Mailchimp Data Processing Agreement Gdpr
Mailchimp is headquartered in the United States and has offices in the United States and our servers are also located in the United States. This means that the data we process may be transferred, stored or processed in the United States. In addition, we use third-party service providers who process personal data on our behalf to provide services to Mailchimp and their servers may be located outside the EU/UK. A complete list of the subcontractors we use to process our users` data, as well as details about their location, can be found here. We take steps to ensure that our suppliers provide adequate safeguards to protect the personal data they process on our behalf and contractually require them to process such data in accordance with applicable data protection laws. You need a legal basis such as consent to be able to process the personal data of a data subject in the EU. Other examples include data analysis, data hosting, using technical support for our service, processing payments, and providing content. (f) Type of Processing: Mailchimp provides an email service, automation and marketing platform, and other related services, as further described in the Agreement. 6.4 Alternative transmission mechanism. To the extent that Mailchimp introduces an alternative data export mechanism (including a new version or successor to the SCC or Privacy Shield) for the transfer of EU data not described in this DPA („Alternative Transfer Mechanism“), the Alternative Transfer Mechanism will apply in place of the transmission mechanisms described in this DPA (but only to the extent that such alternative transfer mechanism complies with the applicable application. EU data protection legislation extends to the countries to which EU data is transferred). In addition, if and to the extent that a competent court or supervisory authority (for any reason) orders that the measures described in this DPA may not be used for the lawful transfer of data from the EU (within the meaning of the applicable European data protection legislation), Mailchimp may take additional steps or safeguards reasonably necessary to enable the lawful transfer of data from the EU. 6.2 Australian Data.
To the extent that Mailchimp is a recipient of Customer Data protected by the Australian Data Protection Act, the parties acknowledge and agree that Mailchimp may transfer such Customer Data outside of Australia to the extent permitted by the terms agreed to by the parties and provided that Mailchimp complies with this DPA and the Australian Data Protection Act. For the purposes of EU data protection legislation, The Rocket Science Group LLC d/b/a Mailchimp is the controller of your personal data. You can contact our Data Protection Officer at dpo@mailchimp.com. To use the GDPR fields in your registration forms, enable them for each audience that collects or contains personal data of EU citizens, and then modify them to reflect your marketing practices. Members: identification and contact details (name, address, title, contact details, username); Financial information (credit card details, account details, payment information); Employment data (employer, job title, geographical location, area of responsibility); In addition, Mailchimp contractually undertakes to transfer and process all of its users` data from Switzerland, the EU and the UNITED Kingdom in accordance with the Standard Contractual Clauses, which remain a valid data export mechanism and apply automatically in accordance with mailchimp`s Data Processing Addendum. 10.3 In no event shall a party limit its liability with respect to an individual`s privacy rights under this DPA or otherwise. Appeal against sub-processors. Customer may object in writing to Mailchimp`s appointment of a new sub-processor within five (5) calendar days of receipt of the notice in accordance with Section 3.1 of the DPA, provided that such objection is based on reasonable data protection grounds. In this case, the parties discuss these concerns in good faith in order to reach an economically viable solution. If no such solution can be found, Mailchimp, in its sole discretion, will not appoint such sub-processor or allow Customer to suspend or terminate the relevant Service in accordance with the termination provisions of the Agreement without liability to either party (but without prejudice to any costs incurred by Customer prior to suspension or termination). Mailchimp remains committed to ensuring the highest level of privacy and security for our users.
If you have any questions about our security and privacy program, please email privacy@mailchimp.com. Obligation after the end of the processing of personal data This section applies to personal data that we collect and process from a member or potential member through the provision of the service. If you are not a member, the „Visitors or Contacts“ section of this Policy may apply better to you and your information. In this section, „you“ and „your“ refer to members and potential members. Verifiable consent requires a written record of when and how a person has consented to you processing their personal data. Consent must also be unambiguous and include clear affirmative action. This means plain language and no pre-checked consent fields. The GDPR will replace an old privacy policy, Directive 95/46/EC, and introduce significant changes that could affect Mailchimp users. The terms „personal data“, „controller“, „data subject“, „processor“ and „processing“ have the meaning to be interpreted in accordance with applicable data protection laws or, if not defined therein, the GDPR and „processing“, „processing“ and „processing“ with respect to customer data. The categories of data subjects whose personal data is processed include (i) members (i.e.
individual end users with access to a Mailchimp account) and (ii) contacts (i.e. the member`s subscribers and other persons about whom a member has provided us with information or interacted with a member through the service). (a) Controller (Data Exporter): Customer who is a Mailchimp Member (as defined in the mailchimp Privacy Policy) and who has engaged Mailchimp to provide the Service under the Agreement. The GDPR also describes the rights of individuals with respect to their personal data. EU citizens have the right to request details about how they use their personal data and may ask you to do certain things with that data. You need to be prepared to respond to people`s requests in a timely manner. Individuals have the right to request that their personal data be corrected, made available to them, prohibited for specific purposes or completely deleted. .
