Skip to content

GDPR Compliance

Last updated: 06 Jan. 2023

The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It took effect on the 25th May 2018. We work hard to comply with the GDPR and apply its principles as we build new services.

Does this affect me?

The GDPR regulation applies to any EU residents' data, regardless of where the processor or controller is located. This means that if you’re using Findymail from the US to reach out to other US corporations, the regulation doesn’t affect you. But if some of your customers or leads are in the EU, you should pay attention to it. In practice, most companies need to take the GDPR into consideration.

Data Processing Addendum

Findymail is in most cases a processor. As a data controller, under Article 28 of the GDPR, you need a data processing addendum (DPA) signed with your processors. We've made this procedure simple and have the contract ready to be signed. You can find our DPA here. Please contact [email protected] if you need a signed version.

Is Findymail acting as a data controller or a data processor?

The “data controller” is the entity that determines the purposes and means of the data processing taking place. The “data processor” is an entity acting on behalf of a controller in processing personal data.

Findymail acts as a controller to deliver its services, analyze usage, fight fraud, and comply with applicable regulations.

Findymail acts as a processor for the data you import to your account. It includes information about your account, leads, campaigns, bulk tasks, and more. As a Findymail user, you are the controller of this data. It means you must set the purpose and legal basis for the processing.

In what countries is my data processed?

Findymail's main servers are managed by Hetzner Online GmbH and located in Finland.

Purposes of the processing

We process only available online data for informational purposes. Our users have a legitimate interest in having easier access to already public data regarding other businesses and in reaching out to other businesses. By working as a specialized search engine, we make it possible for companies to connect with each other.

Right of erasure

If a data subject wishes to not appear to our customers, we offer a way to easily claim email addresses here

Our processing is done exclusively in the EU

We store and process all our data exclusively in the EU. We even store our off-site backups within the EU.

Log retention

To improve, debug or prevent fraud on the service, we keep a variety of logs. We now make sure logs are destroyed at most 2 months after there collection date. We never use those logs of anything else than monitoring and debugging.


Should you have any other questions, we’re here to help: [email protected]