Red Web Tigers

A Weekly Newsletter about what's happening in the Digital Marketing world globally. Curated by Mittaltiger Enterprises. Published for FREE every Saturday.


GDPR Policies and Compliance Notices

The GDPR (General Data Protection Regulation) is a new set of European privacy laws that come into force in May 2018 and which protect the personally identifiable information of EU data subjects (typically EU residents). You can learn more about how we abide by these laws on this page.

Please note that this page only describes our GDPR compliance and policies in relation to our subscribers.

What is “personally identifiable information”?

Personally identifiable information is any information which can be directly correlated to you as an individual. For example, this could include:

  • Your name
  • Email address
  • Personal affiliations
  • Employer
  • IP address used

What personally identifiable information do we hold?

The information we store and process about subscribers is as follows:

  • Email address
  • Opt-in confirmation time
  • Opt-in confirmation IP address
  • Subscriptions held
  • Timezone
  • Name (sometimes)
  • City and country (sometimes)
  • Social media information (sometimes, e.g. Twitter or GitHub account name)
  • Klout interests (sometimes)

What is the “right to access”?

If we hold personally identifiable information about you and you are a resident of the European Union, you are able to request that we provide you with a machine-readable copy of that information. In our case, that would typically be your email address and subscriptions, and potentially other information we may have collected such as your company name, social handles, etc.

You can email us at support@redwebtigers.com to request access to this data. Please note that it is necessary for us to verify your identity for data protection reasons, although if you are requesting data assigned to the same email address from which you make the request, we will consider this “reasonable means” of verification.

What is the “right to erasure”?

You are able to request that we erase all information we store about you that is personally identifiable and which we are not required, by law, to keep (for example, we may need to keep customer information for tax purposes, but the GDPR allows this).

If you email support@redwebtigers.com we will process your request. We can either erase all of your personally identifiable information (in which case you will also be unsubscribed from our publications) or erase part of your information, such as if we hold your name, company name, and similar details on file.

The basis on which we handle your personally identifiable information

We have determined that for most uses of personal data, the “Legitimate Interest” basis is appropriate. Handling of personal data to send email newsletters to our subscribers passes the three relevant tests:

  • Purpose test. Is there a legitimate interest behind the processing? It is in both the interest of us and our readers for us to be able to send them the publications they have requested and we store the information required to be able to do this (their email address).
  • Necessity test. It is necessary for us to store subscribers’ email addresses in order to be able to send them the publications they have specifically and directly requested
  • Balancing test. This test requires we take into account the impact on individuals of our data processing practices. Our audience are principally adults representing businesses and who have explicitly requested to receive our publications. We use their personal information principally to send them the newsletters requested (and opted into via a double optin process). Use of their personally identifiable information for other purposes would require a further basis, though no such processing is currently undertaken, and we use our subscribers’ data in only ways that they would reasonably expect us to.

Further to the above, our universal use of the double opt-in process also affords us an audit trail of informed consent for each subscriber based upon the opt-in confirmation time and the IP address used.

How we share information with third parties

It is a necessity of business that we share personally identifiable information with third parties under certain situations. We have tried to enumerate each opportunity this occurs below:

  • We store subscriber information on the 3rd party email service providers such as Mailchimp, Sendinblue, etc.
  • The 3rd party email service providers store backups of subscriber information on their own backup systems
  • The 3rd party email service providers may store backups of old data.
  • Email addresses of subscribers are sent to the 3rd party email service providers in order to send our publications to those addresses. In some cases, name information may be sent to customize the email headers. No other personal information is sent to the 3rd party email service providers.
  • We internally use Basecamp Personal, Slack, etc tools to work with certain types of data or to monitor signups, optins, unsubscribes, etc. Only our employees have access to these services.
  • If we bill customers or other users, the information associated with these orders may come via PayPal or Stripe or Razorpay and then may be shared with our accountants, bookkeepers, and our online accounting platform providers.

All of our third party provided above either have a presence in the EU and are subject to the GDPR themselves, or have asserted they comply to the EU-US Privacy Shield policy.