GDPR Compliance

Our Commitment to GDPR

ADSMedia is fully committed to compliance with the General Data Protection Regulation (GDPR). As a company based in Latvia, a member of the European Union, we are subject to and embrace the strict data protection requirements established by GDPR.

This page explains how we ensure GDPR compliance and how we help our customers meet their own obligations.

Our Role Under GDPR

As a Data Controller

ADSMedia acts as a Data Controller for:

Account information of our customers
Website visitor data
Marketing communications to our customers
Employee and contractor data

As a Data Processor

ADSMedia acts as a Data Processor when handling:

Email recipient data provided by our customers
Email content processed through our platform
Tracking data (opens, clicks) collected on behalf of customers

📋 Data Processing Agreement

We provide a Data Processing Agreement (DPA) to all customers. Our DPA includes Standard Contractual Clauses (SCCs) for any data transfers outside the EEA. For a signed copy, contact [email protected].

Your Rights Under GDPR

As a data subject, you have the following rights. For details on how to exercise these rights, see our Data Subject Request Procedure.

📄 Right to Access

Request a copy of all personal data we hold about you.

✏️ Right to Rectification

Request correction of inaccurate or incomplete data.

🗑️ Right to Erasure

Request deletion of your personal data ("right to be forgotten").

⏸️ Right to Restriction

Request limitation of processing in certain circumstances.

📦 Right to Portability

Receive your data in a structured, machine-readable format.

🚫 Right to Object

Object to processing based on legitimate interests.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

Technical and Organizational Measures

We implement appropriate security measures to protect personal data:

Data Security

Encryption in Transit: TLS 1.2+ for all data transmissions
Encryption at Rest: Encrypted storage for sensitive data
Access Controls: Role-based access with authentication
Container Isolation: Isolated containers separate customer environments
Regular Audits: Security assessments and penetration testing

Data Minimization

We only collect data necessary for service provision
Email content is processed but not permanently stored
Logs are retained for limited periods only

Data Location

Primary infrastructure located in France (EU)
All customer data processed within the European Economic Area
CDN with EU-specific configuration for landing pages

For Our Customers

When you use ADSMedia as an email service provider, you remain the Data Controller for your recipients' data. We help you meet your GDPR obligations by providing:

Compliance Features

One-Click Unsubscribe: RFC 8058 compliant List-Unsubscribe-Post headers
Automatic Suppression: Instant processing of unsubscribe requests
FBL Integration: Feedback loop processing for complaint handling
Data Export: Export your recipient data at any time
Data Deletion: Delete recipient data upon request

Your Responsibilities

As a customer using our Service, you are responsible for:

Obtaining valid consent from your email recipients
Maintaining records of consent
Providing privacy notices to your recipients
Responding to data subject requests from your recipients
Ensuring lawful basis for your email marketing

Data Retention

We retain personal data only for as long as necessary. Our detailed retention schedule, including specific retention periods for each data type, is available in our Data Retention Policy.

Key retention periods:

SMTP Logs: 24 hours
Campaign Data: 90 days
Email Content: 30 days
Bounce Lists: 24 months (hashed)

Sub-Processors

We use a limited number of sub-processors to provide our services:

OVH SAS (France) - Infrastructure hosting
Cloudflare, Inc. (EU data processing) - CDN and DDoS protection

We will notify customers of any changes to our sub-processors with at least 30 days notice.

International Transfers

Your data is primarily processed within the EU. When data must be transferred outside the EEA, we rely on:

EU Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Supplementary measures where required

Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we follow our Breach Notification Policy:

We will notify affected customers within 72 hours of becoming aware
We will provide details of the breach and steps taken
We will assist you in meeting your notification obligations

Contact Our Privacy Team

For any GDPR-related questions or requests:

ADSMedia SIA
Privacy Team
Riga, Latvia
Email: [email protected]

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

Data State Inspectorate of Latvia
Elijas iela 17, Riga, LV-1050, Latvia
Website: www.dvi.gov.lv

📎 Related Documents

Terms of Service · Privacy Policy · Acceptable Use Policy · Data Processing Agreement · Data Retention Policy · Breach Notification