Jonas from MailerLite

Jonas5 min read New Features & Updates May 24, 2018

New MailerLite GDPR Features (Part 3 of 3): Data Processing Agreement and Privacy Policy Update

New MailerLite GDPR Features (Part 3 of 3): Data Processing Agreement and Privacy Policy Update

The GDPR deadline is tomorrow. You might be prepared, but what about your outside partners and vendors?

Under GDPR, any third party that processes your users’ data is legally obligated to be in compliance. If you use a company that is not compliant, you can be held liable and suffer the consequences including paying fines.

As you know, MailerLite has been on top of GDPR compliance. We want to ease your mind and give you the confidence that your email marketing practices comply with GDPR.

To that end, we are happy to present our Data Processing Agreement, which establishes our GDPR compliance so you can rest assured.

In this article, we will share some of the key aspects of our data processing agreement and provide a written statement that you can cut & paste into your own privacy policy.


Why you need a data processing agreement

GDPR is all about protecting your users’ data. If you use other companies to help you process user data in any way, you are required to enter into a written agreement with each data processor.

In GDPR language, you are considered the ‘controller’. Your responsibility is to protect your users’ data by vetting your data processors. You need to establish that they are GDPR compliant.

A written agreement is important to ensure that both you and your data processing partner understand the obligations and liabilities that come with GDPR compliance.

But more importantly, legally-binding contracts with your vendors will instill confidence in your subscribers that you have their interests in mind.


MailerLite’s Data Processing Agreement

We created our Data Processing Agreement to cover the GDPR requirements as they relate to email marketing. Our goal is always complete transparency and our agreement mirrors this approach with clear details about:

  • What data we collect.
  • Why we collect it.
  • How we use it.

In compliance with GDPR, the agreement also covers our security measures, confidentiality policies, and our acknowledgment and approach to working with other vendors (also called sub-processors.)

MailerLite’s Data Processing Agreement
Complete and download PDF here

After the agreement has been signed, it is important that you update your privacy policy to include how and why MailerLite processes your users’ data.


How to update your privacy policy for GDPR

According to privacy laws, you have to clearly describe how you plan to use your subscribers’ data, including for your use of third parties like MailerLite.

You have to state each data processor separately and clearly explain how and why they are using the data. To make your life easier, we wrote a statement about MailerLite that you can simply add to your privacy policy.

We use MailerLite to manage our email marketing subscriber list and to send emails to our subscribers. MailerLite is a third-party provider, which may process your data using industry standard technologies to help us monitor and improve our newsletter.

MailerLite’s privacy policy is available at https://www.mailerlite.com/privacy-policy.

You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of each newsletter.

What if you don’t have a privacy policy?

Under GDPR, people have a right to know how their private data is handled. If you don’t have a privacy policy, you should seriously consider adding one now. It’s one of the most inconspicuous legal requirements, but it’s still necessary.

Tips for writing a privacy policy

We’ve included some of the basics to help you get started. In general, most privacy policy laws require you to inform users of:

  • Your name (or business name), location, and contact information;
  • What information you’re collecting from them (including names, email addresses, IP addresses, and any other information);
  • How you’re collecting their information, and what you’re going to use it for;
  • How you’re keeping their information safe;
  • Whether or not it’s optional for them to share that information, how they can opt-out and the consequences of doing so;
  • Any third-party services you’re using to collect, process, or store that information (such as an email newsletter service, or advertising network).

In preparation for GDPR, we updated our Privacy Policy to inform all of our customers of the recent changes.


What Mailerlite is doing to stay ahead of GDPR

Over the past few weeks, we've shared our progress in updating MailerLite to help our users achieve GDPR compliance. If you missed our previous articles, we have listed them below for your convenience.

New MailerLite GDPR Features

Covers our new solutions that address right to be forgotten, proof of subscriber consent, and identifying EU users.

New MailerLite GDPR Features - Opt-in Forms

Covers our new opt-in form features that now include GDPR templates, checkboxes, and new design options.

GDPR and How Compliance Can Improve Your Email Marketing

Gives an overview of GDPR and highlights our revalidation template.

GDPR is here. While we are ready, we know there will still be questions and concerns relating to Email Marketing. We will continue to stay on top of GDPR and share our insights and recommendations in the coming weeks and months.

If you have unanswered questions about email marketing and GDPR, we encourage you to comment below.