GDPR Compliance

Last updated: May 15, 2025

General Data Protection Regulation (GDPR) Compliance

At Outboundly.EU, we are committed to ensuring the privacy and protection of your personal data in compliance with the General Data Protection Regulation (GDPR) of the European Union (EU). This page explains how we comply with GDPR requirements and outlines your rights as a data subject.

1. Data Controller

For the purposes of the GDPR, Outboundly.EU is the Data Controller for the personal data we collect through our email delivery management platform. This means we determine the purposes and means of processing your personal data.

2. Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

  • Consent: You have given explicit consent for us to process your personal data for specific purposes.
  • Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests, fundamental rights, or freedoms that require protection of personal data.

3. Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right to Access: You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Right to Rectification: You have the right to request that we correct any incomplete or inaccurate personal data we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
  • Right to Data Portability: You have the right to request that we transfer your personal data to you or to a third party in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes or when processing is based on our legitimate interests.
  • Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us. We will respond to your request within one month.

4. Data Processing Activities

We process personal data for the following purposes:

  • Account creation and management
  • Providing email delivery services
  • Billing and payment processing
  • Customer support
  • Sending service updates and notifications
  • Improving our services
  • Compliance with legal obligations

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means.

6. International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your personal data. These safeguards may include:

  • Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission
  • Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
  • Implementing standard contractual clauses (SCCs) approved by the European Commission

7. Data Security

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular testing and evaluation of the effectiveness of our security measures
  • Procedures for restoring access to personal data in the event of a physical or technical incident
  • Staff training on data protection and security

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

9. Data Protection Impact Assessments

Where processing operations are likely to result in a high risk to your rights and freedoms, we conduct data protection impact assessments (DPIAs) to identify and minimize data protection risks.

10. Data Protection Officer

If you have any questions or concerns about our GDPR compliance or how we handle your personal data, please contact our Data Protection Officer at dpo@example.com or through our contact form.

11. Complaints

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.