EmailLabs DOCS
API DOCSEmail API & Cloud SMTPPricingBlog
EN
EN
  • πŸ‘‹Welcome to EmailLabs!
  • πŸ”Security & Compliance
    • EmailLabs Safety Center
      • Scope and Purpose of Personal Data Processing
        • Cloudflare
      • ISO/IEC 27001, 27018 and 22301 Certifications
      • Security Testing
      • Security Measures
      • Document Templates
      • FAQ
  • πŸ’‘First Steps
    • Completing Company Data
    • Changing the Login Password
    • GDPR Agreement
    • Creating a Password for the SMTP Server
    • Sender Authorization
    • Whitelabel (Custom Link Tracking)
    • Domain Security - SPF Record
  • ☁️CLOUD-BASED SMTP
    • SMTP Integrations
      • Cloud SMTP for eFitness
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for SALESmanago
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for User.com
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for Baselinker
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for Shoper
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for RedCart
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for Joomla!
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for PrestaShop
        • Sing up to EmailLabs
        • Integration Steps
      • Cloud SMTP for WordPress
        • Sign up to EmailLabs
        • Easy WordPress SMTP Plug-in
        • WP Mail SMTP Plug-in
        • Without the Plug-in
      • Cloud SMTP for Mautic
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for Selly
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for SOTE
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for IdoSell
        • Sign up to EmailLabs
        • Integration Steps
      • Cloud SMTP for AtomStore
        • Sign up to EmailLabs
        • Integration Steps
      • SMTP Relay Configuration
      • Outlook
      • Thunderbird
  • ✨EmailLabs API
    • API Documentation
  • πŸ“ˆAnalytics Panel
    • Dashboard
      • Selecting an SMTP Subaccount
      • Elements on the Dashboard
      • View Detailed Statistics
    • Reports
      • E-mail
        • Panel Navigation and Access Path
        • "Search" Section
        • "List" Section
        • Detailed Message Logs
      • Blacklist
        • Panel Navigation and Access Path
        • "Search" Section
        • "Search" Section
        • Adding an Address to the Blacklist
        • Blocked Domains
        • Export & Import
        • Blacklist Settings
        • Whitelist
      • Activity Report
        • Detailed Message Logs
      • Comparing Tags
      • Status Per Tag
        • Panel Navigation and Access Path
        • "Search" Section
        • β€œAccount Statistics” Section
      • Technology and Geolocation
      • Feedback Loop Report
        • Feedback Loop Yahoo
      • Event API Logs
      • Report Per Domain
    • Administrator
      • Sender Authorization
        • From Domain Authorization - Configurator
          • Authorizing the Domain Hosted by Cloudflare
          • Authorizing the Domain Hosted by GoDaddy
          • Authorizing the Domain Hosted by cyber_Folks
          • Authorizing the Domain Hosted by home.pl
          • Authorizing the Domain hosted by Nazwa.pl
          • Authorizing the Domain Hosted by OVHcloud
          • Authorizing the Domain Hosted by zenbox
      • Users
        • Panel Navigation and Access Path
        • β€žSearch” Section
        • β€žList” Section
        • Editing the User’s Information
        • Managing The Roles
      • My Profile
        • Panel Navigation and Access Path
        • Changing the Administrator or Company Data
        • Changing the Account Password
      • Application Log
        • Panel Navigation and Access Path
        • β€œSearch” Section
        • β€œList” Section
      • API
        • Panel Navigation and Access Path
        • Generating the Keys
        • API Integration
        • Event API Settings (Webhooks)
      • General Settings
        • Blacklist Settings
        • Validity of Entries on the Blacklist
        • Bounce Number Before Blocking
        • Access to the Panel for Specified IP
        • Access to API for Specified IP
        • Deliverability Alerts
      • Tags
      • Message Templates
        • Sending Messages With Templates
      • GDPR
    • SMTP Accounts
      • Active Accounts
        • Panel Navigation and Access Path
        • Change Password
        • Application Settings
    • Functionalities
      • IP Authorization
      • Block Temporary Inboxes
      • Deep Linking
        • Deep Linking Configuration for Android
        • Deep Linking Configuration for iOS
      • Footer
      • Headers
      • Open Tracking and Link Tracking
        • Open Tracking
        • Link Tracking
      • Tags
      • UTM
      • Unsubscribe
        • Unsubscribe Page Provided by EmailLabs
        • Redirect to Customer Website and Add Email Address to Blacklist
        • List-Unsubscribe
      • Whitelabel (Individual Link Tracking)
        • Step 1: Adding a Record to the DNS Panel
        • Step 2: Configuration in the EmailLabs Panel
    • Authentications
      • SPF
        • If You Don't Have an SPF Record Yet
        • If You Already Have Other Services Included in Your Domain's SPF Record
      • DKIM
        • Individual DKIM
          • Adding a DNS Record
          • Configuration in the EmailLabs Panel
        • Sender Authorization
      • DMARC
        • Neutral DMARC Policy
        • Restrictive DMARC Policy
          • Configuring Your Return Path
      • S/MIME
      • BIMI
    • Email Deliverability
      • Message Statutes
        • Injected
        • OK
        • Softbounce
        • Spambounce
        • Hardbounce
        • Dropped
        • Open
        • Track
        • Feedback
    • Billings
      • Plan Change
      • Plan Cancellation
      • Payment Methods
      • Invoices
  • FAQ
    • System
    • Account
    • Sending and Deliverability
    • Analytics
    • Sender Authorization
    • EmailLabs Safety Center
      • Data Protection Officer
      • Data Controller
      • Entrustment and Further Entrustment of Personal Data Processing
      • Implementation of Information Security Management System
      • Risk Assessment
      • Business Continuity
      • Security Incident Management and Personal Data Breach Handling
      • Information Classification
      • Employees
      • Access Control and Access Management
      • Remote Access
      • Portable and Mobile Devices
      • Document Destruction
      • Server Security
      • Network Security
      • Logs
      • Data Security at Rest and in Transit
      • Physical Security
      • Cloud Computing
      • Data Protection Measures
Powered by GitBook
On this page
  1. FAQ
  2. EmailLabs Safety Center

