GDPR Statement

At Gaggle Mail, we take data protection and privacy seriously. This statement explains how personal data is processed in connection with the Gaggle Mail service and how we comply with applicable data protection laws, including the UK General Data Protection Regulation ("UK GDPR") and, where applicable, the EU General Data Protection Regulation ("EU GDPR").

Gaggle Mail is operated by Seven Forty Six Ltd, a company incorporated in England and Wales, and is therefore subject to UK GDPR.

Data Protection by Design and Default

Gaggle Mail has been designed with data protection principles in mind. We apply appropriate technical and organisational measures to ensure that personal data is processed securely, protected against unauthorised access, and limited to what is necessary to provide the service.

We regularly review our systems and practices to ensure continued compliance with applicable data protection requirements.

Categories of Personal Data

The personal data processed through Gaggle Mail typically consists of:

• Names of group members
• Email addresses of group members
• Message content submitted by users of the service

We do not process special category data as defined under GDPR.

Legal Basis for Processing

For personal data relating to our customers (such as account and billing contacts), we process data on the basis of contractual necessity and legitimate interests in operating and improving the service.

For personal data uploaded by customers into the service (such as group member data), processing is carried out solely for the purpose of providing the Gaggle Mail service, in accordance with the customer's instructions.

Data Controller and Data Processor Roles

Seven Forty Six Ltd acts as a data controller in respect of personal data relating to its direct customers, including account administration and billing information.

Seven Forty Six Ltd acts as a data processor in respect of personal data submitted to the service by customers for group email functionality. In this context, customers remain the data controller and are responsible for ensuring that they have an appropriate lawful basis for processing such data.

Sub-Processors and International Transfers

Gaggle Mail uses trusted third-party service providers ("sub-processors") to deliver the service, including infrastructure and payment providers.

These currently include:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Stripe (payment processing)

Where personal data is processed outside the UK or EEA, appropriate safeguards are in place, including reliance on adequacy regulations or standard contractual clauses, as applicable.

Data Retention

Personal data is retained only for as long as necessary to provide the service or to meet legal, regulatory, or contractual requirements. Customers may request deletion of their data at any time, subject to applicable legal obligations.

Data Subject Rights

Individuals have the right to request access to, correction of, or deletion of their personal data, as well as to object to or restrict certain processing activities, in accordance with GDPR.

Requests can be made by contacting: help@gaggle.email

Data Breach Notification

In the event of a personal data breach affecting customer data, Gaggle Mail will notify affected customers without undue delay and in accordance with applicable legal requirements.

Data Protection Impact Assessments

We assess processing activities to determine whether a Data Protection Impact Assessment (DPIA) is required. Based on the nature of the service, we have determined that Gaggle Mail does not currently involve processing likely to result in a high risk to the rights and freedoms of individuals.

Contact

If you have any questions about this GDPR Statement or about data protection at Gaggle Mail, please contact us at: help@gaggle.email