At Emarsys we apply the strictest data security measures to protect our clients’ sensitive data. This document outlines the data classification guidelines that we use in this process.
The information assets stored at Emarsys are classified based on the confidentiality/integrity of the data. The following categories apply:
These are all data groups where compromise could lead to legal or contractual breaches, or have significant adverse impact on Emarsys’ brand and reputation including (but not limited to):
- Personal Data/Personally Identifiable Information (PII)
- Financial data
- Customer data protected by contractual requirements
- This category has security restrictions you must adhere to. You, as an add-on provider MAY NOT store or log any restricted data in your services. If you still wish to do so, it is subject to agreement with your own customers. Emarsys cannot be held liable for you not complying with these restrictions.
- The storage of PII data is not allowed outside of Emarsys premises, which are based in the European Union.
What is Personal Data/PII?
Information that, by itself or in connection with public information, can be used to identify a person. PII data must stay within Emarsys premises.
The following information may be stored in your external services:
- First name by itself
- Last name by itself
- IP-address by itself
- Aggregated data: opens, clicks
The following information MAY NOT be stored or logged by you, unless specifically agreed upon with your customers:
- First and Last name
- Email address
- Telephone number
Emarsys’ proprietary information, where a compromise would cause operational difficulties, exposure to external threats, or endanger our market advantage. Application-related metadata are such information:
- Table names
- Field names
- Internal identifiers, etc.
Note: Confidential information MAY be stored by add-on providers.
All information available to the general public (services, office contact information, etc.). This MAY be stored by add-on providers.