Governance, Risk and Compliance
eMarketeer AB (“eMarketeer”) is a leading provider of Software as a Service (SaaS) for e-marketing. Our platform helps automate communication, response, and follow-up processes to optimize customer engagement and service.
We are deeply committed to privacy, security, and transparency. This section outlines our governance structure, policies, and procedures to ensure all employees align with these principles. eMarketeer complies with legal requirements established by the European Union and relevant local legislation.
Governance at eMarketeer
Our Quality Management System (EQS) is based on ISO standards and the GRC model: Governance, Risk Management, and Compliance.
The Board of Directors defines processes that shape the organization’s structure, leadership, and goal achievement strategies.
EQS covers both our internal Information Security Management System and our online cloud services. It also includes GDPR-related privacy processes.
Risk Management
We conduct annual risk assessments of our information assets, following Article 24 of the EU-GDPR and ICT regulations §3. Our approach is proactive and ensures appropriate responses to potential risks.
Risks are evaluated and addressed based on their severity—through mitigation, avoidance, acceptance, or delegation to third parties.
We manage a variety of risks including technical, information security, financial, and regulatory compliance risks.
Information Classification and Control
All critical information and assets are registered, assigned to owners, and classified according to their sensitivity. Security measures are applied accordingly, and owners are responsible for maintaining safeguards and implementing improvements.
Third-party Access to Data
All customer data is treated as confidential and is never sold or disclosed to third parties. Access is limited to the customer and authorized eMarketeer personnel for administration only.
Compliance
We comply with the GDPR (Regulation 2016/679), ensuring data protection and lawful processing. All data is stored in the EU and encrypted using eMarketeer’s own encryption keys. U.S.-based services use Standard Contractual Clauses (SCC) or store data in the EU.
Data Processing Agreements
Data Processing Agreements (DPAs) are signed with customers to define how personal data is processed by eMarketeer. We also establish sub-processing agreements with our partners.
Secure Storage
Data is secured under an ISO 27001-certified Information Security Management System. Regular audits and assessments are performed by external security consultants in collaboration with our hosting provider.
Audits and ISAE 3402
Customers may request audits or inspections using certified third-party auditors. Costs are borne individually. eMarketeer also conducts annual third-party audits to validate its technical and organizational safeguards.
Secure Product Development
We follow Security by Design and Privacy by Design principles. All code is developed securely, tested internally and externally, and reviewed before deployment.
Testing includes feature, integration, performance, and stress tests—conducted manually and automatically.
Agile and Scrum methodologies guide our development process. New functionality is tested in dedicated environments before being released to production.
Every release undergoes code reviews, risk assessments, and penetration testing. Only after meeting all security criteria is it implemented in our platform.
Exit Plan
Upon termination of a subscription, the customer’s account is deactivated. Data can be exported in a generic format before it is permanently deleted after 30 days. Backups remain available according to our retention policies.
Contact Info
For questions about our governance, risk management, or compliance, contact our Data Protection Officer at privacy@emarketeer.com.