Data Processing
Effective Date: 3/27/2020
By use of AWeber services, you instruct AWeber to process any personal data you provide to AWeber in alignment with AWeber’s Service Agreement and Privacy Policy and agree to the processing of any personal data that AWeber provides to you in connection with the services. Customer also specifically authorizes the engagement of AWeber’s Advocates as Sub-processors. In addition, Customer generally authorizes the engagement of any other third parties as Sub-processors.
Customer Obligations
By use of AWeber services you agree to comply with data protection, security and other obligations with respect to any and all personal data by adhering to the AWeber Service Agreement and Anti-Spam policies, and Privacy Policy along with all local data protection laws to which you are subject. AWeber will inform you if, in AWeber’s opinion, you have violated any data processing obligation.
Details of Data Processing
Subject Matter: All AWeber services, Customer provided data, and related technical support to Customer, including all publicly available information that is transmitted or retrieved from sub-processors of AWeber.
Duration of the Processing: As identified in the AWeber Service Agreement.
Nature and Purpose of the Processing: AWeber provides an email service, automation and marketing platform and other related services as identified in our Privacy Policy.
Categories of Data: As outlined in our Privacy Policy ("I Am An AWeber Advocate.", "I Am A Subscriber To An Email List Managed Through AWeber.", "I Am An AWeber Customer.")
Data Subjects: Personal data submitted, stored, sent or received via AWeber services that may concern the Customer or Subscribers of the Customer.
Data Security
AWeber takes all reasonable technical and organizational measures to commit to confidentiality of your data. The following information highlights our efforts to secure your trust in us with your data.
- Use of encryption while data is being transmitted to or procured from our systems and while stored in our data centers
- Continual automated and manual monitoring of the confidentiality, integrity, availability, and resilience of our systems
- Emergency Preparedness to restore availability of our services in the event of a physical or technical incident
- Routine backups in the event of data loss or corruption
- Regular risk assessments of all systems both internally and externally
- DDoS detection and mitigation in place for all data centers
- Promoting Responsible Disclosure
Account Security
- Continuous automated and manual monitoring for fraud and abuse on all AWeber accounts
- Secure notifications to customers for sensitive account actions like password resets
- Tiered account access is available to limit billing and other sensitive information disclosure
Personnel Security
- Taking commercially reasonable steps to ensure employees and those acting on AWeber’s behalf maintain confidentiality of personal data including continual security awareness training and annual attestation
- All AWeber employees are background checked prior to employment
- Privacy confirmations of all sub-processors engaged in providing AWeber services to maintain and provide at least the same level of protection for the personal data and the same rights of data subject as AWeber.
- Secured physical access to all data centers including keycards, alarms, and video camera recording
Customer Response
- Providing written responses to all reasonable requests for information made by customers and their subscribers
- In the event of a personal data breach, reasonably assisting customers with data security audits, including inspections, conducted by the customer, auditors, law enforcement, or other supervisory authorities
- Providing notice to customers regarding personal data breaches without undue delay
- Reasonably assisting customers with their obligations to Supervisory Authority Data Protection Impact Assessments and Prior Consultation taking into account the nature of processing and data involved
Security Certifications
- Maintaining Privacy-Shield certification by completing an annual third-party review
- Maintaining Payment Card Industry (PCI) Security certification by completing an annual compliance review
- AWeber is a proud member of M3AAWG
Data Rights
Right to be informed: You or your subscribers can ask about personal data, how it is used, and why it is being used at any time.
Right of access: As outlined in our Privacy Policy (Access to Personal Information).
Right of rectification: You or your subscribers can update (or request updates to) personal information at any time.
Right of erasure: You may cancel your AWeber account at any time and may additionally request that AWeber erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Your subscribers may also request that you or AWeber do the same for their personal data. AWeber reserves the right to keep the minimum amount of information that helps us prevent fraud to keep your deliverability the highest it can be.
Right to restrict processing: You may put your account on hold at any time which restricts the sending of email. Your data will still be processed for other actions such as billing and by our sub-processors. You may backup and deactivate a list to verify subscriber data and reactivate within 30 days. You may cancel your account to restrict all data processing of your data and your subscribers and reactivate your account as long as we have not yet deleted your information according to our retention policies.
Right to data portability: You may export any of your lists, or selected information within any list, at any time while your account is active by accessing your AWeber account.
Right to object: You may unsubscribe from any of AWeber’s emails at any time. Your subscribers may unsubscribe from your emails at any time.
AWeber does not discriminate against a customer, price services differently, or reduce quality of service based on exercising of the above data rights.
Sub-processors
You may opt-in to be informed of sub-processor additions excluding those on our list of sub-processors below by contacting us. If you object to any sub-processor addition, you may cancel your account within 5 days of the notification provided that such objection is based on reasonable grounds relating to data protection. You may independently contact any of these sub-processors directly to have your information erased that they store about you. This may include information you provided to AWeber or information AWeber procured from the sub-processor.
| Sub Processor | Purpose |
|---|---|
| Amazon | Cloud Infrastructure Hosting |
| Appcues | Customer Walkthroughs and Surveys |
| Clearbit | Customer Intelligence |
| eHawk | Spam Prevention |
| First Data | Customer Billing |
| Fullstory | Customer Support |
| Business Analytics | |
| Kissmetrics | Business Analytics |
| LiveChatInc | Customer Support |
| Lob | Address Validation |
| PayPal | Billing and Payments |
| Salesforce | Customer Sales Management |
| Sift Science | Spam Prevention |
| Survey Gizmo | Customer Surveys |
| Twilio | Customer Support |
| VWO | A/B Testing |
| Zendesk | Customer Support |