Legal Notices | Privacy Policy | Terms and Conditions Incl. No Spam Policy | CCPA | GDPR

The General Data Protection Regulation (GDPR)

We have prepared our business and services to be in compliance with the GDPR, which became enforceable on May 25, 2018.

Please note that the information we provide here should not be relied upon as legal advice. We also do not intend to provide a thorough analysis of the GDPR. Such analyses are plentiful and available elsewhere on the Internet.

We suggest that you review the GDPR in its entirety to fully understand its requirements if and as they apply to you.

Background

To begin, the territorial scope of the GDPR is broad, including not only controllers and processors in the EU, but also controllers and processors not in the EU who process personal data of EU data subjects. See GDPR, Art. 3: Territorial scope.

In most cases, BIGLIST is a processor, processing data on behalf of clients, who are the controllers. Subscribers to our clients' lists are data subjects. See GDPR, Art. 4: Definitions.

Consent

From Art. 7 GDPR: "Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data."

BIGLIST sign up forms are available to enable clients to obtain consent. See GDPR, Art. 6: Lawfulness of processing.

For each email address (and associated information, if any) otherwise entered into the system via either batch file upload or API submission, consent data (e.g., email address, IP address, timestamp, and/or user agent) may be stored by each client in its BIGLIST account. Such information is not directly acquired by BIGLIST, but can be stored in the custom data fields for convenience.

Withdrawing consent

Subscribers can unsubscribe or change their preferences at any time. The trailer on each list message includes an unsubscribe link whose landing page includes a preference settings link. The html trailer on each list message includes an unsubscribe link and a preference settings link.

Consent data

BIGLIST records the email address, IP address, timestamp, and user agent associated with every instance in which a BIGLIST sign up form is completed and submitted. This information is available to each client to assist the client in proving consent.

Subscriber Rights

See GDPR, Ch. 3: Rights of the data subject.

• Right of access
  Any of your subscribers may contact BIGLIST to request access to information BIGLIST holds about them. See GDPR, Art. 15.
• Right to rectification
  Any client may access and update its BIGLIST email lists to correct or supplement subscriber information at any time. See GDPR, Art. 16.
• Right to be forgotten
  Any client may delete individual subscribers at any time. In addition, subscribers may contact BIGLIST to request deletion of their data on any or all client email lists hosted by BIGLIST. See GDPR, Art. 17.
• Right to data portability
  Any client may export any of its lists at any time. See GDPR, Art. 20.

Conclusion

Again, this is not intended to be an exhaustive analysis, but rather an explanation of the BIGLIST features that will assist our clients in meeting the requirements of the GDPR. We recommend that our clients review the GDPR as part of their own due diligence.

If you have any questions, please contact info@biglist.com.