In compliance with GDPR, as a data processor for clients for email marketing data, I, Joolz Joseph (JJ) confirm that I agree to the following conditions.
Data processing shall apply to any data required for email marketing purposes include key contact information and data that may be used for segmenting the database and tailoring content such that the data subject is aware of such processing.
This policy applies to both data processed for internal and client purposes.
JJ commits to
- process personal data only in accordance with instructions from the controller
- ensure that persons authorised to process the personal data are bound by a contractual or statutory duty of confidentiality;
- take all appropriate technical and organisational measures to maintain the security and integrity of the data;
- ensure any systems used (e.g. Email Service Providers) are password protected and that password is kept confidentially;
- obtain the controller’s written consent to engage sub-processors;
- impose on its sub-processors the data protection obligations set out in the agreement (or legal act) between the controller and the processor;
- take into account the nature of the processing, assist the controller by taking appropriate technical and organisational measures, insofar as possible, to ensure fulfilment of the controller’s obligation to reply to requests by data subjects exercising their rights;
- at the controller’s choosing, delete or return all personal data to the controller upon completion of the processing services and return any existing copies of the data, unless EU or Member State law requires that the personal data be stored;
- make available to the controller all information necessary to demonstrate compliance with its obligations and allow and cooperate fully with audits, including inspections, conducted by the controller or another person authorised to this end by the controller.
Note at the time of writing the processor uses BitDefender for computer protection including personal VPN, password storage and the secure digital shredding of personal data that is no longer required. This may change should it be deemed no longer effective.