We are ready for GDPR!
Find out how we prepared for GDPR and why you are compliant with the law when using our system.
Will FreshMail certify or otherwise confirm its readiness to comply with the provisions of GDPR?
Yes, if a general certification system will suffice, because it has not yet been created at the time of this writing. Currently, certificates are obtained for a fee from commercial entities providing training regarding GDPR compliance. FreshMail has participated and continues to participate extensively in the creation of good email marketing with such institutions as IAB.
Does FreshMail delete data? Is the deletion protocol available?
Yes, we delete customer data and issue a data removal protocol. The complete deletion of data takes place after 30 days due to their presence in the back-up.
Does FreshMail entrust anyone with data?
Yes, the list of our subprocessors is attached to every contract regarding the storage and processing of personal data.
Are backup copies of personal data processed in the FreshMail application?
Yes, we make backup copies of personal data.
Are backups made of the application, database structure and operating system?
Yes, we make backup copies of the application, database structure and operating system.
Which obligations mandated by GDPR does FreshMail support?
FreshMail offers the following functions that support compliance with the provisions of GDPR:
a) Double opt-in - we encourage all our clients to build mailing lists using the double opt-in model, which supports the principle of permission marketing. It is the default setting in FreshMail.
b) Resignation link - we require every campaign to have a resignation link, which allows the recipient to unsubscribe from the list, which for the Administrator should be synonymous with withdrawal of consent to the processing of personal data.
c) Sign-up form creator - this tool allows you to create sign-up forms with any number of consents to satisfy the requirements of GDPR.
d) Default confirmation message - a default message sent to cofirm new subscriptions is consistent with the requirements of GDPR.
e) Autoresponder for new sign-ups - an automatic message that helps you to meet the informational obligations of GDPR.
f) Deletion from database - the ability to quickly remove anyone who resigns from the mailing list from the database as well.
Will FreshMail only process data according to the documented orders of the data administrator?
Yes, the only basis for processing data is Agreement Regarding the Storage and Processing of Personal Data.
Will FreshMail ensure that any persons authorized to process personal data are themselves obligated to secrecy or are subject to an appropriate statutory obligation of secrecy?
Yes, personal data protection is a very important topic in FreshMail. We make sure that our employees have the appropriate knowledge about data security and applicable provisions regarding the protection of personal data. Each person receiving such authorization is trained in this matter.
Taking into account the nature of data processing, does FreshMail help the Administrator with appropriate technical and organizational measures to meet the obligation to respond to requests of the data subject in the exercise of its rights?
As a data processor, FreshMail will be an auxiliary function for the Administrator, therefore we already provide basic user rights via, for example, a resignation link.
Will FreshMail designate an Inspector of Personal Data?
Yes, we already have an Information Safety Administrator.
Does the sign-up form have to contain consents (mandatory checkbox) or can they only be in the confirmation message?
Consent to the processing of personal data may be expressed by a statement or a clear and unambiguous act.
Is the information contained in your confirmation message legally sufficient to send a newsletter?
Yes, the content of the confirmation message prepared by FreshMail is sufficient if you send the campaign for marketing purposes. Remember that the content of your confirmation message should be consistent with your recipients' intentions when they agreed to subscribe to the newsletter.
What about my current database?
The law is not retroactive, so if you have been building a database in a manner consistent with current regulations and good email marketing practices, you can still use it. However, it’s important to remember the extensive information obligations required by GDPR and we recommend that you meet all mandated standards from the first campaign you send under the new regulations.
What’s the best way to gain consent under GDPR?
According to GDPR, consent must be:
- specific and clear
This means that consent is an expression of the free will of the user. The best way to build a database on this principle is to use the double opt-in model and not to make the service conditional on the consent.
Are checkboxes required to give consent on sign-up forms?
Consent should be expressed in an unambiguous, affirmative way, which means that checkboxes are only one of many possibilities. The form on the website must contain an element that is used to clearly confirm consent. When creating a subscription form, it is necessary to bear in mind that marking checkboxes by default does not signify consent, just like taking no action does not constitute consent.
For how long can data be saved?
The processing time of personal data depends on the purpose of the processing. According to GDPR, the Administrator should ensure that the data processing period is limited to the time necessary to achieve the intended purpose of data processing.
How do I renew consent after the passing of an expiration date that I’ve set?
In connection with the expanded information obligations of GDPR, the Data Administrator must inform recipients about the established period of data processing and consent should be obtained again after the period ends.
How do you ensure that a particular subscription was voluntarily made?
FreshMail requires that subscriptions to newsletters be made using the double opt-in model, thanks to which there is a clear record of the voluntary nature of the subscription, including a record of the confirmation link sent in an email to the subscriber’s address. We have a clear recipient's recording path, in which the key step is to receive a confirmation message and click the link to confirm. Such information is stored by us.