GDPR Compliant

GDPR Compliance

CampaignSwift is committed to protecting the privacy and rights of EU residents under the General Data Protection Regulation (GDPR).

Last Updated: November 30, 2024

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy. At CampaignSwift, we've built our platform with privacy by design, ensuring that GDPR compliance is embedded in everything we do.

Whether you're an agency based in the EU or you serve EU clients, CampaignSwift provides the tools and safeguards you need to maintain compliance with data protection regulations.

Data Processing Agreement (DPA) available
EU data residency option
Standard Contractual Clauses (SCCs) for data transfers
Designated Data Protection Officer
Your Rights

Data Subject Rights Under GDPR

As an EU resident, you have specific rights regarding your personal data.

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

Right to Erasure

You can request that we delete your personal data (also known as 'right to be forgotten').

Right to Restrict Processing

You can request that we limit how we use your personal data.

Right to Data Portability

You can request your data in a structured, commonly used format to transfer elsewhere.

Right to Object

You can object to certain types of processing, including direct marketing.

How to Exercise Your Rights

You can exercise any of your data subject rights through the following methods:

Account Dashboard

Log in to your CampaignSwift account and navigate to Settings → Privacy to access data export, deletion, and preference controls.

Email Request

Send your request to privacy@campaignswift.com. Include your full name and account email for verification.

Contact DPO

For complex requests or concerns, contact our Data Protection Officer at dpo@campaignswift.com.

Response Time: We will acknowledge your request within 72 hours and fulfill it within 30 days. If we need more time, we'll let you know.
Data Processing

How We Process Your Data

Transparency about our data processing activities and the legal basis for each.

Processing PurposeLawful BasisDescription
Service DeliveryContract PerformanceProcessing necessary to provide our platform services as agreed in your subscription.
Account ManagementContract PerformanceManaging your account, authentication, and access to our services.
Payment ProcessingContract PerformanceProcessing payments and managing billing for your subscription.
Customer SupportLegitimate InterestResponding to your inquiries and providing technical support.
Service ImprovementLegitimate InterestAnalyzing usage patterns to improve our platform features.
Marketing CommunicationsConsentSending promotional content and product updates (opt-in only).
Legal ComplianceLegal ObligationComplying with applicable laws and regulations.
International Transfers

Cross-Border Data Transfers

CampaignSwift may transfer personal data outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards are in place to protect your data:

Standard Contractual Clauses (SCCs)

We use EU-approved Standard Contractual Clauses for transfers to countries without an adequacy decision.

EU Data Residency

Enterprise customers can choose to have their data stored exclusively in EU data centers.

Data Processing Agreements

All sub-processors sign DPAs that include GDPR-compliant terms and SCCs where necessary.

Supplementary Measures

We implement additional technical and organizational measures including encryption and access controls.

Sub-processors

Our Sub-processors

Third parties that process personal data on our behalf.

Amazon Web Services (AWS)

EU & US

Cloud infrastructure and data hosting

Stripe

US (EU SCCs)

Payment processing

PostHog

EU

Product analytics

Intercom

US (EU SCCs)

Customer support communication

We notify customers of any changes to our sub-processor list at least 30 days before any new sub-processor begins processing personal data. You can subscribe to updates by contacting our DPO.

Data Processing Agreement

If you need a Data Processing Agreement (DPA) for your records, we provide a pre-signed DPA that covers all GDPR requirements.

Standard Contractual Clauses included
Technical and organizational measures
Sub-processor list and notification process
Data breach notification procedures
Request DPA

Questions About GDPR?

Our Data Protection Officer is here to help with any GDPR-related questions or concerns.

Data Protection Officer

For GDPR inquiries, data subject requests, or DPA questions:

dpo@campaignswift.com

Privacy Team

For general privacy questions or concerns:

privacy@campaignswift.com

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.