We are compliant with the latest laws and regulations around the world, and will continue to invest extensive resources towards protecting the vital interests of our customers and their end-users.
GDPR
SOC 2 Type II
CCPA
ISO 27018
ISO 27001
ISO 27701At Dynamic Yield, it’s important for us to not only satisfy processor-related
regulations but also assist our customers in their own compliance as data controllers when it
comes to managing a personalization program through our technology.
Our appointed DPO works with key internal and external stakeholders to manage our privacy program and answer questions our prospects, customers, and partners may have about our ongoing compliance efforts.
In addition to our data center in the US, we launched an EU-based data center for customers who wish to store their end users’ personal data locally, without leaving the shores of Europe.
We rely on standard contractual clauses (SCCs) to ensure obligations are met with respect to the transferring of personal data to processors established in third countries.
Any rights on the part of the data subject which requires controller adherence, Dynamic Yield will provide assistance where feasible.
We honor requests from our customers to erase, transfer, or modify their end users’ personal data from our servers. We also provide opt-in and opt-out mechanisms, as well as data portability functions.
In addition to helping customers achieve and maximize their goals with the applicable privacy laws, the following information details some of the internal steps Dynamic Yield has taken to comply with various legislations and principles, including GDPR:
Dynamic Yield stores customer data across two sites:
Customers may utilize to store their end users’ Personal Data locally.
For more information about AWS data centers:
https://aws.amazon.com/compliance/data-center/
Dynamic Yield provides a full fledged platform which allows marketers to segment and target users with personalized offerings across web, mobile, email and other channels. As such, Dynamic Yield processes its customers’ end-user data, thus, Dynamic Yield customers who are deemed as “Data Controllers” under GDPR and the end users would constitute the “Data Subjects” whose rights must be protected.
Dynamic Yield only collects information based on a duly executed contract from the controller. Once an agreement to process data is terminated, Dynamic Yield ceases collecting personal data from the customer’s website and the records are deleted within a reasonable period of time from when a deletion request is made. The purposes of the data processing are determined by our customers, i.e. the Controllers.
Dynamic Yield has appointed a Data Privacy Officer (currently Nitzan Schindler, CIPP/E and CIPM) who oversees our privacy compliance and development program.
Dynamic Yield has appointed a Chief Information Security Officer and employs appropriate technical and organizational measures (“TOMS”) to safeguard Personal Data.
Dynamic Yield keeps a record of its processing activities carried out on behalf of the controller, its DPO is open for questions and data processing addendum is entered into with every customer
Dynamic Yield collects and processes Personal Data lawfully and is transparent with its customers about its processing activities.
Dynamic Yield has entered or will enter into Data Processing Agreements with its customers in order to maintain the legal basis for the processing (usually “consent” or “legitimate interest”), which is warranted by the customer as the Controller.
Dynamic Yield only collects data which may be used to analyze user behavior and to provide personalized experiences. Dynamic Yield does not combine any customer collected data with data collected from other customers, does not determine the purpose of processing, and does not share data with third parties except where required to by law.
Dynamic Yield does not onboard any data which is unnecessary or disproportionate to its needs to best serve end users with personalized experiences. IP addresses will cease to be stored moving forward. CRM and other data may be onboarded and DY expects its customers to only onboard data which satisfies the proportionality and lawfulness requirement. As Dynamic Yield provides a flexible mechanism for onboarding customer data, we request that sensitive or payment data not be onboarded without our consent.
Dynamic Yield will allow its customers to rectify any errors or misapplications in onboarded data with new CRM data pushed by the controller.
Dynamic Yield does not store any data unnecessarily and expects its controllers to refrain from onboarding data which is unnecessary for personalization purposes
Dynamic Yield’s DPO will work to continuously optimize and introduce improvements and customer feedback to the Dynamic Yield privacy program. The DPO will also cooperate with controllers in case of inquiries and data breaches.
Dynamic Yield will cooperate in full with controllers for handling requests regarding their end users’ data.
Dynamic Yield will cooperate with controllers regarding data requests from customers.
Our GDPR compliance has been endorsed by Taylor Wessing LLP, a global law firm with expertise in data privacy, which employs over 400 partners and 1,100 lawyers worldwide.
“We at Dynamic Yield respect the data concerns of our customers and have committed to making sure they can use our personalization engine safely and compliantly.”
