MakeSMTP
Return Back Home

GDPR Compliance

Last Updated: May 5, 2025

Introduction

This GDPR Compliance statement explains how INSPIREMAIL LLC ("we," "us," or "our") complies with the European Union's General Data Protection Regulation (GDPR) when providing our MakeSMTP transactional email service. This statement supplements our Privacy Policy and Terms of Service.

INSPIREMAIL LLC
1151 Walker Rd Ste 100
Dover, DE 19904
United States
EIN: 352734537

1. Data Controller and Data Processor Roles

1.1 Our Role as a Data Processor

When you use MakeSMTP to send emails to your recipients, we act as a Data Processor processing personal data on your behalf. You, as our customer, are the Data Controller responsible for establishing the legal basis for processing your recipients' personal data.

1.2 Our Role as a Data Controller

We act as a Data Controller for personal data we collect about you, our customer, for account management, billing, and service improvement purposes.

2. Legal Basis for Processing

2.1 Your Responsibilities as a Data Controller

As a Data Controller, you must ensure you have a valid legal basis for processing personal data through our services, such as:

  • Explicit consent from data subjects
  • Contractual necessity
  • Legitimate interests
  • Legal obligation
  • Vital interests
  • Public interest

2.2 Our Legal Basis as a Data Controller

We process your personal data based on:

  • Contractual Necessity: To provide you with our services
  • Legitimate Interests: To improve our services and protect against fraud
  • Legal Obligation: To comply with applicable laws
  • Consent: For marketing communications (where applicable)

3. Data Processing Activities

3.1 Types of Personal Data Processed

When providing our services, we may process:

  • Email addresses
  • Names of recipients
  • IP addresses
  • Email content
  • Metadata related to email delivery
  • Analytics data (opens, clicks, etc.)

3.2 Purpose of Processing

We process personal data solely for the purpose of:

  • Providing our email delivery services
  • Improving service performance
  • Ensuring compliance with legal requirements
  • Troubleshooting technical issues
  • Preventing abuse and fraud

3.3 Duration of Processing

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required by law.

4. Data Subject Rights

We respect the rights of data subjects under the GDPR. Individuals whose personal data we process have the following rights:

4.1 Right to Be Informed

Data subjects have the right to be informed about the collection and use of their personal data.

4.2 Right of Access

Data subjects have the right to request a copy of their personal data.

4.3 Right to Rectification

Data subjects have the right to have inaccurate personal data rectified or completed if it is incomplete.

4.4 Right to Erasure (Right to Be Forgotten)

Data subjects have the right to have their personal data erased in certain circumstances.

4.5 Right to Restrict Processing

Data subjects have the right to request the restriction or suppression of their personal data.

4.6 Right to Data Portability

Data subjects have the right to obtain and reuse their personal data for their own purposes across different services.

4.7 Right to Object

Data subjects have the right to object to the processing of their personal data in certain circumstances.

4.8 Rights Related to Automated Decision Making and Profiling

Data subjects have rights related to automated decision making and profiling.

5. How to Exercise Data Subject Rights

5.1 For Your Recipients

If one of your recipients wishes to exercise their GDPR rights regarding data processed through our service:

  1. They should contact you directly as the Data Controller
  2. You should then contact us if you need our assistance in fulfilling the request
  3. We will provide reasonable assistance to help you respond to these requests

5.2 For Our Customers

If you wish to exercise your GDPR rights regarding your own data:

  1. Contact our Data Protection team at privacy@makesmtp.com
  2. Provide sufficient information to identify yourself
  3. Specify the right you wish to exercise
  4. We will respond to your request within 30 days

6. Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data in transit and at rest
  • Regular testing and evaluation of security measures
  • Access controls and authentication requirements
  • Regular security audits and vulnerability assessments
  • Staff training on data protection and security
  • Incident response procedures

7. International Data Transfers

7.1 Data Storage Locations

We primarily store and process data in the United States. However, we may transfer data to other countries to provide our services.

7.2 Safeguards for Data Transfers

For transfers of personal data from the EEA to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules (where applicable)
  • Privacy Shield certification (where applicable)
  • Additional technical and organizational measures to protect data

8. Data Breach Notification

8.1 Our Obligations as a Data Processor

If we become aware of a personal data breach affecting your recipients' data, we will:

  1. Notify you without undue delay
  2. Provide information to help you fulfill your obligation to notify supervisory authorities and data subjects
  3. Cooperate with you and take reasonable steps to mitigate any damage

8.2 Your Obligations as a Data Controller

If you become aware of a personal data breach, you should:

  1. Notify us promptly if the breach involves our services
  2. Fulfill your obligations to notify relevant supervisory authorities and affected data subjects
  3. Work with us to address and mitigate the breach

9. Data Protection Impact Assessments

For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimize data protection risks.

10. Records of Processing Activities

We maintain records of our processing activities as required by Article 30 of the GDPR, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • Information about international transfers
  • Retention schedules
  • Security measures

11. Data Protection Officer

While not legally required to appoint a Data Protection Officer under GDPR criteria, we have designated a Data Protection team to oversee our data protection strategy and implementation.

Contact our Data Protection team at privacy@makesmtp.com for any GDPR-related inquiries.

12. Compliance with Specific GDPR Requirements

12.1. Privacy by Design and Default

We implement data protection principles from the design stage of all new services and processing activities.

12.2. Processor Agreements

We offer a Data Processing Agreement (DPA) that meets GDPR requirements for our customers who require one.

12.3. Subprocessors

We maintain a list of subprocessors we use to provide our services. We ensure all subprocessors provide sufficient guarantees to implement appropriate technical and organizational measures to meet GDPR requirements.

13. Changes to This GDPR Compliance Statement

We may update this GDPR Compliance statement periodically. We will notify you of any significant changes by posting the new statement on our website or through other appropriate channels.

14. Contact Information

If you have any questions about our GDPR compliance or how we handle personal data, please contact us at:

INSPIREMAIL LLC
Attn: Data Protection
1151 Walker Rd Ste 100
Dover, DE 19904
Email: privacy@makesmtp.com