Learn about the third-party data processors we work with.
Who does dotdigital transfer data to and why?
A sub-processor is a third party data processor engaged by dotdigital, including entities from within the dotdigital Group, who has or may have access to, or process, client data.
dotdigital’s global entities include:
- dotdigital EMEA Limited
- dotdigital, Inc
- dotdigital APAC Pty Limited
- dotmailer SA Pty Ltd
- dotmailer LLC
- Dynmark International Ltd
dotdigital’s external sub-processors are engaged for the purposes of platform hosting, network management, internet and network services, data back-ups and storage. This includes:
- Microsoft Azure – platform hosting and data storage
- Google Cloud Platform – platform hosting and data storage
- Cloudflare - CDN and web-proxy services
- Amazon Web Services - network services and storage
- GGR Communications - network management and inter-data centre connectivity
- Interxion – physical data centre space
- GTT - internet connectivity
- Zayo - internet connectivity
- MagneticOne - optional API integration for e-commerce solution connectivity
- First Option Technical Support - out of hours client support
Will data be transferred outside of the EEA?
Yes, but only in limited circumstances and all such transfers are protected by safeguards in place. You may specify which location you wish your data to be physically hosted. If requested to be physically held at a specific location, data will not be physically transferred to the other locations, although it may be accessed from another location in some circumstances (for example, dotdigital support staff in the US who enable 24/5 support). As standard, UK and EU client data will be stored in the EU. US account data will be stored within the US, and APAC account data is stored within Australian data centres.
To learn more, check out our Trust Center.
What measures does dotdigital have in place to protect data transferred to third-party processors?
dotdigital will always ensure the safeguarding of personal data, including entering into Data Processing Agreements reflecting the obligations under the GDPR, passing down the measures of the EU Model Contract Clauses when working with parties outside of the EU.
All of our data centre providers hold a broad set of industry standard accreditations such as ISO27001 and ISO9001.
All dotdigital employees are subject to confidentiality obligations as per dotdigital’s internal Employee Conduct, Confidentiality, Data Protection and Information Security Policies.
Are dotdigital’s sub-processors GDPR compliant?
All of our sub-processors have been thoroughly assessed from a GDPR and overall security compliance perspective.
To learn more about GDPR specifics, check out our articles:
Do your contract terms with sub-processors provide similar or the same level of protection as the client Data Processing Agreement?
Yes, dotdigital ensures that all third party sub-processors are subject to at least the same security and data protection obligations as dotdigital. In addition, we will remain fully liable for any of our sub-processors actions during the course of their processing and we will only ever use reputable industry suppliers.
Does dotdigital inform clients where a new third-party sub-processor is being engaged and can we object?
Yes, we would always notify clients at least 30 days in advance when we are planning on engaging a new sub-processor. This is usually by way of an email to the email address provided by you on the Service Agreement. As a client, you will always be given 14 days to object to dotdigital engaging a new sub-processor where you have any data protection concerns.