Click Media Digital is fully compliant with the General Data Protection Regulation. Here's how we uphold your data rights under EU law.
Our commitment: GDPR compliance isn't a checkbox for us — it's foundational to how we've built the platform. Every feature has been designed with data minimisation, purpose limitation, and user rights in mind from day one.
The General Data Protection Regulation (GDPR) is the European Union's comprehensive data protection law. It applies to any organisation that processes personal data of EU residents, regardless of where the organisation is based.
Click Media Digital processes personal data in two distinct capacities: as a data controller for our own customers' data, and as a data processor for the subscriber data our customers upload to the platform.
When we are the Data Controller:
We control data about our direct customers — account holders who use Click Media Digital. This includes registration information, billing data, and usage metrics. We determine the purpose and means of processing this data.
When we are the Data Processor:
When you upload your subscriber lists or use our platform to send emails, we process that contact data on your behalf. You remain the data controller. We act only on your instructions. This relationship is governed by our Data Processing Agreement (DPA).
We rely on the following lawful bases when processing personal data as a data controller:
| Processing Activity | Lawful Basis | Details |
|---|---|---|
| Account registration & management | Contract | Necessary to deliver the service you've signed up for |
| Billing & payment processing | Contract | Required to fulfil payment obligations |
| Product update emails | Legitimate Interest | Keeping customers informed about material changes |
| Marketing communications | Consent | Only sent with explicit opt-in |
| Security monitoring & fraud prevention | Legitimate Interest | Protecting the platform and all users |
| Legal compliance | Legal Obligation | Tax records, responding to lawful requests |
If you are an EU resident, you have the following rights regarding your personal data. We honour all requests within 30 days.
Request a copy of all personal data we hold about you, including how it's used.
Have inaccurate or incomplete data corrected without undue delay.
Request deletion of your data when it's no longer necessary or you withdraw consent.
Request that we limit processing while a dispute or objection is resolved.
Receive your data in a structured, machine-readable format (JSON or CSV).
Object to processing based on legitimate interests or for direct marketing purposes.
To exercise any right, email dpo@clickmediadigital.com with your request. We will verify your identity before processing and respond within 30 days (extendable to 90 days for complex requests with notice).
If you use Click Media Digital to process personal data of EU residents on your behalf (e.g. sending marketing emails to your EU customers), you need a Data Processing Agreement (DPA) in place.
You are responsible as data controller for ensuring your own subscribers have given valid consent for the communications you send through our platform.
Some of our infrastructure and sub-processors are based outside the EEA. We ensure all international transfers are protected through appropriate safeguards:
In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will:
Click Media Digital has appointed a Data Protection Officer (DPO) as required under GDPR Article 37. Our DPO is responsible for overseeing data protection strategy and compliance.
If you believe we have not handled your data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. EU residents may contact their national data protection authority.
We'd always prefer the opportunity to resolve your concern directly first — please contact dpo@clickmediadigital.com before escalating.