Server Locations in Contact with Subscribers’ Data
-
Hi,
I am currently looking at whether MailPoet might be an option for me.
Here, I have read about your servers. In order to really be GDPR compliant, it is of the utmost importance that no subscriber (personal) data shall be sent through, to or stored on any server outside of the EU or countries where it is applied as such.
Therefore I would like to ask:
– Where are the SMTP-servers located? And will you ever consider moving tham out of the EU, even in case they are in the EU?
– You say you are storing logs of e-mails sent. Will they contain e-mail, IP and / or other subscriber data? And where are those logs stored?
– Support enquiries by e-mail are stored. Does this refer only to your customer’s enquiries, or will you store your customers’ subscribers’ enquiries by e-mail, too (i.e. my concern is there might be in the newsletter or on the sign up, unsubscribe or management page accessible to the subscriber a support link leading to your support which might mnake me co-responsible for where you store those enquiries).`
My apologies for molesting you with these detailed questions, but I think the answers are important, and I think it would be helpful if you could include these matters in your FAQ.
-
Hi Dani,
Thank you for your reply. But my questions are, in most parts, not answered with it, as a brief look into your privacy policy does not reveal so much about where your servers are actually located (unless I have overlooked it), even less perhaps than the link I gave above.
Your privacy policy only addresses a very small part of what I have asked, so I would like to point to my questions above once more. And the processing agreement, which I have read, does not answer these questions either.
Actually, I even have to ask one more question: Would the SMTP-servers, or other servers in contact with my subscribers’ data, be, even if in Europe, owned by a company outside of the EU?
I have seen more than once that companies explain to be GDPR-compliant and then, by my own judgement (not as an expert on IT law, but, still…), were either not or perhaps they were for themselves (if so…), but their setup did not allow their users to be compliant. I am not saying that this would be the case with you, but I prefer to look into matters myself. In the end, it is your customers who are responsible on their own, so it is only prudent to check for oneself. Again, I appreciate your efforts to give details, but why not give those I have asked, too, on your website (please forward this to the person in charge?
Also, things are in flux and especially after the recent ruling against the use of Google Analytics I prefer not to have any servers owned by US companies in play at all in touch with the data of subscribers to my newsletters.
I fully understand that it may not be your area of expertise, but these are legitimate questions actually every customer should, in my eyes, ask when dealing with services involving servers.
I therefore suggest to forward my request to those who know about it. I an not too sure it would be the deliverability team anyway, by the way. This would be a question to those of your staff who are involved in actually dealing with the servers or those responsible for your privacy declaration.
Without knowing about location and ownership of the servers my subscribers would come into contact with, an assessment of my own of whether my setup with you would be compliant for sure would be impossible.
You seem to offer a good service; it would be great if you could allow potential customers to also assess the legal side for themselves by providing really all the relevant data.
- The topic ‘Server Locations in Contact with Subscribers’ Data’ is closed to new replies.
