GDPR Compliance

Last updated: January 2025

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all organizations processing personal data of EU residents. NovaMail is committed to full compliance with GDPR requirements.

2. Our Commitment to GDPR

NovaMail implements the following GDPR principles:

  • Lawfulness, fairness, and transparency: We process data lawfully and transparently
  • Purpose limitation: We collect data for specific, legitimate purposes
  • Data minimization: We only collect data that is necessary
  • Accuracy: We keep personal data accurate and up-to-date
  • Storage limitation: We retain data only as long as necessary
  • Integrity and confidentiality: We protect data with appropriate security measures
  • Accountability: We demonstrate compliance with GDPR requirements

3. Legal Basis for Processing

We process personal data under the following legal bases:

3.1 Consent (Article 6(1)(a))

We process data when you have given clear consent for specific purposes:

  • Marketing communications
  • Newsletter subscriptions
  • Optional analytics tracking
  • Third-party integrations

3.2 Contract Performance (Article 6(1)(b))

We process data to fulfill our contractual obligations:

  • Account creation and management
  • Service delivery and support
  • Payment processing
  • Feature access and functionality

3.3 Legitimate Interests (Article 6(1)(f))

We process data for legitimate business interests:

  • Service improvement and development
  • Security and fraud prevention
  • Analytics and performance monitoring
  • Customer support and communication

4. Your Rights Under GDPR

As a data subject, you have the following rights:

4.1 Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and access to that data.

4.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

4.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances.

4.4 Right to Restrict Processing (Article 18)

You have the right to restrict the processing of your personal data in certain situations.

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format.

4.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for marketing purposes.

4.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to automated decision-making, including profiling.

5. Data Protection Measures

5.1 Technical Safeguards

  • End-to-end encryption for data transmission
  • AES-256 encryption for data at rest
  • Secure socket layer (SSL) certificates
  • Regular security audits and penetration testing
  • Multi-factor authentication for admin access

5.2 Organizational Safeguards

  • Data protection training for all employees
  • Strict access controls and role-based permissions
  • Regular data protection impact assessments
  • Incident response procedures
  • Vendor security assessments

6. Data Processing Records

We maintain detailed records of our data processing activities, including:

  • Purposes of processing
  • Categories of personal data
  • Categories of data subjects
  • Recipients of personal data
  • Data retention periods
  • Security measures implemented

7. Data Breach Procedures

In the event of a data breach, we will:

  • Notify the supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Document the breach and our response
  • Take immediate steps to contain and remediate
  • Conduct a post-incident review

8. International Data Transfers

When transferring data outside the EEA, we ensure adequate protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes and codes of conduct

9. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance:

  • Email: contact@novamail.com (actual recipient: lihongyangnju@gmail.com)
  • Role: Data Protection Officer
  • Responsibilities: Monitor compliance, provide advice, act as contact point

10. Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated GDPR. You can find your local authority at:

11. Exercising Your Rights

To exercise your GDPR rights, please contact us:

  • Email: contact@novamail.com
  • Subject: GDPR Rights Request
  • Include: Your request type and verification information

We will respond to your request within one month of receipt.

12. Updates to This Policy

We may update this GDPR Compliance statement to reflect changes in our practices or legal requirements. We will notify you of any significant changes.

This GDPR Compliance statement is effective from January 2025. For questions about our data protection practices, please contact our Data Protection Officer.