The GDPR obliges Spotler (the processor) to take appropriate technical and organizational measures to protect the personal data stored in Spotler. For Spotler, data security is a crucial part of our business operations. As a controller, you are obliged to verify and assess whether the measures taken by Spotler succeed in securing the personal data stored in Spotler. You can find all information that you can use to demonstrate that Spotler has taken sufficient measures to secure personal data on the Documents page. For instance, that Spotler is ISO:27001 certified.
How does it work in Spotler?
Go to the Privacy tab under Settings. Next, click on Documents on the left.
You will see the following measures that Spotler has taken:
• ISO 27001 certification
• Technical and Organizational Measures
• DDMA Privacy Guarantee
In addition, it is possible to download the white paper "6 steps your e-mail marketing GDPR-compliant".
ISO 27001 certification
Spotler has been fully ISO 27001 certified for all processes and all systems in the office and on our technical platform since February 2017. You can view our certificate in your Spotler account. You can verify the validity and the scope of our certificate on the website of the DNVGL auditor.
Technical and Organizational Measures
In the Technical and Organizational Measures document you will find information about:
Data Protection Officer
A Data Protection Officer (DPO) has been appointed. Spotler's DPO supervises the compliance with and application of the Personal Data Protection Act (PDPA) and, as of May 25, 2018, the compliance with and application of the General Data Protection Regulation (GDPR).
Data is stored within the European Economic Area (EEA)
The GDPR requires that personal data be stored within the European Economic Area (EEA). The EEA consists of all countries in the European Union, plus Liechtenstein, Norway and Iceland. Spotler stores all its data in Amsterdam and therefore complies with this requirement.
Software and infrastructure fully in-house
Not only do we store our data in the Netherlands, the software and the infrastructure on which the data is run are completely under our own management.
Spotler employees do not have access to personal data
Spotler employees do not have access to personal data without your explicit consent.
Two-step verification and secure file exchange
We protect access to Spotler with a two-step verification. In addition, it is possible to exchange files in a secure way in Spotler.
DDMA Privacy Guarantee
In addition to the ISO certification, we also have a DDMA Privacy Guarantee. This proves that Spotler uses personal data in a careful and transparent manner and that Spotler acts in accordance with all applicable privacy rules.