GDPR Compliance – propersend.com

Propersend and GDPR Compliance

Effective Date: May 7, 2025

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs the processing of personal data of individuals in the European Union (EU) and European Economic Area (EEA). If you send emails to or collect data from individuals in the EU/EEA, GDPR applies to your activities, regardless of your location.

Propersend, operated by Depends iT Ltd., is committed to GDPR compliance and to helping our users meet their own obligations under GDPR when using our email marketing marketplace.

Propersend's Role: Data Processor

When you use Propersend to manage your contact lists and send email campaigns, you are the Data Controller, and Propersend acts as your Data Processor.

You (the Data Controller): Determine the purposes and means of processing personal data (i.e., why and how you collect and use your subscribers’ data). You are responsible for obtaining valid consent from your subscribers, managing their preferences, and handling their data subject rights requests.
Propersend (the Data Processor): Processes personal data only on your documented instructions as the Data Controller. We provide the platform and tools that enable you to manage your email marketing activities.

We offer a Data Processing Agreement (DPA) that outlines our obligations as your Data Processor in accordance with Article 28 of the GDPR. We encourage all users who process personal data of EU/EEA individuals to review and accept our DPA.

Our Commitment to GDPR Principles

Propersend’s platform and internal processes are designed with GDPR principles in mind:

Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and transparently. Our Privacy Policy clearly explains what data we collect about our users and how we use it.
Purpose Limitation: We process your data only for the purposes of providing and improving the Propersend service.
Data Minimization: We aim to collect only the personal data that is necessary for the functioning of the Service.
Accuracy: We rely on you to provide accurate information for your account and your contact lists.
Storage Limitation: We retain personal data only for as long as necessary to provide the Service and comply with legal obligations.
Integrity and Confidentiality: We implement technical and organizational measures to ensure the security and confidentiality of the data processed on our platform.

Accountability: We are committed to demonstrating our compliance with GDPR.

How Propersend Helps You with GDPR Compliance

Propersend provides features and capabilities to assist you, as the Data Controller, in meeting your GDPR obligations:

Consent Management: While you are responsible for obtaining consent, our platform supports features like opt-in forms and managing subscriber status to help you record and respect consent. Double opt-in options are available and recommended.
Unsubscribe Mechanism: Our platform automatically includes an easy-to-use unsubscribe link in marketing emails (for plans where Propersend controls sending) and requires its inclusion for other sending methods, enabling recipients to withdraw consent.
Data Subject Rights: Propersend allows you to manage your subscriber lists, including the ability to export data (Right of Access, Right to Data Portability) and delete subscriber data (Right to Erasure) in response to requests from your data subjects.
Security Measures: We implement technical and organizational security measures to protect the data processed on our platform against unauthorized access, disclosure, alteration, or destruction.
Data Processing Agreement (DPA): We provide a DPA for you to enter into with us, clarifying our roles and responsibilities as Data Processor.

GDPR and Hosted Application Instances (Dedicated Server & Fully Self-Hosted Plans)

For users of our Dedicated Self-Hosted (Propersend Server) and Fully Self-Hosted (Your Server) plans, where you manage your own instance of the application:

You remain the Data Controller for the data within your application instance (your subscriber lists, campaign data, etc.).
You have increased control over the technical and organizational measures within your instance (especially with the Fully Self-Hosted plan).
You are solely responsible for ensuring that your specific configuration, data collection methods, consent records, and all processing activities within your hosted instance comply with all aspects of GDPR and other applicable data protection laws.

Propersend’s role as Data Processor in these scenarios primarily relates to providing and maintaining the underlying platform software and infrastructure (for Dedicated Server) or providing the software for installation (for Fully Self-Hosted).

Your Responsibility as Data Controller

Using a GDPR-compliant platform like Propersend is an important step, but it does not automatically make your entire email marketing operation GDPR compliant. You, as the Data Controller, are responsible for:

Obtaining valid, verifiable consent from your subscribers.
Maintaining accurate records of consent.
Providing clear and transparent privacy notices to your subscribers.
Handling requests from your subscribers regarding their data rights.
Ensuring that your email content and sending practices comply with GDPR and other relevant laws.
Conducting Data Protection Impact Assessments (DPIAs) if your processing activities are likely to result in a high risk to individuals’ rights and freedoms.

Contact Us Regarding GDPR

If you have questions about Propersend’s GDPR compliance, our Data Processing Agreement, or our security measures, please contact us:

By email: [email protected]
By mail: Depends iT Ltd. Shapla Chattar, 5400 Rangpur, Rangpur Division, Bangladesh