General framework & Potential risks
- Data Privacy Officer (DPO)
- A register of personal data handling operations.
- Educating our staff about the importance of data confidentiality and security, with training sessions and confidentiality and security agreements.
- Limiting our handling of client data to the specific services which have been entrusted to us as sub-contractor, restricted to the authorised persons assigned to those tasks.
- All of our partners and sub-contractors abide by their data security and protection obligations.
- Since 2004 we have been signatories of the codes of professional conduct which regulate our sector, including the charters issued by the SNCD (the National Syndicate for Direct Communication) and Signal Spam.
- We take all legal and technical measures required to minimise potential risks affecting the security and confidentiality of personal data (Privacy by Design).
Security & technical considerations
- Regular security audits since 2015.
- Regular intruder detection tests since 2015, with a record of all security incidents.
- General Information Security Policy since 2016.
- Client authentication, security and traceability of access to Dolist technologies.
- Client data handled via secure channels.
- Notification of security breaches and immediate warnings for the clients affected, allowing them to respond rapidly and fulfil their obligations as data processors.
- Client data hosted on secure servers (hosted in France, with daily back-ups and robust encryption).
- Advanced internal security procedures (24/7 monitoring of our platforms, real-time supervision, daily back-ups etc.).
Technological solutions allowing for:
- Contact collections with opt-in process, establishing proof of consent
- Data storage limits which abide by the time limits specified in the GDPR
- Robust protection of users’ rights, including honouring unsubscribe requests and keeping the corresponding email addresses on file purely to ensure that they are not included in any future campaigns
- anonymisation of personal data relating to unsubscribed contacts.
- Additional services to audit the quality of your databases and clean them up when necessary, training your staff in contact collection best practices, and adopting ethical and sustainable marketing strategies.
- Raising awareness of Marketing best practices (conferences, webinars, white papers, blogs, newsletters etc.) since 2008.
- Dolist accreditation for clients who have demonstrated their compliance with the applicable regulations for database and contact management.
Protecting people’s rights and personal information
- Confidentiality policy / Legal notice for the Dolist website.
- A charter covering personal data protection and cookie management
- Obtaining users’ consent before gathering any personal or behavioural data (cookies), with explicit permission granted and stored as evidence.
- Transparency regarding the data we collect, why we collect it and how long we keep it, specified on all sign-up forms and in the website’s legal notice.
- Abiding by the guiding principles of personal data processing: legality, honesty, transparency, limitation of use, data conservation limits, minimisation, accuracy, integrity and confidentiality.
- As well as the right to access, correct and remove their personal data, users also have the right to permanently delete such information (the “right to be forgotten”).
- Strict limits on the use of personal data for profiling purposes.
- Keeping our data processing and management operations within Europe, with certain specific exceptions.
- We do not sell, share or rent the personal data entrusted to our care.
- By default, only information needed for a specific purpose is collected and processed (Privacy by default).
To find out more about our personal data policy, you can download a more detailed explanation from dolist.com