Effective Date: 3/27/2020
Details of Data Processing
Subject Matter: All AWeber services, Customer provided data, and related technical support to Customer, including all publicly available information that is transmitted or retrieved from sub-processors of AWeber.
Duration of the Processing: As identified in the AWeber Service Agreement.
Data Subjects: Personal data submitted, stored, sent or received via AWeber services that may concern the Customer or Subscribers of the Customer.
AWeber takes all reasonable technical and organizational measures to commit to confidentiality of your data. The following information highlights our efforts to secure your trust in us with your data.
- Use of encryption while data is being transmitted to or procured from our systems and while stored in our data centers
- Continual automated and manual monitoring of the confidentiality, integrity, availability, and resilience of our systems
- Emergency Preparedness to restore availability of our services in the event of a physical or technical incident
- Routine backups in the event of data loss or corruption
- Regular risk assessments of all systems both internally and externally
- DDoS detection and mitigation in place for all data centers
- Promoting Responsible Disclosure
- Continuous automated and manual monitoring for fraud and abuse on all AWeber accounts
- Secure notifications to customers for sensitive account actions like password resets
- Tiered account access is available to limit billing and other sensitive information disclosure
- Taking commercially reasonable steps to ensure employees and those acting on AWeber’s behalf maintain confidentiality of personal data including continual security awareness training and annual attestation
- All AWeber employees are background checked prior to employment
- Privacy confirmations of all sub-processors engaged in providing AWeber services to maintain and provide at least the same level of protection for the personal data and the same rights of data subject as AWeber.
- Secured physical access to all data centers including keycards, alarms, and video camera recording
- Providing written responses to all reasonable requests for information made by customers and their subscribers
- In the event of a personal data breach, reasonably assisting customers with data security audits, including inspections, conducted by the customer, auditors, law enforcement, or other supervisory authorities
- Providing notice to customers regarding personal data breaches without undue delay
- Reasonably assisting customers with their obligations to Supervisory Authority Data Protection Impact Assessments and Prior Consultation taking into account the nature of processing and data involved
- Maintaining Privacy-Shield certification by completing an annual third-party review
- Maintaining Payment Card Industry (PCI) Security certification by completing an annual compliance review
- AWeber is a proud member of M3AAWG
Right to be informed: You or your subscribers can ask about personal data, how it is used, and why it is being used at any time.
Right of rectification: You or your subscribers can update (or request updates to) personal information at any time.
Right of erasure: You may cancel your AWeber account at any time and may additionally request that AWeber erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Your subscribers may also request that you or AWeber do the same for their personal data. AWeber reserves the right to keep the minimum amount of information that helps us prevent fraud to keep your deliverability the highest it can be.
Right to restrict processing: You may put your account on hold at any time which restricts the sending of email. Your data will still be processed for other actions such as billing and by our sub-processors. You may backup and deactivate a list to verify subscriber data and reactivate within 30 days. You may cancel your account to restrict all data processing of your data and your subscribers and reactivate your account as long as we have not yet deleted your information according to our retention policies.
Right to data portability: You may export any of your lists, or selected information within any list, at any time while your account is active by accessing your AWeber account.
Right to object: You may unsubscribe from any of AWeber’s emails at any time. Your subscribers may unsubscribe from your emails at any time.
AWeber does not discriminate against a customer, price services differently, or reduce quality of service based on exercising of the above data rights.
You may opt-in to be informed of sub-processor additions excluding those on our list of sub-processors below by contacting us. If you object to any sub-processor addition, you may cancel your account within 5 days of the notification provided that such objection is based on reasonable grounds relating to data protection. You may independently contact any of these sub-processors directly to have your information erased that they store about you. This may include information you provided to AWeber or information AWeber procured from the sub-processor.
|Amazon||Cloud Infrastructure Hosting|
|Appcues||Customer Walkthroughs and Surveys|
|First Data||Customer Billing|
|PayPal||Billing and Payments|
|Salesforce||Customer Sales Management|
|Sift Science||Spam Prevention|
|Survey Gizmo||Customer Surveys|