General Data Protection Regulation (GDPR) Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a European privacy law that came into effect in May 2018. It governs how personal data of European Union (EU) citizens can be collected, used, and processed. This regulation applies not only to businesses based in the EU but also to any organization, regardless of location, that markets to or processes the personal data of EU citizens. In simple terms, if your business handles the personal data of EU citizens, you must comply with GDPR, no matter where your company operates.

How Does MailCastle Comply with GDPR?

MailCastle has taken significant steps to ensure compliance with GDPR, which came into force on May 25, 2018. These measures are designed to protect your rights as a user and give you greater control over your personal data. Here’s how we comply:

Right to Access and Update: You can update your personal information at any time through your account settings. If you need assistance, you can contact us directly to correct or update your details.
Right to Erasure (Right to be Forgotten): You can close your MailCastle account and cancel your subscription at any time. If you request that we delete all your data, we will do so within 30 days.
Right to Data Portability: Upon request, we will export your data so that it can be transferred to another service provider or competitor.
Right to Object: You can opt out of specific uses of your data, such as receiving newsletters or automated emails, at any time.
Transparency and Access: We are committed to being transparent about the data we collect and how we use it. Please review our privacy policy to learn more. You can also contact us at any time to view and modify your personal data.

What is Personally Identifiable Information (PII)?

Under GDPR, Personally Identifiable Information (PII) is defined as any data that can be used to identify an individual or make them identifiable. This includes basic information like names, addresses, and phone numbers, as well as identification numbers. PII also encompasses data that may uniquely identify someone, such as physical characteristics or likenesses. If PII is collected in a way that it remains anonymous and cannot be traced back to an individual, GDPR may not apply. However, if multiple pieces of information can be combined to identify an individual, GDPR would be applicable.

How to Determine If GDPR Applies to You

Determining if GDPR applies to your activities is straightforward. GDPR applies if:

You collect online data that can directly or indirectly identify individuals.
The data subjects are citizens of the European Economic Area (EEA).
Your data processing methods allow you to contact individuals based solely on the data you collect.
Your activities align with the legal interests recognized by the EU in relation to the processing of PII.

Examples of GDPR Applicability

GDPR Applies If:

You have obtained consent from the data subject (though this is rare in web-based data projects).
The data processing is required for contract execution, legal compliance, public interest, national interest, or a legitimate reason recognized by the data processor.

GDPR Does Not Apply If:

The data you collect does not directly identify a living individual. For instance, information about product prices, store locations, or company details.
User reviews are collected, but the usernames used cannot identify a real person.
Data is collected regarding business and organizational contact details.

Data Processors and Controllers

In the context of your web data collection projects, you act as both the Data Controller and Data Processor. As a Data Processor, you store and process the data collected using MailCastle’s services. Simultaneously, as the Data Controller, you instruct MailCastle to collect data on your behalf. MailCastle solely acts as a Data Processor, collecting data only as directed by our clients.

For any questions regarding this GDPR notice, please don’t hesitate to contact us. We are here to assist you.