How Yespo stays GDPR-compliant
Protecting the privacy of your subscribers and customers is our top priority. Therefore, we provide all the conditions necessary to ensure that your marketing activities comply with all General Data Protection Regulation (GDPR) requirements*.
Please see our Privacy Policy to learn how we collect, use, protect and process personal data following data protection laws and industry best practices.
The Terms of Use reflect the general rules that restrict campaigns on specific topics, the rules for moderating, the rules for importing, the anti-SPAM policy of our service, and the terms of the public offer.
Our Data Processing Agreement (DPA) governs in detail the rights and obligations of you as the Processor and our platform as the Controller (this Agreement is part of the Terms of Use, and therefore you do not need to sign it separately).
Our platform uses the services of exceptionally reliable sub-processors (see details in Appendix 1 of the DPA). Yespo uses an Information Security Management System that is ISO/IEC 27001:2022 certified, which guarantees the security of storing your contacts' personal data.
Our services are located in Ireland, Dublin on the servers of Amazon Web Services Inc. All AWS Services are GDPR ready.
The technical capabilities of our system provide you with all the necessary tools to work with personal data under the requirements of the GDPR. You can easily satisfy any legitimate requests of data subjects, such as
- the right to demand a copy of personal data you store,
- the right to edit personal data,
- the right to be forgotten.
Please contact our Data Protection Officer (DPO) at dpo@yespo.io if you need advice or recommendations about the interpretation or application of the data protection rules.
Compliance with other laws *
In addition to the GDPR, other local laws protect personal data too. For example, the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD), Canadian Anti-Spam Legislation (CASL), and others. As GDPR is the most detailed and broadest personal data regulation, you meet other similar requirements by complying with it. However, we recommend that you study and act following data protection laws that affect your business.