Exclaimer Global Data Protection Compliance Statement 

Introduction 

Exclaimer serves customers across the globe, and we are committed to meeting our obligations under applicable data protection and privacy laws in every jurisdiction in which we operate.  

Our compliance programme is built on the EU General Data Protection Regulation (GDPR) as a global baseline — a standard widely regarded as best-in-class for privacy by design and risk-based data protection.  

We are though aware of the global nature of our customer base and we therefore recognise and comply with the requirements of the UK GDPR, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Health Insurance Portability and Accountability Act (HIPAA) where applicable, the EU Digital Operational Resilience Act (DORA) for financial sector customers, the Protection of Personal Information Act (POPIA) in South Africa, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and the Privacy Act 1988 in Australia. This statement explains how we meet those obligations. 

Our commitment 

We are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent global approach to data protection across all the jurisdictions in which we and our customers operate. 

We have a robust and effective data protection program in place which complies with existing law and abides by the data protection principles, as is demonstrated by the third-party audits conducted annually to ensure that we maintain our ISO 27001 and SOC2:Type 2 certifications.   

Our services and how they are provided 

The infrastructure that we use to operate our services is based in a number of different territories. The specific territory chosen for you is based on the country in which you reside at the point of creating your subscription.  You can find out which datacentre will apply to your service here. 

For our email signature solutions, once our subscription service receives data from Microsoft 365 (Office 365) or Google Workspace (G Suite), there is no onward transfer of your data by Exclaimer beyond the sub-processors identified at https://trust.exclaimer.com.  This means that personal data processed within the subscription service is processed in the datacentre allocated to your region at the time of the creation of your subscription. 

Where you can find more information 

If you wish to understand more about how we comply with global data protection laws, our policies and our certifications, you can do so within our Trust Centre at https://trust.exclaimer.com.  

You can find our Data Processing Addendum here. 

Our Data Protection Officer 

Yes, we have appointed Karl Bagci, Exclaimer’s Head of Information Security as our Data Protection Officer who can be contacted at [email protected]. 

How to make a data subject / consumer rights request 

If you wish to make a DSAR to Exclaimer, please in the first instance send an email to [email protected]. We will take steps to confirm your identity before any further action is taken. 

Further questions 

If you have further questions about Exclaimer’s data protection and privacy compliance, or would like to discuss service options that may assist you with your own compliance obligations please liaise with your Exclaimer representative or email [email protected].