Privacy law

The GDPR (General Data Protection Regulation) has been the privacy and data protection law for the European Union since May 25th, 2018. It is applicable for all data processing organisations in the EU. Governments, the private sector, and associations have to set up their systems to comply with it. 

How

Individual Data Protection Agencies (DPAs) in the EU member states enforce the GDPR. Personal data have to be adequately protected . When data that concerns the personal freedom of citizens is 'out on the street', it is considered a data breach, and the DPA should be notified.

Customers

You cannot add people to a mailing list without cause. You have to have a legitimate reason to send them marketing emails. For example, because these people are already customers (legitimate interest), or if they have subscribed to your newsletter (unambiguous consent). These are the so-called bases for data processing. You have to be able to show the base if requested, for instance if a data subject makes a complaint.

Laposta

As a data processor, Laposta has taken adequate technical and organisational measures to protect the data entrusted to us. We have been ISO27001 certified since 2019, which means that we consistently check and improve ourselves in terms of information security. Moreover, independent, third-party auditors and technical specialists oversee the adherence to and functioning of these measures.