Last Updated: December 21, 2025
At EmailMarketingRocket.com (“Company”, “we”, “our”, “us”), we are committed to protecting personal data and respecting user privacy. This page explains how we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws while delivering our email marketing services.
What Is GDPR?
The General Data Protection Regulation (GDPR) is a European Union regulation designed to protect the personal data and privacy of individuals within the EU and EEA.
Even though EmailMarketingRocket.com operates globally, we apply GDPR-compliant practices to all clients where applicable.
Our Role Under GDPR
Depending on the service provided:
- EmailMarketingRocket.com acts as a Data Processor
- Our clients act as the Data Controllers
Clients determine how and why personal data is collected and used. We process data only according to client instructions and agreed service scope.
Data We May Process
While providing our services, we may process the following data:
- Email addresses
- Names (if included in email lists)
- Campaign performance data
- Engagement metrics (opens, clicks, behavior)
- Technical data related to email delivery
We do not own, sell, or independently use client data.
Lawful Basis for Processing
Data processing is conducted under one or more of the following lawful bases:
- Client consent obtained by the Data Controller
- Performance of a contract
- Legitimate business interests
- Legal obligations
Clients are responsible for ensuring that lawful consent has been obtained from their subscribers.
Client Responsibilities (Very Important)
Clients using our services confirm that:
- Email lists are legally collected
- Subscribers have provided explicit opt-in consent
- All emails include required unsubscribe links
- Compliance with GDPR, CAN-SPAM, CASL, and other regulations is maintained
EmailMarketingRocket.com is not responsible for illegally sourced or non-compliant email lists.
Data Security Measures
We implement reasonable technical and organizational measures, including:
- Secure access controls
- Restricted internal data access
- Encrypted platforms where applicable
- Secure third-party tools
While we take security seriously, no system can guarantee 100% protection.
Third-Party Subprocessors
We may use GDPR-compliant third-party tools for:
- Email marketing platforms
- Analytics and reporting
- Live chat support
- Payment processing
All subprocessors are selected based on security and compliance standards.
Data Retention Policy
- Client data is retained only for the duration of active service
- Upon service termination, data access is removed
- Clients are responsible for exporting their data before cancellation
Data Subject Rights
Under GDPR, individuals may have the right to:
- Access their personal data
- Rectify inaccurate data
- Request data deletion
- Restrict processing
- Object to data usage
Requests should be directed to the Data Controller (our client). We assist where legally required.
Data Breach Policy
In the unlikely event of a data breach:
- We will notify affected clients without undue delay
- Necessary steps will be taken to mitigate risk
- Compliance with legal reporting obligations will be followed
International Data Transfers
Data may be processed outside the EU/EEA depending on service delivery. In such cases, appropriate safeguards are applied in accordance with GDPR standards.
Limitation of Liability
EmailMarketingRocket.com shall not be held liable for:
- Client non-compliance with data protection laws
- Improper list sourcing
- Unlawful email practices by clients
Policy Updates
We may update this GDPR & Compliance page as laws or practices change. Updates will be reflected with a revised “Last Updated” date.
Contact for Compliance Matters
For GDPR or data protection inquiries, contact us at:
- Email: support@emailmarketingrocket.com
- General: contact@emailmarketingrocket.com
- Live Chat: Available on our website