Security and EU regulation

Our services are hosted on servers, which are located in Europe at providers that are GDPR compliant and ensure utmost measures and the best practices for data protection.

The services, applications and software we offer allow you to retrieve, correct, delete or limit customer data, simply and directly from your account.

If your customer or subscriber asks you to change or delete his personal data, you will first need to identify the information of the person concerned, then you must comply with your obligations under the GDPR, which are to:

  • provide an answer to reasonable requests;

  • proceed or not with the action requested by the member of your lists while providing a reason for your choice in the second case.

If you are not able to independently provide the required action regarding your customers’ data using the services we provide you, under our existing contract, we can offer you reasonable cooperation to help you answer any request from individuals or authorities competent in the protection and processing of personal data. You will be charged for any additional expenses.


Purpose and goal of data processing as a responsible B2B user

When you use our services, you can import into our system the personal information you have collected from your subscribers or other people. We have no direct relationship with your customers or subscribers so it is your job to ensure that you have the appropriate authorization for the collection and processing of data relating to those subjects.

In line with the GDPR, we may transfer your personal information or your customer information to companies that support us and help us to ensure our services.


Technical measures

EximiTech d.o.o. assigns the utmost importance to the security and integrity of your personal data.

In accordance with the GDPR, we commit ourselves daily to take all the necessary precautions to preserve the security of your data.

To this end, we have adopted industry-standard technical security measures, including:

  • access protected by strong passwords;

  • encrypted transmission of data through SSL / HTTPS technology.


Data breach management

Article 33 of the GDPR requires the data controller to notify the control authority of any violation of personal data (a data breach), within seventy-two hours of the moment it becomes known.

We distinguish three types of violations:

  • breach of confidentiality— unauthorized or accidental disclosure or access to personal data;

  • integrity violation— an unauthorized or accidental alteration of personal data;

  • availability violation— the loss, inaccessibility or destruction, whether accidental or unauthorized, of personal data.

If the violation is also related to your data, EximiTech d.o.o., as data processor, will notify you in the following ways:

  • personally and directly;

  • by means of public communication or a similar and effective measure when direct and personal communication involves disproportionate efforts.

Always keep in mind that you, as a user, are the data controller. It will be your duty to promptly inform your subscribers or your customers on the contact lists. You can communicate that violation in the following ways:

  • personally and directly to your customers or subscribers;

  • with a public or equally effective communication that can reach all of your contacts affected by the data breach.

The direct communication to your customers or subscribers must be distinguished from other messages that you usually send. The notice of the violation must be clear, unambiguous and must draw the attention of the interested party.

In particular, Article 24 and Article 32 of the GDPR require the data controller to:

  • implement appropriate technical and organizational measures to ensure compliance with the GDPR;

  • be able to demonstrate that the processing of data has been carried out in accordance with the provisions of the GDPR;

  • review and update the aforementioned measures when necessary;

  • ensure a level of security appropriate to the risk.


What to do to be in good standing

  • You must provide your customers and/or users with adequate updated information in compliance with GDPR.

  • Your email lists must contain only the verified contacts of those who gave their informed consent regarding the data.

  • We suggest that you regularly change your login and password.

  • You must pay attention to our new data processing conditions that have been updated to comply with the GDPR.

  • Protect Your PC with a Password and antivirus: nobody else should have access to your data.

  • When you export your data, make sure that your data is protected!

  • Do not send confidential information through an email campaign.