We are ready for GDPR!
Find out how we prepared for GDPR and why you are compliant with the law when using our system.
Find out how we prepared for GDPR and why you are compliant with the law when using our system.
Yes, if a general certification system will suffice, because it has not yet been created at the time of this writing. Currently, certificates are obtained for a fee from commercial entities providing training regarding GDPR compliance. FreshMail has participated and continues to participate extensively in the creation of good email marketing with such institutions as IAB.
Yes, we delete customer data and issue a data removal protocol. The complete deletion of data takes place after 30 days due to their presence in the back-up.
Yes, the list of our subprocessors is attached to every contract regarding the storage and processing of personal data.
Yes, we make backup copies of personal data.
Yes, we make backup copies of the application, database structure and operating system.
FreshMail offers the following functions that support compliance with the provisions of GDPR:
a) Double opt-in - we encourage all our clients to build mailing lists using the double opt-in model, which supports the principle of permission marketing. It is the default setting in FreshMail.
b) Resignation link - we require every campaign to have a resignation link, which allows the recipient to unsubscribe from the list, which for the Administrator should be synonymous with withdrawal of consent to the processing of personal data.
c) Sign-up form creator - this tool allows you to create sign-up forms with any number of consents to satisfy the requirements of GDPR.
d) Default confirmation message - a default message sent to cofirm new subscriptions is consistent with the requirements of GDPR.
e) Autoresponder for new sign-ups - an automatic message that helps you to meet the informational obligations of GDPR.
f) Deletion from database - the ability to quickly remove anyone who resigns from the mailing list from the database as well.
Yes, the only basis for processing data is Agreement Regarding the Storage and Processing of Personal Data.
Yes, personal data protection is a very important topic in FreshMail. We make sure that our employees have the appropriate knowledge about data security and applicable provisions regarding the protection of personal data. Each person receiving such authorization is trained in this matter.
As a data processor, FreshMail will be an auxiliary function for the Administrator, therefore we already provide basic user rights via, for example, a resignation link.
Yes, we already have an Information Safety Administrator.
Consent to the processing of personal data may be expressed by a statement or a clear and unambiguous act.
Yes, the content of the confirmation message prepared by FreshMail is sufficient if you send the campaign for marketing purposes. Remember that the content of your confirmation message should be consistent with your recipients' intentions when they agreed to subscribe to the newsletter.
The law is not retroactive, so if you have been building a database in a manner consistent with current regulations and good email marketing practices, you can still use it. However, it’s important to remember the extensive information obligations required by GDPR and we recommend that you meet all mandated standards from the first campaign you send under the new regulations.
According to GDPR, consent must be:
- voluntary
- conscious
- specific and clear
This means that consent is an expression of the free will of the user. The best way to build a database on this principle is to use the double opt-in model and not to make the service conditional on the consent.
Consent should be expressed in an unambiguous, affirmative way, which means that checkboxes are only one of many possibilities. The form on the website must contain an element that is used to clearly confirm consent. When creating a subscription form, it is necessary to bear in mind that marking checkboxes by default does not signify consent, just like taking no action does not constitute consent.
The processing time of personal data depends on the purpose of the processing. According to GDPR, the Administrator should ensure that the data processing period is limited to the time necessary to achieve the intended purpose of data processing.
In connection with the expanded information obligations of GDPR, the Data Administrator must inform recipients about the established period of data processing and consent should be obtained again after the period ends.
FreshMail requires that subscriptions to newsletters be made using the double opt-in model, thanks to which there is a clear record of the voluntary nature of the subscription, including a record of the confirmation link sent in an email to the subscriber’s address. We have a clear recipient's recording path, in which the key step is to receive a confirmation message and click the link to confirm. Such information is stored by us.
Discover all the FreshMail features
Sign Up Free