GDPR Compliance

How Coon Solutions supports your GDPR compliance requirements.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organizations collect, process, and protect personal data of individuals in the European Union. Coon Solutions is committed to helping our users comply with GDPR requirements.

Our Role Under GDPR

You as Data Controller

When you use Coon Solutions to manage subscriber lists and send email campaigns, you act as the Data Controller. This means you:

  • Determine what personal data is collected from your subscribers
  • Decide how and why that data is processed
  • Are responsible for obtaining proper consent from subscribers
  • Must respond to data subject access requests from your subscribers
  • Are accountable for compliance with data protection laws

Coon Solutions as Data Processor

We act as a Data Processor on your behalf. This means we:

  • Process subscriber data only according to your instructions
  • Implement appropriate security measures to protect data
  • Assist you in responding to data subject requests
  • Notify you of any data breaches affecting your data
  • Delete or return your data upon termination of service

GDPR-Compliant Features

Our platform includes features designed to support your GDPR compliance:

Consent Management

  • Explicit Opt-In: Our platform is designed for consent-based email marketing only
  • Consent Records: Track when and how subscribers joined your list
  • Easy Unsubscribe: One-click unsubscribe in every email
  • Instant Processing: Unsubscribe requests are honored immediately

Data Subject Rights

We help you honor data subject rights under GDPR:

  • Right of Access: Export subscriber data on request
  • Right to Rectification: Update subscriber information easily
  • Right to Erasure: Delete subscriber data completely
  • Right to Portability: Export data in standard formats (CSV)
  • Right to Object: Manage unsubscribe and suppression lists

Data Security

  • Encryption: Data encrypted in transit (TLS) and at rest
  • Access Control: Role-based access with secure authentication
  • Secure Infrastructure: Hosted on AWS with industry-leading security
  • Regular Audits: Security practices regularly reviewed and updated

Your GDPR Responsibilities

As a user of our platform and Data Controller, you are responsible for:

Lawful Basis for Processing

You must have a lawful basis for sending emails to your subscribers. For marketing emails, this typically means:

  • Consent: The subscriber has given clear, affirmative consent to receive marketing emails
  • Legitimate Interest: In limited cases, you may have a legitimate interest (e.g., existing customers), but you must conduct a legitimate interest assessment

Transparent Communication

When collecting subscriber data, you must clearly inform them:

  • Who you are (your identity and contact details)
  • What data you're collecting and why
  • How long you'll keep their data
  • Their rights under GDPR
  • How to withdraw consent or complain

Consent Requirements

Under GDPR, valid consent must be:

  • Freely given: Not a condition of service (unless essential)
  • Specific: Clear about what they're consenting to
  • Informed: They understand what they're agreeing to
  • Unambiguous: Requires a clear affirmative action (no pre-ticked boxes)
  • Easy to withdraw: As easy to withdraw as to give

International Data Transfers

Our service may process data in various locations. We ensure appropriate safeguards are in place for any international data transfers, including:

  • Standard Contractual Clauses (SCCs) where required
  • Processing within approved jurisdictions where possible
  • Compliance with applicable data transfer regulations

Data Processing Agreement

GDPR requires a Data Processing Agreement (DPA) between Data Controllers and Data Processors. Our Terms of Service include data processing provisions. If you require a separate DPA, please contact us.

Breach Notification

In the event of a personal data breach affecting your subscriber data, we will:

  • Notify you without undue delay upon becoming aware of the breach
  • Provide details about the nature of the breach
  • Describe the likely consequences
  • Outline measures taken or proposed to address the breach

You are responsible for notifying the relevant supervisory authority (within 72 hours) and affected individuals as required by GDPR.

Data Retention and Deletion

We retain your data for as long as your account is active. Upon account termination:

  • You can export all your data before closure
  • We will delete your data within 30 days of account termination
  • Certain data may be retained longer if required by law

Resources

For more information about GDPR compliance:

Contact Our Data Protection Team

For questions about GDPR compliance or to exercise your rights, contact us:

Coon Solutions
Data Protection Contact: privacy@coon-solutions.com