> For the complete documentation index, see [llms.txt](https://support.emarketeer.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://support.emarketeer.com/legal/covernance-risk-and-compliance.md). # Governance, Risk and Compliance eMarketeer AB (“eMarketeer”) is a leading provider of Software as a Service (SaaS) for e-marketing. Our platform helps automate communication, response, and follow-up processes to optimize customer engagement and service. We are deeply committed to privacy, security, and transparency. This section outlines our governance structure, policies, and procedures to ensure all employees align with these principles. eMarketeer complies with legal requirements established by the European Union and relevant local legislation. ### Governance at eMarketeer Our Quality Management System (EQS) is based on ISO standards and the GRC model: Governance, Risk Management, and Compliance. The Board of Directors defines processes that shape the organization’s structure, leadership, and goal achievement strategies. EQS covers both our internal Information Security Management System and our online cloud services. It also includes GDPR-related privacy processes. ### Risk Management We conduct annual risk assessments of our information assets, following Article 24 of the EU-GDPR and ICT regulations §3. Our approach is proactive and ensures appropriate responses to potential risks. Risks are evaluated and addressed based on their severity—through mitigation, avoidance, acceptance, or delegation to third parties. We manage a variety of risks including technical, information security, financial, and regulatory compliance risks. #### Information Classification and Control All critical information and assets are registered, assigned to owners, and classified according to their sensitivity. Security measures are applied accordingly, and owners are responsible for maintaining safeguards and implementing improvements. #### Third-party Access to Data All customer data is treated as confidential and is never sold or disclosed to third parties. Access is limited to the customer and authorized eMarketeer personnel for administration only. ### Compliance We comply with the GDPR (Regulation 2016/679), ensuring data protection and lawful processing. All data is stored in the EU and encrypted using eMarketeer’s own encryption keys. U.S.-based services use Standard Contractual Clauses (SCC) or store data in the EU. #### Data Processing Agreements Data Processing Agreements (DPAs) are signed with customers to define how personal data is processed by eMarketeer. We also establish sub-processing agreements with our partners. #### Secure Storage Data is secured under an ISO 27001-certified Information Security Management System. Regular audits and assessments are performed by external security consultants in collaboration with our hosting provider. #### Audits and ISAE 3402 Customers may request audits or inspections using certified third-party auditors. Costs are borne individually. eMarketeer also conducts annual third-party audits to validate its technical and organizational safeguards. #### Secure Product Development We follow Security by Design and Privacy by Design principles. All code is developed securely, tested internally and externally, and reviewed before deployment. Testing includes feature, integration, performance, and stress tests—conducted manually and automatically. Agile and Scrum methodologies guide our development process. New functionality is tested in dedicated environments before being released to production. Every release undergoes code reviews, risk assessments, and penetration testing. Only after meeting all security criteria is it implemented in our platform. #### Exit Plan Upon termination of a subscription, the customer’s account is deactivated. Data can be exported in a generic format before it is permanently deleted after 30 days. Backups remain available according to our retention policies. ### Contact Info For questions about our governance, risk management, or compliance, contact our Data Protection Officer at . --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.emarketeer.com/legal/covernance-risk-and-compliance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.