Maropost’s customer information is managed by a 3rd-party cloud hosting services provider. The data is stored in state of the art data centers with co-locations through out the United States, Asia, and Europe. We awarded the contract for providing cloud hosting services to this provider after an extensive review process from among several providers offering similar services. We ultimately chose our provider based on a number of key factors including its industry reputation for high security, high availability, and high performance.
Maropost customer data is hosted in state of the art data centers that are certified to leading industry standards.
Maropost’s infrastructure has completed an examination in conformity with the International Standard for Assurance Engagements (ISAE) No 3402 Type II Service Organization Control (SOC1, SOC2, and SOC3). The annual examination ensures on-going compliance. Conformity to the requisite standards satisfies both the ISAE 3402 and the Statement on Standards for Attestation Engagements (SSAE) 16.
Maropost’s data center maintains compliance according to the Payment Card Industry (PCI) Data Security Standard (DSS) as a Level 1 service provider and continues to be audited on an annual basis to continuously ensure compliance. Its assessment includes, but is not limited to, hardware, network infrastructure, data center physical locations, and security. In addition, Maropost’s own internal policies and procedures comply with the PCI-DSS standards.
Maropost’s data centers are certified to comply with the international standard for Information Security Management defined by the International Organization for Standardization (ISO) 27001. It is subject to on-going external assessment with a full re-assessment every three years.
Maropost’s data centers are certified to comply with the international standard for Quality Control Management defined by the International Organization for Standardization (ISO) 9001.
Maropost’s infrastructure is certified to the Health Information Trust Alliance® (HITRUST) Common Security Framework (CSF) to help address the data and privacy requirements of the healthcare industry. It meets the highest security standards helping to comply with ISO, COBIT®, HIPAA,HITECH, NIST, SOX, and FISMA guidelines.
Maropost processes personal information (“Processor”) on behalf of our clients who themselves (“Controllers”) and/or their customers (“Data Subjects”) are under the jurisdiction of the European Union. GDPR requires all Controllers facilitate the exercise of Data Subjects rights under Articles 15 to 22. Maropost, as a Processor, is fully able to comply with the exercise of those rights whether through our software, or upon notification of our clients.
Maropost is responsible for the processing of personal data it receives under the Privacy Shield Frameworks. Maropost complies with the Privacy Shield Principles’ liability provisions for all onward transfers of personal data from the EU and Switzerland to third parties acting as agents on its behalf.
With respect to personal data received or transferred pursuant to the Privacy Shield, Maropost is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Purpose of Data Collection
Maropost is a Software-as-a-Service provider for permission-based marketing automation. The platform collects customer information under the direction of our Clients for the purposes of digital messaging and has no direct relationship with the individuals whose personal data it processes. Such information may include the following types of personally identifiable attributes such as email address, Internet Protocol (IP) address, and customer profile information (first name, last name, postal address, phone number, etc.). We may transfer personally identifiable information to our Clients and to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.
Under the provisions of the CCPA, natural residents of the State of California have the right to request information regarding personal data collected about them, and to request that their personal data not be resold.
Maropost does not resell personal data to third parties. We do capture personally identifiable information from individuals who have opted in to our marketing newsletters which includes email address, first name, and last name. We also capture personally identifiable information from individuals who are paying customers of Maropost’s services including name, email address, billing address, and credit card number.
California residents may submit a request to Maropost by following the instructions defined on the Do Not Sell My Personal Information page.