FeedBlitz functions as your data processor (or equivalent term for the relevant laws and regulations); our clients are the controllers and are responsible for our actions through our business relationship and the settings used in the FeedBlitz service. For more detail on now that works for GDPR in particular, see this article.
By default, the standard footer we use in emails we send contains FeedBlitz's information (postal address and US phone number). We do this for our standard clients so:
- They don't have to reveal where they live, nor be obliged to use a PO Box to retain personal privacy and safety.
- FeedBlitz takes care of mailed in removal requests.
- FeedBlitz support takes care of emailed, phoned and chat-based removal requests.
- FeedBlitz takes care of GDPR right to be forgotten and CCPA do not sell my information requests.
As part of the Enterprise upgrade, you can completely change this footer if you want to, understanding that that might increase your own internal administrative overhead somewhat.
Perhaps the most critical of compliance issues for enterprises when outsourcing to a third party email service like FeedBlitz is managing removals.
- FeedBlitz online unsubscribes are processed immediately, and are by list.
- GDPR right to be forgotten requests can be performed by a subscriber from the FeedBlitz-provided preferences page.
- GDPR right to be forgotten requests received by support will be processed within a US business day (i.e. taking into account US-based federal holidays, such as Independence Day on July 4th), and will be verified before they are actioned.
- FeedBlitz processes GDPR right to be forgotten requests regardless of whether the requestor is an EU citizen or not.
FeedBlitz makes several methods available to you to enable these requests to get upstream to you, if you want to process them in any in-house applications or other services. These include:
- Real-time, daily or weekly emails sent to you.
- Webhooks to your systems.
- Third party triggers via Zapier.com (you are responsible for the Zapier account used)
- Access subscriber states via the FeedBlitz API.
In addition, you can communicate subscriber removal to FeedBlitz using any and all of the following mechanisms:
- Removal via the FeedBlitz user interface (UI).
- API removal.
- Removal via a Zapier.com zap (you are responsible for the Zapier account used).
If you wish to have removals communicated to you using a technique not listed here (e.g. a CSV upload over SSH), FeedBlitz will be happy to estimate what, if any, additional one-time cost would be incurred to deliver that capability.
Notwithstanding logs and audit trails that are maintained as a matter of course by FeedBlitz (see here for data retention policies), our email app tracks the email address, time and IP used (and hence, implicitly, the location of the end user) when the recipient opens and clicks an email. This data is only made available to the data controller, and to FeedBlitz support and development resources as needed to support you and improve the solution.
Further, if you have advertising enabled as part of your account, FeedBlitz restricts cookie placement, ad serving and other tracking elements for certain locations (EU27 + UK, for example), or when the location of the recipient cannot be readily determined.