Entrustment and Further Entrustment of Personal Data Processing

PreviousData ControllerNextImplementation of Information Security Management System

Last updated 2 months ago

How many subcontractors does the processor use and to what extent?

Depending on the service provided, the list of processors may vary. Details are regulated by the personal data processing agreement.

The list is available in the section.

What is the subject, nature, and purpose of processing personal data?

The processing is carried out to provide the Service to the Client based on the Main Agreement and to fulfill Vercom's obligations arising from this Data Processing Agreement, particularly concerning data security, including ensuring their integrity and availability.

What categories of individuals does the agreement cover?

The processed personal data concerns the following categories of individuals: End Users - individuals who are recipients of electronic communications sent by the Client based on the Main Agreement.

What types of special categories of personal data are covered by the agreement?

The processed special categories of personal data include the following categories: Not applicable.

Have all subcontractors used during the provision of services been checked to ensure an appropriate level of personal data protection?

Yes, subcontractors undergo an annual assessment.

Is there a record of suppliers to whom you entrust or further entrust the processing of personal data?

Yes, there is a detailed list of further processors used by Vercom S.A., last updated on 20_03_2023, as well as a Register of Processing Activities at VERCOM S.A.

Have internal regulations been prepared and implemented regarding the supervision and monitoring of personal data processing processes?

Yes. Periodic internal and external audits are conducted. Testing occurs at least once every 12 months or more frequently if necessary.

The most recent ISO 22301 audit took place in January 2025. Previous external audits for ISO 27001 and ISO 27018 were conducted in August 2024. These audits covered the entire organization, assessing compliance with all required standards and evaluating the effectiveness of security controls. Compliance with ISO 22301, ISO 27001, and ISO 27018 was verified, resulting in the issuance of a certification of conformity.

Additionally, in 2024, three internal audits were conducted, culminating in an audit report and a review of the Information Security Management System’s performance.

Where are the data entrusted for processing stored?

All operations performed on personal data take place within an IT system. Data entrusted for processing are not stored on employees' computers. Vercom does not process personal data in paper form as part of its services. All personal data entrusted to us for processing are stored in an external data center that meets the highest security standards and undergoes multi-layered security measures.

How does the entity ensure separation of data entrusted to it by the Controller from data of other entities, including its own data?

Vercom uses logical separation of data in its systems provided as part of the services rendered.

Is a Register of Processing Activities maintained?

Yes.

Is a Register of Categories of Processing Activities maintained?

Yes.

Is the storage and processing of data carried out only within the EEA?

The main server environment within VERCOM's CPaaS is located within the EEA. All further processors handling personal data provide services covered by regionalization within PL, EU, or EEA territories. We do not process data outside of the EEA.

Do we have procedures regarding backups of the data we process?

According to the documented and implemented policy, backups are created daily. Backup copies are stored for 2 years and are encrypted. Backups are maintained only within the EEA in external data centers with the highest security standards, subject to multi-layered security measures.

Personal Data Processing