GDPR Statement

What is GDPR?

The General Data Protection Regulations (GDPR) are a new set of EU regulations that come into force on the 25th of May 2018.

GDPR replaces the EU Data Protection Directive 95/46/EC and serves 3 core purposes:

  1. To standardize data privacy laws across EU member states
  2. To give EU citizens greater protection and rights to control their personal data
  3. To clarify and strengthen the obligations on any company who process the personal data of EU citizens

Where is AuthSMTP registered for GDPR compliance?

The name 'AuthSMTP' is a trading name of GetOnline Ltd which is a Limited UK registered company (registration number: 03151203).

The 'AuthSMTP' service operates from UK based networks but is freely and equally available to users outside of the UK (including other EU countries) where technically possible.

In order to fulfil our obligations and comply with the applicable data protection laws (1998 Data Protection Act, GDPR etc), GetOnline Ltd is registered with the UK Information Commissioners Office for Data Protection under reference Z200704X.

Is AuthSMTP prepared for the new GDPR regulations?

Yes - at AuthSMTP we are fully aware of the importance of protecting our users personal data and we endeavour to always minimize and protect any personal data that we hold.

We never share personal data with other companies for any purpose other than to provide the service itself.

Our service, websites and policies have been reviewed and updated to ensure our customers rights under GDPR are fully respected and protected.

What is the role of AuthSMTP under GDPR?

As an email provider we operate both as a controller of the customer data that we hold and in some cases as a processor of data that is transferred to our network by our customers.

Our Terms of Service and the supplementary policies detail our obligations and your rights as a customer with regard to personal data that we hold about you.

If you are using our service to process the personal data of third party data subjects such as your customers, you will need to review and agree to our Data Processing Addendum.

Where can I find the AuthSMTP privacy policies?

Our privacy policies for both anonymous network users (website visitors) and registered subscribers have been updated accordingly:

What are my rights under GDPR?

The right to be informed

Individuals have the right to be informed about the collection and use of their personal data.

Our Service Privacy Policy and Data Retention Policy detail what personal data we collect, how we process it and how long we will keep it for.


The right of access

You have the right to request a copy of all of the personal data that we hold for you, please see our Data Subject Access Request Procedure


The right to rectification

You have a right to have inaccurate personal data rectified, or completed if it is incomplete.

If you notice any discrepancies in the personal data that we hold you can contact us via our customer control panel to request a resolution.


The right to erasure

You have the right to request that we delete any personal data that we hold about you, please see our Data Subject Deletion Request Procedure


The right to restrict processing

You have the right to request the restriction or suppression of their personal data.

The personal data that we hold is kept to the absolute minimum required for us to provide the service which is offered, similarly we do not do any unncessary processing of personal data other than to enable to provide the service.


The right to data portability

You have the right to receive a copy of your data in a portable format so that you can re-use it with another provider. For more information about exporting all of your data and how it will be presented to you please see our Data Subject Access Request Procedure.


The right to object

You have the right to object to the processing of your personal data in certain circumstances. We only process personal data with the explicit consent of our users in order for us to provide the service.


Rights in relation to automated decision making and profiling

We do not make any automated decisions or carry out any profiling of your personal data that will have any significant or legal implications for you unless it is in the interests of preventing fraudulent or abusive use of the service which may contravene our terms of service or our obligations under UK or EU law.

Legal basis and consent for processing data

The primary legal basis underwhich we process personal information is 'contractual', we only process personal information in order to provide the service and fulfil the service contract agreed with the customer.

We minimize the types and amount of personal data that we collect, process and store whenever possible.

There are a number of secondary cases where we process personal information on a different legal basis, this is documented in our Terms of Service.

Data Security & Breaches

We follow all industry standard practices in order to secure our network and our customers personal data, including but not limited to:

  • All network points are hosted in state-of-the-art, PCI compliant data centres
  • Multiple geographic diverse data centre locations for optimal redundancy and availability
  • Layered network firewalls and intrusion detection systems
  • The use of current and up-to-date hardware, software and operating systems
  • Industry standard practices for monitoring for and defending against potential system weaknesses and exploits
  • Making available and encouraging use of encryption protocols when making connections to our network
  • Physical and application layer access restrictions
  • Data encryption

We also have documented proceedures in place to investigate and where applicable, report data breaches to the appropriate authority.

If you have a concern that our network has been breached or suspect that the security of personal data has been compromised please raise a support ticket via the control panel or email [email protected] directly and we will investigate without delay.

Data Sharing & Transfers

We never share personal data with other companies for any purpose other than to provide the service itself.

For further information please review our privacy policies:

Data Protection Officers

The size of our company and the types / volumes of personal data that we process mean that it is not mandatory for us to employ a dedicated or third party data protection officer but a number of key staff have had their roles expanded and are now responsible for the protection of all personal data and compliance with all applicable data protection laws.

Questions About Data Protection

If you have any questions about our policies or our compliance with data protection laws please raise a support ticket via the control panel or email [email protected] directly.