Log In Get Started

GDPR Compliance

Our commitment to European data protection standards

Our Commitment to GDPR

ADSMedia is fully committed to compliance with the General Data Protection Regulation (GDPR). As a company based in Latvia, a member of the European Union, we are subject to and embrace the strict data protection requirements established by GDPR.

This page explains how we ensure GDPR compliance and how we help our customers meet their own obligations.

Our Role Under GDPR

As a Data Controller

ADSMedia acts as a Data Controller for:

  • Account information of our customers
  • Website visitor data
  • Marketing communications to our customers
  • Employee and contractor data

As a Data Processor

ADSMedia acts as a Data Processor when handling:

  • Email recipient data provided by our customers
  • Email content processed through our platform
  • Tracking data (opens, clicks) collected on behalf of customers

📋 Data Processing Agreement

We provide a Data Processing Agreement (DPA) to all customers. Our DPA includes Standard Contractual Clauses (SCCs) for any data transfers outside the EEA. For a signed copy, contact [email protected].

Your Rights Under GDPR

As a data subject, you have the following rights. For details on how to exercise these rights, see our Data Subject Request Procedure.

📄 Right to Access

Request a copy of all personal data we hold about you.

✏️ Right to Rectification

Request correction of inaccurate or incomplete data.

🗑️ Right to Erasure

Request deletion of your personal data ("right to be forgotten").

⏸️ Right to Restriction

Request limitation of processing in certain circumstances.

📦 Right to Portability

Receive your data in a structured, machine-readable format.

🚫 Right to Object

Object to processing based on legitimate interests.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Technical and Organizational Measures

We implement appropriate security measures to protect personal data:

Data Security

  • Encryption in Transit: TLS 1.2+ for all data transmissions
  • Encryption at Rest: Encrypted storage for sensitive data
  • Access Controls: Role-based access with authentication
  • Container Isolation: Isolated containers separate customer environments
  • Regular Audits: Security assessments and penetration testing

Data Minimization

  • We only collect data necessary for service provision
  • Email content is processed but not permanently stored
  • Logs are retained for limited periods only

Data Location

  • Primary infrastructure located in France (EU)
  • All customer data processed within the European Economic Area
  • CDN with EU-specific configuration for landing pages

For Our Customers

When you use ADSMedia as an email service provider, you remain the Data Controller for your recipients' data. We help you meet your GDPR obligations by providing:

Compliance Features

  • One-Click Unsubscribe: RFC 8058 compliant List-Unsubscribe-Post headers
  • Automatic Suppression: Instant processing of unsubscribe requests
  • FBL Integration: Feedback loop processing for complaint handling
  • Data Export: Export your recipient data at any time
  • Data Deletion: Delete recipient data upon request

Your Responsibilities

As a customer using our Service, you are responsible for:

  • Obtaining valid consent from your email recipients
  • Maintaining records of consent
  • Providing privacy notices to your recipients
  • Responding to data subject requests from your recipients
  • Ensuring lawful basis for your email marketing

Data Retention

We retain personal data only for as long as necessary. Our detailed retention schedule, including specific retention periods for each data type, is available in our Data Retention Policy.

Key retention periods:

  • SMTP Logs: 24 hours
  • Campaign Data: 90 days
  • Email Content: 30 days
  • Bounce Lists: 24 months (hashed)

Sub-Processors

We use a limited number of sub-processors to provide our services:

  • OVH SAS (France) - Infrastructure hosting
  • Cloudflare, Inc. (EU data processing) - CDN and DDoS protection

We will notify customers of any changes to our sub-processors with at least 30 days notice.

International Transfers

Your data is primarily processed within the EU. When data must be transferred outside the EEA, we rely on:

  • EU Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Supplementary measures where required

Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we follow our Breach Notification Policy:

  • We will notify affected customers within 72 hours of becoming aware
  • We will provide details of the breach and steps taken
  • We will assist you in meeting your notification obligations

Contact Our Privacy Team

For any GDPR-related questions or requests:

ADSMedia SIA
Privacy Team
Riga, Latvia
Email: [email protected]

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

Data State Inspectorate of Latvia
Elijas iela 17, Riga, LV-1050, Latvia
Website: www.dvi.gov.lv

📎 Related Documents

Terms of Service · Privacy Policy · Acceptable Use Policy · Data Processing Agreement · Data Retention Policy · Breach Notification