The General Data Protection Regulation (GDPR)

PushSend is committed to fully complying with the GDPR and to help our customers maintain compliance.
What is the GDPR?

The GDPR (General Data Protection Regulation), which took effect on May 25, 2018, is a regulation designed to increase protections around the processing of personal data of individuals in the European Union.

Who does the GDPR apply to?

It applies to organizations involved in the processing of personal data of individuals located in the EU, regardless of whether the organization has a presence in the European Union or whether the processing is conducted within the European Union.

What qualifies as personal data?

According to the GDPR personal data means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

So, personal information includes data such as names, emails, addresses, and phone numbers.

Who are the key stakeholders?
A. Data Subject
A person residing in the EU who is the subject of the data. (that’s your subscriber/recipient).
B. Data controller
The organization that determines the purpose and means of processing the data (that’s you).
C. Data Processor
The organization that processes data on behalf of and on the instructions of the controller (that’s us).
What are my rights under GDPR?

The GDPR gives EU citizens several new rights regarding their personal data and privacy. These include:

A. Right to access
Data controllers are required to provide data subjects a copy of their processed personal data upon request.
B. Right to rectification
The data subject has the right to have inaccurate data personal data corrected or completed if incomplete.
C. Right to erasure (right to be forgotten)
Data subjects have the right to request that their personal data be deleted.
D. Right to restriction of processing
The data subject has the right to restrict the processing their data. But, the data controller can continue to store it.
E. Right to data portability
The data subject has the right to have their personal data transferred to another data controller.
F. Right to object
The data subject has the right to object to the processing of their personal data in certain circumstances.
What data does PushSend collect?

We need to collect a variety of data so that you can use the PushSend platform.

Information such as your full name and email address are necessary to sign up and create and account with PushSend. Company name and address is also needed so you can include a valid, physical postal address on all your emails, as required by anti-spam regulations.

We also ask your consent on a variety of additional information including IP address; approximate geographical location; time zone setting; in-app usage around features; page use, design, and content; login information; browser type and version; device information; operating system and version; cookie data; and payment transactions.

We encrypt your data to make sure your information is safe. In addition, we ensure the processing of your data meets the standards laid out in Article 5 of the GDPR.

For the full details please view our Privacy Policy.

How does PushSend use your data?

PushSend uses your personal information to ensure the best experience possible on our website and platform. Your data helps us:

A. Run our business (and help you run yours)
From log in to authentication and account management to payment processing you provide us with essential information to help us operate the platform and innovate new products and features.
B. Deliver an engaging site experience
We collect anonymous information that we analyze to understand site behavior. Your visits and clicks help us learn what we're doing well and also where we can improve your PushSend experience.
C. Support and communicate with customers
We want you to be able to easily contact our Support team through our support channels.
D. Keep you in the know
We want to connect you to marketing materials like emails and messages so you know about our latest features, products, services, and content.
Is PushSend GDPR compliant?

Yes, we are compliant with GDPR.
We have looked at what personal data we process and confirmed our lawful basis for processing that data. We have updated our Privacy Policy and Terms of Use to include an explicit declaration of our data protection policy and a description of the broader data protection rights provided by the GDPR. We have appointed a Data Protection Officer to independently oversee our GDPR program and to represent the interests of EU individuals whose personal data we handle. In addition, we provide a clear and easy way for you to opt out of receiving any marketing emails from us.

How can PushSend help me be compliant?

PushSend provides a variety of features and tools to help you remain compliant with GDPR.
This includes:

A. Double Opt-In
In the List Manager you can mark any list as a Double Opt-In list. This means that any contacts added to this list will automatically receive an email with a verification link.

They must click this link to re-confirm that they have given consent to receive email communications from you.
B. Unsubscribe Links
We require every email you send to have an Unsubscribe link, which should allow the recipient to opt-out from the list. The Unsubscribe link is part of the Footer block in our Email Template Editor.
C. Update Profile Links
We include an update Profile link as part of every email sent. This link will direct your users to their Contact Details to allow them to update the information.
D. Contact Details
In our List Manager we enable you to collect and store a variety of information for each contact. The information can be updated to comply with a user’s right to rectification. The information can also be exported to PDF and emailed to a user to comply with the right of access. In addition, in the Compliance section of the Contact Details we record when and how a contact opted-in along with their IP address so you have proof of consent.
E. Delete from Database
You can easily delete a contact from a list in the List Manager or delete that contact (and their personal data) from the platform. But the data will remain in the database for [x amount of time]. If you need that contact to be completely removed from the database (right to be forgotten) as well, please contact us at and we will promptly delete that contact and all personal data from the database.
F. Compliant Web Forms
We include on all forms a section for adding a message about the user accepting your Terms of Use and Privacy Policy. You can edit this section to use whatever language you require and include links to your Terms of Use and Privacy Policy. You also have the ability to add an opt-in checkbox to your form to obtain clear consent from a contact.

Also, there are a few other things you should do to ensure compliance with GDPR.

It is your responsibility to ensure that you obtain consent from your contacts to collect their personal data. So, make sure all your emails, landing pages and forms include a way for contacts to provide consent, whether it’s via double opt-in emails or providing a opt-in/out checkbox on a form.

In addition, you should review your own Privacy Policy and Terms of Service and ensure that they provide proper notice that your contacts personal data will be transferred to PushSend. For example, you may want to consider updating your Privacy Policy to include language that identifies PushSend as one of your processors.

Also, if you integrate PushSend with any external platforms, such as Salesforce, make sure to consider the ramifications of sending your contacts personal data into those systems. Find out if you need to take any additional action to ensure your compliance with the GDPR.
Disclaimer: The information we provide is for informational purposes only and should not be taken as legal advice. We strongly advise that in order to assure complete compliance to GDPR that you seek out professional legal advice or refer to the appropriate data supervisory authority for more details on how to comply.

By using the website, you agree to our use of cookies to analyze website traffic and improve your experience on our website.

Learn More.