Here is an overview how Mixmax has prepared to meet the new regulation requirements.
Data Processing Addendum
We offer a data processing addendum (DPA) for our customers who collect data from people in the EEA (EU plus Iceland, Norway and Liechtenstein). Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our customers. Customers can click to accept our DPA at
To guarantee no terms are imposed on us beyond what is reflected in our DPA and Terms of Service, we cannot agree to sign individual customers’ DPAs. We are a small team and are unable to make individual changes to our DPA. Any changes to the standard DPA would require legal counsel and considerable back and forth discussion, which would be cost-prohibitive for our small team.
If you have any questions or concerns, please let us know.
Training and awareness
We formed a core team of leaders from each area of Mixmax’s business. The representatives in this group ensure that Mixmax covers the requirements of GDPR, across all teams, from Engineering to Customer Success. Mixmax requires that all employees learn about and follow GDPR regulations, and ensures that all employees participate in the necessary training.
Updates to our third party vendor contracts
We reviewed the 3rd party vendors that we use to provide our products and services, and we performed a comprehensive review of their GDPR compliance. We already have DPAs in place with the vendors who offer a signed version, while others have a DPA that is automatically accepted as part of the Terms of Service on May 25th.
Individual Data Subject’s Rights – Data Access, Portability and Deletion
Risk Assessment (data protection impact assessments)
One of the GDPR requirements is a managed data protection impact assessment (DPIA) process. A DPIA process is a way to help us identify and minimize the data protection risks of a project. The Mixmax engineering team has always undergone security and privacy due diligence when choosing tools and making implementation decisions, so this requirement is easy for us. Any time we introduce a change to the way we handle personal data, we discuss the potential impact on Mixmax customers and explore possible privacy and security risks to personal data. If any risk is identified, no matter how small, our product and engineering teams collaborate on a solution to mitigate the data privacy and security risk to anyone who interacts with the Mixmax platform. We will continue to execute this risk assessment process as we expand Mixmax’s offerings.
We updated our existing breach management and communication plan to comply with the GDPR regulations concerning the escalation process and requirements for data subject notification.
We are here for you
We are working with our customers to answer any questions and address any concerns regarding how we protect their personal data. If you have any questions, please don’t hesitate to reach out.