- Organizations located within the EU
- Organizations located outside of the EU if they offer goods or services to (even for free), or monitor the behavior of, EU residents
It depends. If you offer your goods or services to or monitor the behavior of any EU residents, then you must comply with GDPR.
Under GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”), such as name, email, location, IP address, or online behavior. You can find more detailed information about what is “personal data” here.
Data processing is a broadly defined term under the GDPR and covers any operation performed on personal data including without limitation to collection, storage, transfer, use and deletion of personal data.
GDPR is letting individuals choose what happens to their personal data. Individuals can ask companies to:
- access, update or correct errors on their personal data
- erase their personal data
- object to its processing
- request the restriction of its processing
- receive their personal in a structured, commonly used and machine-readable format and transmit those data to a third party,
- withdraw their consents to its processing
- lodge a complaint with supervisory data protection authority, if they have concerns about the processing
A data controller is the organization that determines the purposes, conditions, and means of the processing of personal data. A data processor is an organization that processes personal data on behalf of the data controller.
As the data controller, you determine the personal data we store and process on your behalf. If you use Related Marketing Cloud (RMC) solutions, we may process personal data for you depending on the solutions you use and the information you send to RMC Platform.
As a controller, you are obliged to provide privacy notices to individuals who engage with your brands detailing how you collect and use information etc., and obtain consents, if needed. If those individuals want to know what data you process about them or decide they want to stop their relationship with you, you will respond to those requests in a reasonable time frame.
RMC is a data processor of your consumer data and you are the Data Controller if we provide our RMC platform or our services to your company.
When we provide our platform or our services to a company, we’re acting as a data processor for the personal data the company sends as part of our service agreement.
As a data processor, we only process personal data in accordance with your company’s permission and instructions.
RMC has an active GDPR program. Many areas of GDPR requirements have been addressed and added to our product roadmap. We remain committed to keeping our customer’s data safe and secure.
Every company is unique and must determine their GDPR status for themselves. RMC cannot provide direct guidance or make assertions about your GDPR compliance.
GDPR requires Data Controllers to enter into an agreement with anyone who handles data on your behalf. In this case, the data processing agreement is an agreement between our Customers and us which clarifies rights and obligations of both parties under the GDPR.
Yes. We are working on our DPA available, and it will soon be published on our webpage so that our customers can be confident that their data is processed in a lawful manner.
Yes. A complete list of our current sub-processors are published on our website.
Address: Yeşilce Mahallesi Yunus Emre Caddesi Doğruer Plaza No: 4 Zemin Kat 4. Levent Istanbul/Turkey