GDPR compliance
How we protect your data
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. We believe this presents a new opportunity for marketers to strengthen their brand loyalty by focusing on consumer privacy while delivering amazing experiences. Consider it as incorporating privacy into the customer experience, by providing contextually relevant privacy notices and offering choices that align with your brand.
What is Selzy Doing Toward GDPR Compliance?
Selzy already meets our obligations as a data processor and data controller. We have a strong foundation of certified security and privacy controls by design and will continue to make product enhancements.
#1 – A Strong Foundation of Security and Privacy Compliance
We’ve implemented a set of security processes and controls to help protect the data entrusted to us through the Selzy Privacy Policy. This helps us comply with several security and privacy standards, and regulations.
How We Protect Your Data
We use hosting platforms in Western Europe, the US and Canada and provide 4 security levels:
-
Physical
- All information is hosted on servers in certified data centers.
-
Access security
- Data transfer via the SSL secure protocol (HTTPS secure protocol).
- Certificated by Comodo, one of the leading certification centers.
- All transmitted data is encrypted with a 128-bit key like in major banks or payment systems.
-
Network security
- Switches and firewalls at each level to provide additional security.
- Data transmission between hosts via SSL connections.
- Permanent monitoring of network security.
-
Personal Account security
- Flexible setup of access rights by roles.
- Setup of access to various functions: view contacts, download contacts, create messages, send email and sms.
- Sending via API without uploading the client email database into Selzy.
#2 – Privacy by Design
Our mission is to help you responsibly unlock the power of data. Selzy has a long-standing practice of incorporating a proactive product development effort, also known as “privacy by design.”
#3 – Contract Terms
Selzy has updated our agreements with customers and vendors to account for GDPR requirements.
#4 – Awareness
We have a GDPR group which includes representatives from all departments within the company. We have raised awareness on the matter with all employees.
#5 – Product and Process Innovation
Selzy is constantly listening to its customers and looking for ways to simplify and further automate our product and service offerings to better support their GDPR needs. We have created the office of Data Protection Officer to focus on providing the mandated requirements of the GDPR, and to allow the product to maintain the utmost standards to security and privacy of consumers.
#6 – Data breaches
We have procedures in place to detect, report and investigate a personal data breach. Everyone in the company knows what they need to do if they become aware of a data breach.
#7 – Data Transfers
The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. Organisations transfer Personal Data originating in one country across borders when they transmit, send, view or access that data in or to a different country.
We will only transfer Personal Data outside the EEA if one of the following conditions applies:
- the European Commission has issued a decision confirming that the country to which we transfer the Personal Data ensures an adequate level of protection for the Data Subjects’ rights and freedoms;
- appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from the DPO;
- the Data Subject has provided Explicit Consent to the proposed transfer after being informed of any potential risks; or
- the transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us and the Data Subject, reasons of public interest, to establish, exercise or defend legal claims or to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving Consent and, in some limited cases, for our legitimate interest.