GDPR Compliance

Last updated: January 17, 2026

Our Commitment to GDPR

MSC Marketing is committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and support our customers in their compliance efforts.

Our Role Under GDPR

Depending on the context, MSC Marketing acts as:

  • Data Controller: When we collect and process your personal data as a customer or website visitor
  • Data Processor: When we process personal data on behalf of our customers (e.g., your email subscribers)

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contractual Necessity: To provide our services to you
  • Legitimate Interests: For business operations, security, and service improvement
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws

Your GDPR Rights

Under GDPR, you have the following rights:

  • Right of Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Request correction of inaccurate data
  • Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Article 18): Request limitation of processing
  • Right to Data Portability (Article 20): Receive your data in a portable format
  • Right to Object (Article 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Article 7): Withdraw consent at any time

How to Exercise Your Rights

You can exercise your GDPR rights by:

  • Using the privacy controls in your account settings
  • Contacting our Data Protection Officer at dpo@mscmarketing.com
  • Submitting a request through our contact form

We will respond to your request within 30 days. Complex requests may take up to 90 days, and we will notify you if additional time is needed.

Data Protection Measures

We implement appropriate technical and organizational measures to protect personal data:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments and audits
  • Employee training on data protection
  • Incident response procedures
  • Data minimization practices
  • Privacy by design principles

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules for group companies

Sub-Processors

We work with carefully selected sub-processors who are bound by data processing agreements. Our current sub-processors include:

  • Amazon Web Services (hosting and infrastructure)
  • Google Cloud Platform (analytics and AI services)
  • Stripe (payment processing)
  • SendGrid (transactional email delivery)

A complete list of sub-processors is available upon request.

Data Processing Agreement

We offer a Data Processing Agreement (DPA) that meets GDPR requirements. Our DPA covers:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Types of personal data and data subject categories
  • Obligations and rights of the controller
  • Security measures
  • Sub-processor requirements
  • Data subject rights assistance

Download our DPA from your account settings or view it here.

Data Protection Officer

Our Data Protection Officer can be contacted for any GDPR-related inquiries:

  • Email: dpo@mscmarketing.com
  • Address: Data Protection Officer, MSC Marketing Ltd, 123 Marketing Street, London, EC1A 1BB, United Kingdom

Supervisory Authority

If you are unsatisfied with our handling of your data, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the UK Information Commissioner's Office (ICO): ico.org.uk