GDPR Compliance Commitment

Updated 27th April 2025 Contact Us

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals within the European Union (EU) and the European Economic Area (EEA). It was implemented on May 25, 2018, replacing the previous Data Protection Directive, and is widely regarded as one of the strictest data privacy and security laws globally.

GDPR aims to give individuals greater control over their personal data and imposes significant obligations on organizations that process such data, regardless of where the organization is based.

Our GDPR Compliance

Legal Role: Data Processor

Tiny Dot acts as a "Data Processor" under GDPR, meaning it processes personal data on behalf of its clients (the "Data Controllers"). As a processor, Tiny Dot must follow the instructions of the controller and comply with specific statutory obligations under the regulation.

No Retention of Contact Database

Tiny Dot does not maintain a standing database of contact data. Each outbound email campaign involves unique, client-specific research, and data is processed solely for the duration and purpose of each campaign.

Use of GDPR-Compliant Tools and Data Sources

All tools and data sources used for identifying prospects and delivering campaigns have been verified by Tiny Dot as GDPR compliant. A list of these sources is available upon request.

Categories of Data Processed

Only business profile information and, where necessary, business email addresses are processed.

Data Access and Disclosure

Data is accessed by key individuals within Tiny Dot as part of the research and campaign delivery process and is provided to clients for campaign execution.

Opt-Out Mechanism

Any individual can request to stop the processing of their data at any time using Tiny Dot's data opt-out form. This is a critical requirement under GDPR, which mandates that individuals must have an easy way to withdraw consent or object to processing.

Right to Lodge a Complaint

If an individual is dissatisfied with Tiny Dot's data processing or response to concerns, they have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO), as required by GDPR.

Automated Decision-Making

The only automated processing involves quality control, such as removing contact data without a valid email address. No profiling or automated decision-making that affects individuals' rights is performed.

Technical and Organizational Measures (Security)

Tiny Dot implements appropriate technical and organizational security measures to ensure the confidentiality, integrity, and availability of personal data, including pseudonymization and encryption where appropriate.

Data Processing Agreements

Detailed data processing agreements are in place with clients, specifying the scope, nature, and purpose of processing, and ensuring all GDPR obligations are met.

Data Minimization and Purpose Limitation

Only the minimum necessary data is collected and used strictly for the specific campaign purpose, in line with GDPR's principles of data minimization and purpose limitation.

Data Subject Rights

Under GDPR, individuals have enhanced rights regarding their personal data, including:

  • The right to access their data
  • The right to rectification (correction)
  • The right to erasure ("right to be forgotten")
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • The right not to be subject to automated decision-making

Tiny Dot's processes and privacy notices are designed to support these rights, ensuring that all data subjects can easily exercise them.

Our Commitment

By adhering to these principles and requirements, Tiny Dot demonstrates a robust commitment to GDPR compliance, protecting the rights of data subjects and ensuring transparent, secure, and lawful data processing throughout its outbound email campaign services.