GDPR Compliance

1. Our Commitment to GDPR

Mailblew is committed to complying with the General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently. This page outlines how we comply with GDPR requirements and how we help our customers maintain their own compliance.

2. Roles and Responsibilities

2.1 Mailblew as Data Processor

When you use Mailblew to send emails to your contacts, we act as a Data Processor on your behalf. You, as the customer, are the Data Controller and determine the purposes and means of processing personal data.

2.2 Mailblew as Data Controller

For data related to your Mailblew account (your registration information, billing details, etc.), we act as the Data Controller.

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract Performance: To provide and maintain the Service you have subscribed to
• Legitimate Interest: To improve our Service, prevent fraud, and ensure platform security
• Consent: When you have given explicit consent for specific processing activities
• Legal Obligation: To comply with applicable laws and regulations

4. Data Subject Rights

Under GDPR, individuals have the following rights regarding their personal data:

To exercise any of these rights, contact our Data Protection Officer at dpo@mailblew.com. We will respond to your request within 30 days.

5. Data Processing Agreement

We offer a Data Processing Agreement (DPA) to all customers who process personal data of EU residents through our platform. The DPA outlines our obligations as a Data Processor, including:

• Processing data only on your documented instructions
• Ensuring confidentiality of personnel who process data
• Implementing appropriate technical and organizational security measures
• Assisting with data subject rights requests
• Notifying you of any data breaches without undue delay
• Deleting or returning data upon termination of the agreement

To request a DPA, contact us at dpo@mailblew.com.

6. Data Retention

We retain personal data only for as long as necessary:

• Account Data: Retained for the duration of your account plus 30 days after deletion
• Email Content: Temporarily stored for delivery, deleted within 30 days
• Email Metadata: Retained for up to 12 months for analytics and compliance
• Billing Records: Retained as required by applicable tax and financial regulations

7. International Data Transfers

When personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all sub-processors
• Ensuring recipient countries provide an adequate level of data protection

8. Data Breach Notification

In the event of a personal data breach, we will:

• Notify affected customers within 72 hours of becoming aware of the breach
• Provide details of the nature of the breach and data affected
• Describe the measures taken to address the breach
• Recommend steps you can take to mitigate potential adverse effects

9. Sub-Processors

We use a limited number of sub-processors to provide our Service. We maintain a list of our sub-processors and will notify customers of any changes. All sub-processors are bound by data processing agreements that ensure GDPR compliance.

10. Data Protection Officer

For any GDPR-related inquiries or to exercise your data protection rights, contact our Data Protection Officer:

• Email: dpo@mailblew.com
• Phone: +91 8898 424444
• Address: Mumbai, India