are affected, but also those outside of the EU who process data in connection with the offering of goods and services to, or monitoring the behavior of, EU residents. As such, it is important to understand your obligations related to the GDPR, regardless of where your organization resides.

It will take time, tools, processes, and expertise for you to comply with the GDPR. To do this, you need to make changes to your privacy and data management practices.

Model Contract Clauses

European Union (EU) data protection law regulates the transfer of personal data from EU customers to countries outside the EU. dotdigital has EU Standard Contractual Clauses in place that provide specific guarantees around transfers of personal data for platform services. These Model contracts exist as contractual privacy protections between dotdigital and its third-party service providers who process data, as well as all dotdigital subsidiaries (to include North America, Australia and South Africa) – copies of which are available upon request and under NDA. Individual model contract clauses for dotdigital clients are available as well, on an as-need basis.

Australian Privacy Principles

For customers who are concerned about compliance with Australia’s Privacy Principles, dotdigital complies with a wide range of international, industry, and local standards, best common practices, regulations, legislation, and policy. Many of these are identified here in the dotdigital Trust Center. Should data sovereignty be of concern, dotdigital offers the ability to control where data lives by allowing the choice of sending instances in various regions, including Australia, North America, and Europe.

Although the dotdigital platform addresses the compliance, security, and privacy requirements that Australia identifies, some requirements are the responsibility of the customer and it is important for customers to understand the shared responsibilities.

Canadian Privacy Law

Canadian privacy laws—such as the Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA) — aim to protect the privacy of individuals, and give them the right to access information gathered about them. The laws require organizations to take reasonable steps to safeguard information in their custody or control, and cover personal information that is held and processed by governments and private organizations in data files, registers, and elsewhere.

Ultimately, the responsibility and ownership of personal data lies with our business customers, per the Dotdigital Terms and Conditions. However, Dotdigital commits that third-party services have implemented security safeguards to help them protect the privacy of individuals, based on established industry standards. We have assessed our practices in risk, security, and incident management; access control; data integrity protection; and other areas relative to the recommendations from the Office of the Privacy Commissioner of Canada, and have determined that the in-scope services are capable of meeting those recommendations.

Scalable, protected and accredited

The engagement cloud platform is built to protect your company and its data, when managing your communications.

  • Pages pass data over TLS.
  • Engagement cloud supports encrypted data transfers.
  • Access to the Engagement cloud platform is through a web form login with optional two-factor authentication.
  • All users of the Engagement cloud platform are required to change their passwords every 90 days.
  • Passwords are hashed using a NIST-approved cryptographic implementation.
  • Our web login page and API enforce rate limiting to protect against brute force attacks.
  • Account access rights (import, export, read, write and send) are configurable to your needs and managed by your administrator user.
  • All your users are set up in the platform by your administrator user. Verification is by email and SMS.
  • All data is virus scanned when uploaded to the platform.
  • Our Watchdog service constantly monitors customer contact uploads. If these change from a usual pattern it automatically stops uploading. This process also protects our customers from sending to spam traps that can affect delivery.
  • Emails are sent using opportunistic TLS, employing authentication and validation systems such as DKIM and DMARC.
  • Payment processes are fully PCI-DSS compliant.
  • Granular access control permissions can be assigned to managed users.
  • Campaign links are checked against lists of high-risk domains to prevent malicious use of the platform.

You can trust us with your data

We’ve worked hard to ensure our infrastructure and the team behind it is world-class.

  • We are Cyber Essentials Plus Certified.
  • We use secure data centers within the EU, US, or Australia, depending on your region. All hold a broad set of industry-standard accreditations such as ISO27001, ISO9001, and List X.
  • Our data centers are connected to the internet with redundant internet links and bandwidth can be easily upgraded on the requirement.
  • There is redundancy at every component and service level, as well as spare capacity and we can scale our servers on demand. This means engagement cloud can continue to run for prolonged periods even after experiencing major component failures, and we don’t run out of space.
  • Where available, new dotdigital employees are background checked.
  • Our infrastructure is protected by firewalls and all management access requires two-factor authentication.
  • We make use of leading cloud providers and content distribution networks to host our email images, as well as many other application resources.
  • Virus scan technology is implemented throughout our infrastructure.
  • We commission annual independent third-party security assessments.
  • An ongoing vulnerability scanning and management program is in place.
  • Machines are built from approved hardened images and verified in third-party security assessments.
  • A monthly patching cycle is in place to ensure the latest security updates have been applied.
  • We have restore points for critical data and these are taken every 5 minutes.
  • Backup data is securely kept in the same geographic regions, yet sufficiently distant to ensure data is not lost in the event of a disaster, whilst complying with local data protection regulations.
  • We employ skilled information security and data privacy specialists in our team to ensure security is always a priority.
  • EU Model Contracts are in place between dotdigital and its subsidiaries, as well as subcontractors processing data.
  • Role-based permissions are used to control staff access to systems and data.
  • Management access to infrastructure is tightly controlled and employs multi-factor authentication protection.
    Intrusion Detection Technology is in place.

Table of Contents

  • General Data Protection Regulation (GDPR)
  • Model Contract Clauses
  • Australian Privacy Principles
  • Canadian Privacy Law
  • Scalable, protected and accredited
  • You can trust us with your data

Talk to us

  • PLATFORM
    • Explore our platform
    • Marketing automation
    • Email marketing
    • SMS marketing
    • Why Dotdigital
    • Start a trial
    • Platform tour
    • Book a demo
  • COMPANY
    • About
    • Sustainability
    • Careers
    • Media center
    • Partner portal
    • Become a partner
    • Investor relations
    • Contact us
  • Learning
    • Developer hub
    • Help center
    • Training hub
    • Trust center
    • Events
    • Videos
    • Guides
    • Dotdigital blog
  • SUBSCRIBE TO DOTDIGITAL
    This field is for validation purposes and should be left unchanged.

    Your email address will be handled in accordance with our Privacy Policy. We gather data around email opens & clicks using standard technologies including clear gifs to help us monitor and improve our newsletter.

Privacy Policy / Terms of Use / Cookie Use Policy / Modern Slavery Act Transparency Statement / Dotdigital Investor Relations

Dotdigital is a trading name of dotdigital EMEA Limited (company number: 03762341) whose registered office is at No. 1 London Bridge, London, SE1 9BG.