Maropost’s customer information is managed by a 3rd-party cloud hosting services provider. The data is stored in state of the art data centers with co-locations through out the United States, Asia, and Europe. We awarded the contract for providing cloud hosting services to this provider after an extensive review process from among several providers offering similar services. We ultimately chose our provider based on a number of key factors including its industry reputation for high security, high availability, and high performance.
Maropost customer data is hosted in state of the art data centers that are certified to leading industry standards.
Maropost’s infrastructure has completed an examination in conformity with the International Standard for Assurance Engagements (ISAE) No 3402 Type II Service Organization Control (SOC1, SOC2, and SOC3). The annual examination ensures on-going compliance. Conformity to the requisite standards satisfies both the ISAE 3402 and the Statement on Standards for Attestation Engagements (SSAE) 16.
Maropost’s data center maintains compliance according to the Payment Card Industry (PCI) Data Security Standard (DSS) as a Level 1 service provider and continues to be audited on an annual basis to continuously ensure compliance. Its assessment includes, but is not limited to, hardware, network infrastructure, data center physical locations, and security. In addition, Maropost’s own internal policies and procedures comply with the PCI-DSS standards.
Maropost’s data centers are certified to comply with the international standard for Information Security Management defined by the International Organization for Standardization (ISO) 27001. It is subject to on-going external assessment with a full re-assessment every three years.
Maropost’s data centers are certified to comply with the international standard for Quality Control Management defined by the International Organization for Standardization (ISO) 9001.
Maropost’s infrastructure is certified to the Health Information Trust Alliance® (HITRUST) Common Security Framework (CSF) to help address the data and privacy requirements of the healthcare industry. It meets the highest security standards helping to comply with ISO, COBIT®, HIPAA,HITECH, NIST, SOX, and FISMA guidelines.
General Data Protection Regulation (GDPR) requires compliance by the May 2018 deadline to which Maropost is actively pursuing and guarantees successful compliance at that time. Maropost is Privacy Shield certified and is therefore already in compliance with many aspects of GDPR.
Key provisions not covered under existing regulations that are introduced by GDPR include additional requirements for
In support of our clients doing business in the European Union, Maropost is fully committed to achieving compliance well before the deadline date.
Maropost is responsible for the processing of personal data it receives under the Privacy Shield Frameworks. Maropost complies with the Privacy Shield Principles’ liability provisions for all onward transfers of personal data from the EU and Switzerland to third parties acting as agents on its behalf.
With respect to personal data received or transferred pursuant to the Privacy Shield, Maropost is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Purpose of Data Collection
Maropost is a Software-as-a-Service provider for permission-based marketing automation. The platform collects customer information under the direction of our Clients for the purposes of digital messaging and has no direct relationship with the individuals whose personal data it processes. Such information may include the following types of personally identifiable attributes such as email address, Internet Protocol (IP) address, and customer profile information (first name, last name, postal address, phone number, etc.). We may transfer personally identifiable information to our Clients and to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.