GDPR Compliance

It´s important to keep data safe, but how?

About the GDPR

On May 25th 2018, the new General Data Protection Regulation (GDPR) will be in effect.

The GDPR is an EU regulation to strengthening and unifying the data protection laws for everyone who lives in the EU. Here at Mailforge, we are trying to be ahead and make sure our platform is 100% GDPR compliant.

Before we continue, here are a few definitions you need to know when reading ahead and to understand GDPR

Definitions

  • Processor: This is us, Mailforge, we acts as an extended arm who will process and handle all data collected by you, the Controller.
  • Controller: This is you, the Mailforge customer, who controls and owns the data from the Data subject.
  • Data Subject: The visitor on your website who subscribes to your contact lists.

What are we doing

Data collection

  • We have made it possible for you (The controller), to see exactly what data is collected for a given data subject in our platform, which you can delete at any time.
  • We always collect e-mails, IP address and timestamps from all submissions regardless of method, so that you can prove consent.
  • Deleting a data subject, also deletes all data collected from them.
  • Data subjects can at all times see all data collected on them from their profile, and delete it themselfes by unsubscribing from the controllers lists.
  • We are automaticly deleting data which doesnt have a purpose anymore. This could be terminated mailforge user´s, or old analytics data.

General

  • Mailforge is developed with “Privacy by Design” in mind, which gives you (The controller), full access to any data related to you. That means, you can upload, view, extract and delete data as you wish by yourself.
  • Our infrastructure is set up securely in the EU, so that only a few people have access to it trough very secure encryption keys.
    .

What should you do

Consent

  • You need consent from the visitor, so that you are allowed to collect their data. This can be done by adding a checkbox which the data subject can allow you to collect and store their data. The data subject have to perform an action to give consent, so the checkbox cannot be pre-checked.

General

  • If you are in the EU, and require a “Data Processing Agreement” which will allow us (The processor) rights to process and handle your collected data. You can find the DPA under your account settings pre-signed by us. We will store your name, time of signing and IP address to verify you signed the DPA.
  • You should update your own Terms of use to be GDPR compliant, where you explains what data your collecting, and what your using it for, who have access to it etc.