Data protection in the E-Marketing Manager

Legally compliant email marketing with AGNITASAnswers on the subject of data protection in the EMM

CLOUD Act, GDPR and other common suspects can often give marketers a headache. In order to spare you of the daily grasp to the pain killers, you will find all relevant content regarding data protection within the EMM in the following text.

Yes, the EMM meets all data protection requirements for legally compliant email marketing as defined by the EU-GDPR and German laws (UWG, TMG, BDSG).

  1. The EMM supports the double opt-in registration process and provides suitable standard templates (registration form, feedback page, double opt-in mail, confirmation page) for the registration process. The standard templates can be individually adapted and designed. The manual provides detailed information on this.
  2. Registrations that have not been confirmed within 30 days will be automatically and completely deleted.
  3. In the EMM, the URL of the registration page, the IP address of the applicant and the date and time of registration are logged. In the case of double opt-in mail, a bcc mailbox can be specified for archiving copies of the confirmation mails. Outdated registration forms can be kept deactivated to prove the wording.
  • Newsletter including statistical data:
    1.100 days (approx. 3 years)
  • Contact history (delivery information and log data) per recipient:
    180 days by default [1]
  • Response data per recipient:
    1,100 days
    Exception: In case of a tracking objection [2] no more personal data is collected and a retroactive adjustment is possible. [4]
  • Behavior-Tracking-Data ( browsing behavior on the website) per recipient:
    1,100 days
  • Recipient addresses:
    • Active recipients:
      infinite, as long as AGNITAS is the processor [3]
    • Unsubscribed or bounced recipients:
      Anonymization of the recipient profile after 30 days with the exception of information subject to verification[4]
    • Recipient data without authorization (e.g. due to incorrect imports):
      are cleared overnight [4]
    • Recipient without confirmed double opt-in:
      30 days[1]
  • General data (e.g. product information, pictures):
    infinite, as long as AGNITAS is the processor [3]
  • User Activity Log:
    180 days
  • Access data to the servers (with IP address of the accessing party):
    14 to 20 days, for the identification and analysis of sources of interference (DOS attacks, hacker attacks, etc.)

[1] configurable

[2] If desired, a blanket tracking exemption can be activated for the client.

[3] In the event of termination, all data of the client will be deleted without residue, as defined in the contract.

[4] activatable

Unless AGNITAS is legally obliged to hand over data, this will only be done with the customer’s consent. However, AGNITAS will only refuse official and judicial requests for information if the customer supports the defence and pays the costs incurred.

Yes, the EMM offers a special feature for this purpose, which enables the machine-readable export of all stored data to a recipient with just one click. And software users can also generate an information report about their own activities.

Yes, AGNITAS concludes an data processing contract with each customer.

The standard registration form already offers the possibility to object to the tracking. If the recipient does not agree to the tracking, no personal data will be collected. In addition, we recommend to integrate a possibility to object to tracking in every newsletter footer – detailed documentation is available for this purpose.

If a recipient has objected, only anonymous response data can be collected. It is not possible to draw conclusions about the recipient, but clicks and openings are still counted, so that the EMM user has a limited measure of success.

There is also the possibility of subsequent clearing of tracking data. Here, all data that was recorded before the objection is automatically cleansed.

You also have the option of deactivating tracking globally for all recipients from the outset.

Yes, those recipients can still be sent to, even after the tracking objection . In order to avoid an incorrect addressation those recipients can be exluded from followup mailings or response data related decisions. The option to filter the tracking objecters and to make a separate campaign, is given.

Yes, for this purpose a feature was integrated into the EMM, with which you can mark serverice- and transactionmails as non commercial. Only in this case, the tracking for the obligation of providing evidence becomes activated. (e.g. for the verification of a double opt-in). The legal basis for those cases is the justified interest of the sender, which is regulated in the GDPR.

The responsible use of this function is up to the user.

By default, the EMM records which device (incl. user program) was used to open individual mailings for each recipient and which links (incl. IP address) were clicked on. With anonymous tracking, the assignment to the recipient cannot be made and no IP addresses or other personal data are stored. All information is available with a timestamp. The response data is kept for 1,100 days.

Yes, the EMM offers comprehensive rights and role management. For example, certain users can create and edit newsletters, but cannot access recipient data. Furthermore, it is possible to further restrict access to recipient data by means of so-called inner-clients (Premium Feature). This allows you to individually control access at user level by enabling individual mailing lists or special target groups.

Yes, but only with an login permission. The login permission must be assigned by the user who wants to use AGNITAS services and can be individually limited in time and restricted to one department (e.g. support).

All accesses by AGNITAS employees are listed individually in the EMM activity log and can be traced at any time with time and type of activity.

How such permissions can be granted, you can read here.

AGNITAS stores data exclusively on servers in Germany in a high-end data center. You can find more information here.

AGNITAS has been continuously recertified since 2014 according to the currently valid ISO standards 27001 (data security), 27017 (data security in the cloud) and 27018 (Datenschutz in der Cloud) and submits to clearly defined and strict guidelines for compliance. A detailed description of all measures can be found on the data security page.

Further information about data protection and security

Not only data protection, but also data security is important to us. Read more about our security measures here or download the detailed factsheet. AGNITAS is also a member of various institutions that demand the highest quality from their members in terms of consumer protection. As a result of these measures, you benefit from the whitelisting of the AGNITAS servers by using the SaaS variant. If you want to know what you need to know about data protection, read our comprehensive white paper with all the relevant email marketing legal tips.

If you have any further questions or concerns, please feel free to contact us at any time:

highest IT Security Standard for maximized data security