GDPR compliance.

Our GDPR + UK GDPR compliance posture for EU + UK data subjects. Standard Contractual Clauses (SCCs) + UK Addendum used for transfers. DPA available on request — included in every engagement contract.

PLAIN-ENGLISH SUMMARY

We comply with GDPR (EU) + UK GDPR for all EU + UK data subjects. Roles vary by engagement: we are typically processor when delivering campaigns on your data, controller for our own marketing + analytics. Lawful bases: contract performance, legitimate interest (cookieless analytics), consent (Clarity / GA4 / marketing email), legal obligation (tax). Cross-border transfers from EU/UK to US/India use Standard Contractual Clauses + UK Addendum + Transfer Impact Assessment. Subject rights (access/correction/deletion/portability/restriction/objection) are exercisable via dpo@digitalmarketingagencyfor.com — answered within 30 days. DPA included in every engagement contract; sub-processors listed at /legal/sub-processors/.

This summary is informational. The full legal text below governs.

Who this covers

EU GDPR (EU/EEA data subjects) and UK GDPR (UK data subjects). Most of our delivery operations sit under both regimes simultaneously when serving EU + UK clients.

Controller vs processor roles

For our marketing operations on your behalf, we typically act as a processor under your controller direction. For our own marketing (newsletters, this website's analytics), we are the controller.

Data subject rights

Right to access, rectification, erasure, restriction, portability, objection. Email dpo@digitalmarketingagencyfor.com — we respond within 30 days.

International transfers

EU → US, EU → India: SCCs in place per Module 2 (Controller-to-Processor). UK → non-UK: SCCs + UK Addendum. Transfer Impact Assessments (TIAs) on file for each destination.

DPA + sub-processors

Standard DPA included with every engagement contract. Sub-processor list maintained at /legal/sub-processors/. 30 days notice for any new sub-processor; objection rights preserved.

Breach notification

72-hour notification to affected controllers per GDPR Art. 33. Our incident-response runbook is shared with controllers on request.

Global · USD billing · GDPR + CCPA + DPDP + LGPD compliant by default · DPA available on request

This page reflects current practice. Material changes are posted here and reflected in the effective date above.