π§ Submit a Request
To exercise your data protection rights, email [email protected] with your request. We respond within 30 days.
1. Overview
This document outlines ADSMedia's procedures for handling Data Subject Requests (DSRs) under the General Data Protection Regulation (GDPR). We are committed to respecting and facilitating the exercise of data protection rights.
Our Role
ADSMedia operates as both:
- Data Controller: For our customers' account data, website visitors
- Data Processor: For email recipient data processed on behalf of our customers
The procedure for handling requests differs based on our role.
2. Data Subject Rights Under GDPR
Individuals have the following rights regarding their personal data:
π Right to Access
Obtain confirmation of processing and a copy of personal data held.
βοΈ Right to Rectification
Request correction of inaccurate or incomplete data.
ποΈ Right to Erasure
Request deletion of personal data ("right to be forgotten").
βΈοΈ Right to Restriction
Request limitation of processing in certain circumstances.
π¦ Right to Portability
Receive data in a structured, machine-readable format.
π« Right to Object
Object to processing based on legitimate interests or for direct marketing.
3. Request Handling Timeline
| Phase | Timeline | Actions |
|---|---|---|
| Receipt | Day 0 | Acknowledge request receipt |
| Verification | 1-3 days | Verify identity of requester |
| Assessment | 3-7 days | Determine scope, our role, any exemptions |
| Processing | 7-25 days | Gather data, perform requested action |
| Response | Within 30 days | Provide response to data subject |
| Extension | +60 days max | If complex, notify within 30 days |
4. Requests to ADSMedia as Data Controller
When we are the Data Controller (for customer accounts, website visitors), we handle DSRs directly.
4.1 How to Submit a Request
Submit your request via:
- Email: [email protected]
- Subject line: "Data Subject Request - [Type of Request]"
4.2 Required Information
To process your request, please provide:
- Your full name
- Email address associated with your data
- The specific right you wish to exercise
- Any details to help locate your data
- Proof of identity (may be requested)
4.3 Identity Verification
To protect personal data, we verify the identity of requesters:
- Requests must come from the registered email address
- Additional verification may be required for sensitive requests
- We may ask for government-issued ID for erasure requests
4.4 Response Format
- Access requests: Data provided in JSON or CSV format
- Rectification: Confirmation of changes made
- Erasure: Confirmation of deletion
- Other: Written response explaining action taken
5. Requests Regarding Email Recipient Data
For email recipient data (people who receive emails through our platform), our customers are the Data Controllers. We are the Data Processor.
π Important: Who to Contact
If you received marketing emails and want to exercise your rights, please contact the company that sent you the email (the Data Controller), not ADSMedia. You can find their contact details in the email footer.
5.1 Requests Received Directly
If we receive a DSR from an email recipient:
- We acknowledge receipt within 3 business days
- We inform the requester to contact the Data Controller
- We notify the relevant customer (Data Controller) of the request
- We assist the customer in responding if needed
5.2 Requests Forwarded by Customers
When our customers (Data Controllers) forward DSRs to us:
- We process the request according to customer instructions
- We provide requested data exports within 5 business days
- We perform deletions within 5 business days
- We confirm completion to the customer
5.3 Tools for Customers
We provide customers with tools to handle DSRs:
- Data Export: Export recipient data via dashboard or API
- Data Deletion: Remove specific recipients or all data
- Suppression Lists: Ensure deleted emails are not re-added
- Audit Logs: Document actions taken for compliance
6. Handling Specific Rights
6.1 Right to Access
We provide:
- Confirmation of whether we process personal data
- Copy of all personal data held
- Information about processing purposes, categories, recipients
- Source of data if not collected directly
- Retention periods
Format: JSON or CSV file, delivered securely
6.2 Right to Rectification
We correct inaccurate data upon verified request:
- Update records within 5 business days
- Notify third parties who received the data (where feasible)
- Confirm changes to the data subject
6.3 Right to Erasure
We delete personal data when:
- Data is no longer necessary for original purpose
- Consent is withdrawn (and no other legal basis exists)
- Data subject objects and no overriding grounds exist
- Data was processed unlawfully
Exceptions: We may retain data for legal obligations, legal claims, or public interest.
Note: Hashed records in suppression lists are retained to prevent future unwanted emails.
6.4 Right to Restriction
We restrict processing when:
- Accuracy is contested (during verification)
- Processing is unlawful but erasure is not requested
- We no longer need the data but subject needs it for legal claims
- Subject has objected (pending verification of grounds)
Restricted data is stored but not processed except with consent.
6.5 Right to Data Portability
We provide data in portable format when:
- Processing is based on consent or contract
- Processing is carried out by automated means
Format: JSON, CSV, or other machine-readable format
6.6 Right to Object
Data subjects can object to:
- Direct marketing: We stop processing immediately
- Legitimate interests: We stop unless compelling grounds exist
7. Exemptions and Limitations
We may refuse or limit requests in certain circumstances:
- Identity not verified: Cannot confirm requester's identity
- Manifestly unfounded: Request is clearly without merit
- Excessive: Repetitive requests (may charge reasonable fee)
- Legal obligations: Data must be retained by law
- Legal claims: Data needed for establishing/defending claims
- Third-party rights: Disclosure would affect others' rights
We always explain the reason if a request is refused.
8. Record Keeping
We maintain records of all DSRs including:
- Date of request and response
- Type of request and action taken
- Identity verification steps
- Any exemptions applied
- Communications with data subject
Records are retained for 3 years for accountability purposes.
9. Complaints
If you are not satisfied with our response:
- Contact us at [email protected] to discuss
- Lodge a complaint with the supervisory authority
Supervisory Authority:
Data State Inspectorate of Latvia
Elijas iela 17, Riga, LV-1050, Latvia
Website: www.dvi.gov.lv
10. Contact
For data subject requests or questions about this procedure:
Privacy Team
ADSMedia SIA
Riga, Latvia
Email: [email protected]
π Related Documents
Privacy Policy Β· GDPR Compliance Β· Data Processing Agreement Β· Data Retention Policy Β· Breach Notification