Take Comfort in Launching Your Personalization Campaigns with a GDPR Compliant Solution


Dynamic Yield ensures customers, partners, and prospects can use our personalization engine safely and compliantly.

GDPR Video
Play Video
A message from our Data Privacy Officer
gdpr-logo

Dynamic Yield
and Privacy Protection

Dynamic Yield is committed to the confidentiality, data privacy and security of its customers and their end-users. We are and will continue to invest extensive resources towards maintaining the highest levels of data protection, privacy and security standards. We are compliant with applicable laws and regulations, and are committed to our ongoing compliance with the EU General Data Protection Regulation (GDPR) and related guidelines. More about GDPR →

Above and Beyond GDPR Compliance

At Dynamic Yield, we not only comply with the processor related regulations but also offer assistance to data controllers in their own compliance when it comes to managing a personalization program through our technology. See how we are helping controllers comply with GDPR:

Appointment of a DPO

We have appointed a Data Privacy Officer (DPO) to manage our privacy program and to answer questions our prospects, customers and partners may have about our GDPR compliance.

Localized storage options

An EU data center will be available for new customers who wish to store their users’ personal data within the confines of the EU or existing customers who prefer to start afresh with their data stored in the EU.

General assistance

Any rights on the part of the data subject which requires controller adherence, Dynamic Yield will provide assistance where feasible.

Privacy shield certified

Customers in the US and in the EU will remain GDPR compliant irrespective of the location in which the data is stored under the privacy shield framework.

Assisting the controller

We honor requests from our customers to erase, transfer or modify their end users’ personal data from our servers. We also provide opt-in and opt-out mechanisms, as well as data portability functions.
ENDORSED BY TaylorWessing TaylorWessing-m

Our GDPR compliance has been endorsed by Taylor Wessing LLP, a global law firm with expertise in data privacy, which employs over 400 partners and 1,100 lawyers worldwide.

How Dynamic Yield is Compliant with GDPR

In addition to helping customers achieve and maximize their goals with the applicable privacy laws, the following information details some of the internal steps Dynamic Yield has taken to ensure its compliance with various privacy legislations, including the GDPR:

RequirementDynamic Yield Compliance
Data Storage and Cross-Border TransfersDynamic Yield stores customer data across two sites:
  1. Virginia, US- Dynamic Yield is fully compliant with the EU-US and Swiss-US Privacy Shield frameworks and conducts cross border data transfers to its Virginia data centers in accordance with the Privacy Shield framework.
  2. Frankfurt, Germany- Dynamic Yield has established a data center in the EU which new EU customers may utilize to store their end users’ Personal Data locally.
Satisfy the Definition of a Data Processor- “Processes Personal Data on behalf of the Controller” Dynamic Yield provides a full fledged platform which allows marketers to segment and target users with personalized offerings across web, mobile, email and other channels. As such, Dynamic Yield processes its customers’ end-user data, thus, Dynamic Yield customers who are deemed as “Data Controllers” under GDPR and the end users would constitute the “Data Subjects” whose rights must be protected.
Act on Behalf of the Controller Based on Controller Authorization Dynamic Yield only collects information based on a duly executed contract from the controller. Once an agreement to process data is terminated, Dynamic Yield ceases collecting personal data from the customer’s website and the records are deleted within a reasonable period of time from when a deletion request is made. The purposes of the data processing are determined by our customers, i.e. the Controllers.
Appointment of a Data Privacy Officer (DPO) Dynamic Yield has appointed a Data Privacy Officer (currently Jacob Silber, CIPP/E and CIPM) who oversees our privacy compliance and development program.
Integrity and Confidentiality- Protect personal data (security)- Part A Dynamic Yield has appointed a Chief Information Security Officer and and employs appropriate technical and organizational measures (“TOMS”) to safeguard Personal Data.
Demonstrate Compliance with GDPR Dynamic Yield keeps a record of its processing activities carried out on behalf of the controller, its DPO is open for questions and data processing addendum is entered into with every customer
Lawfulness, Fairness and Transparency- PT A Dynamic Yield collects and processes Personal Data lawfully and is transparent with its customers about its processing activities.
Lawfulness, Fairness and Transparency- PT B Dynamic Yield has entered or will enter into Data Processing Agreements with its customers in order to maintain the legal basis for the processing (usually “consent” or “legitimate interest”), which is warranted by the customer as the Controller.
Processing Personal Data- Purpose Limitation Dynamic Yield only collects data which may be used to analyze user behavior and to provide personalized experiences. Dynamic Yield does not combine any customer collected data with data collected from other customers, does not determine the purpose of processing, and does not share data with third parties except where required to by law.
Processing Personal Data- Data Minimization and Proportionality Dynamic Yield does not onboard any data which is unnecessary or disproportionate to its needs to best serve end users with personalized experiences. IP addresses will cease to be store moving forward. CRM and other data may be onboarded and DY expects its customers to only onboard data which satisfies the proportionality and lawfulness requirement. As Dynamic Yield provides a flexible mechanism for onboarding customer data, we request that sensitive or payment data not be onboarded without our consent.
Processing Personal Data- Accuracy Dynamic Yield will allow its customers to rectify any errors or misapplications in onboarded data with new CRM data pushed by the controller.
Processing Personal Data- Storage limitation Dynamic Yield does not store any data unnecessarily and expects its controllers to refrain from onboarding data which is unnecessary for personalization purposes
Processing Personal Data- Accountability Dynamic Yield’s DPO will work to continuously optimize and introduce improvements and customer feedback to the Dynamic Yield privacy program. The DPO will also cooperate with controllers in case of inquiries and data breaches.
Data Subjects Rights’- Erase, Rectify and Export Personal Data Dynamic Yield will cooperate in full with controllers for handling requests regarding their end users’ data.
Information Provisions- Transparency Dynamic Yield will cooperate with controllers regarding data requests from customers.

“We at Dynamic Yield respect the data concerns of our customers and have committed to making sure they can use our personalization engine safely and compliantly.”

Jacob Silber

VP Operations, Dynamic Yield

READ ON BLOG
Menu Title
Contact Us
×