We use cookies to enhance your experience. By continuing to visit this site, you agree to our use of cookies. Learn More

GDPR Compliance

Our Commitment to Data Protection

Allied Clicks is committed to protecting the personal data of our clients and their customers in compliance with the General Data Protection Regulation (GDPR).

As a provider of marketing automation services that process personal data, we take our responsibilities under the GDPR seriously. This page outlines our approach to GDPR compliance and how we help our clients meet their obligations under this regulation.

This document was last updated on March 1, 2025.

The GDPR applies to the processing of personal data of individuals in the European Union, regardless of where the processing takes place. If you collect or process data from EU residents, these regulations apply to your business.

Our Role Under GDPR

Data Controller vs. Data Processor

Under the GDPR, organizations can be classified as either Data Controllers or Data Processors:

Allied Clicks as a Data Processor

When we process personal data on behalf of our clients through our marketing automation services, we act as a Data Processor. In this role, we:

  • Process data only as instructed by our clients
  • Implement appropriate security measures
  • Assist clients in fulfilling their GDPR obligations
  • Maintain records of processing activities

Allied Clicks as a Data Controller

For data we collect directly (e.g., from our website visitors or for our own marketing), we act as a Data Controller. In this role, we:

  • Determine the purposes and means of processing
  • Ensure lawful basis for processing
  • Provide privacy notices to data subjects
  • Respond to data subject rights requests

Data Processing Agreements

We provide a comprehensive Data Processing Agreement (DPA) to all clients who use our services to process personal data of EU residents. Our DPA covers:

  • The scope and purpose of data processing
  • Types of personal data processed
  • Duration of processing
  • Rights and obligations of both parties
  • Security measures implemented
  • Procedures for handling data breaches
  • Sub-processor management
  • International data transfers

To request our standard DPA or discuss custom requirements, please contact our Data Protection Team.

Data Subject Rights

Supporting Individual Rights

The GDPR provides individuals (data subjects) with specific rights regarding their personal data. Allied Clicks helps our clients fulfill these rights through our platform features and processes:

Right Description How We Support It
Right to Access Individuals can request a copy of their personal data Our platform allows for easy export of individual data records
Right to Rectification Individuals can request correction of inaccurate data Data can be updated through our API or dashboard
Right to Erasure Individuals can request deletion of their data Our platform includes data deletion tools with verification
Right to Restriction Individuals can request limiting how their data is used Custom fields and tags to mark processing restrictions
Right to Data Portability Individuals can request their data in a portable format Data export in standard formats (CSV, JSON)
Right to Object Individuals can object to certain processing Preference management and suppression lists

Request Handling Process

When you receive a data subject request that involves data processed through our platform:

  1. Verify the identity of the requestor according to your internal procedures
  2. Log the request in your systems
  3. Use our platform tools to fulfill the request (our support team can assist)
  4. Document the actions taken
  5. Respond to the data subject within the required timeframe (typically 30 days)

For complex requests or assistance, contact our Data Protection Team.

Data Security Measures

Technical Safeguards

Allied Clicks implements comprehensive technical measures to protect personal data:

Encryption

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)

Access Controls

Role-based access with multi-factor authentication

Network Security

Firewalls, intrusion detection, and regular penetration testing

Data Isolation

Logical separation of client data with secure architecture

Backup & Recovery

Regular backups with secure, geographically distributed storage

Secure Development

Security-by-design principles and regular code reviews

Organizational Measures

Our security approach extends beyond technology to include organizational practices:

  • Staff Training: Regular privacy and security training for all employees
  • Access Management: Strict need-to-know and least privilege principles
  • Security Policies: Comprehensive policies and procedures
  • Vendor Assessment: Rigorous security evaluation of all sub-processors
  • Incident Response: Documented procedures for detecting and handling breaches
  • Regular Audits: Internal and third-party security assessments
  • Continuous Improvement: Regular review and enhancement of security measures

International Data Transfers

Cross-Border Data Protection

Allied Clicks may process personal data in various locations as part of our service delivery. We ensure that any international transfers of EU personal data comply with GDPR requirements through:

EU Data Centers

Where possible, we process EU personal data within EU-based data centers to minimize international transfers.

Standard Contractual Clauses

We implement the European Commission's Standard Contractual Clauses (SCCs) for data transfers outside the EU/EEA to countries without an adequacy decision.

Transfer Impact Assessments

We conduct and document transfer impact assessments for international data flows to ensure appropriate safeguards are in place.

Sub-processor Management

We maintain a list of all sub-processors who may access personal data and ensure they provide appropriate safeguards for international transfers.

For a current list of our sub-processors and their locations, please contact our Data Protection Team.

Data Breach Procedures

Incident Response Plan

Despite our robust security measures, we maintain a comprehensive data breach response plan to address any potential incidents promptly and effectively:

Detection & Assessment

Our security systems continuously monitor for unauthorized access or data exposure. Upon detection of a potential breach:

  • Our security team immediately investigates the incident
  • We determine if personal data has been compromised
  • We assess the nature, scope, and likely consequences of the breach

Notification

If a breach involving personal data is confirmed:

  • We notify affected clients without undue delay, typically within 24 hours
  • We provide details about the breach, affected data, and recommended actions
  • We support clients in their notification obligations to supervisory authorities and data subjects

Containment & Remediation

We take immediate steps to:

  • Contain the breach and minimize its impact
  • Implement necessary security measures to prevent further exposure
  • Restore affected systems and data from secure backups if necessary

Documentation & Improvement

Following resolution of the incident:

  • We document all aspects of the breach and our response
  • We conduct a thorough post-incident review
  • We implement improvements to prevent similar incidents
  • We share lessons learned (without sensitive details) to help clients improve their security

In the event of a data breach, time is critical. We recommend that all clients maintain their own incident response procedures to ensure timely notification to authorities (within 72 hours) and affected individuals as required by the GDPR.

Data Protection Officer

Allied Clicks has appointed a Data Protection Officer (DPO) to oversee our GDPR compliance efforts and serve as a point of contact for data protection matters.

Contact our DPO:

[email protected]
Allied Clicks LLC
1050 Wall Street, Suite 630
Lyndhurst, NJ 07071
United States

For general privacy inquiries or to exercise your data rights, please contact:

[email protected]

GDPR Resources

Documentation

We provide the following resources to help our clients with GDPR compliance:

Platform Features

Our platform includes several GDPR-focused features:

  • Consent Management Tools
  • Data Subject Request Handling
  • Data Retention Controls
  • Audit Logs for Processing Activities
  • Data Export and Deletion Tools
  • Privacy-by-Design Templates

For more information about how our platform can help with your GDPR compliance efforts:

Contact Our Team

Questions About GDPR Compliance?

Our Data Protection team is here to help you understand our GDPR compliance measures and how we can support your business.

Contact Us