GDPR & European privacy

This page summarizes how Artmail approaches the EU General Data Protection Regulation ("GDPR") and related UK GDPR obligations. It is for information only and does not replace legal advice or our Privacy Policy or Data Processing Agreement.

1. Roles

When you use Artmail to send email to your contacts, you are typically the controller of your subscribers' personal data. Artmail is a processor that processes that data on your instructions to provide the Services. When we process account data about you as an individual user, we may act as controller for those specific processing activities as described in our Privacy Policy.

2. Lawful bases

You must ensure you have a lawful basis to collect and use subscriber data (e.g., consent, contract, legitimate interests). Artmail processes service data under contract with you and, where applicable, legitimate interests for security and service improvement.

3. Data subject rights

Data subjects may have rights to access, rectify, erase, restrict, port, or object to processing. Where we process data on your behalf, we will assist you in responding to such requests as described in our DPA. End users should contact the organization that collected their data (you) in the first instance.

4. Transfers

We use appropriate safeguards for international transfers as described in our DPA and Privacy Policy.

5. Shopify merchants

If you connect Shopify, we support mandatory GDPR-related webhooks and processing flows as described in our integration documentation (e.g., customer data requests and redaction where applicable).

6. Records and accountability

We maintain records of processing activities where required and implement security measures appropriate to risk. See also our Trust Center.

7. Supervisory authority

You may lodge a complaint with your local supervisory authority if you believe processing infringes GDPR.

8. Contact

Questions: Contact us.