Annex 1 – Description of Personal Data Processing

1. Purpose of the Personal Data Processing

Personal Data shall be processed by GetResponse in order for the Customer to use the Service provided by GetResponse. 

2. Nature of the Processing and the Processing activities

Processing is both automated and non-automated. Personal Data Processing by GetResponse takes place using the IT systems provided within the Service and includes following Processing activities: collection, recording, storage, adaptation, alteration, disclosure, backuping Personal Data, as well as other activities as required to provide the Service.

GetResponse shall not communicate directly with the Personal Data Subjects in the course of Personal Data Processing as part of the Service, unless requested otherwise by the Customer.

GetResponse’s role is limited to making the Service tools available to the Customer for use in order to process Personal Data. GetResponse does not determine the scope of Personal Data processed by the Customer within the Service, does not determine thepurposes and means of their Processing and does not monitor the scope of such Personal Data, except for data processed automatically while the Service is used, described in section 4 c) below.

3. Categories of Data Subjects

The Customer engages GetResponse in Processing the Personal Data of the following categories of Data Subjects:

a. Contacts – including persons whose Personal Data are on the Contact list; or whose Personal Data is collected and stored using the Service; or to which the Customer will send communication using the Service, in particular contractors, clients, prospects, employees, contacts of the Customer’s business partners, Customer’s newsletter subscribers, participants of Customer’s Webinars, persons whose data is collected through Customer’s forms, or visitors of Customer’s landing pages and sites connected with the Service;

b. Users.

As a rule, the Service is not intended to process special categories of Personal Data referred to in Article 9 of the GDPR, Personal Data relating to criminal convictions and offenses or related security measures, Personal Data of children, nor sensitive Personal Data as defined by any other Applicable Law. However, in all instances, the decision as to the scope of data that is to be processed by GetResponse in the Service belongs to the Customer. By using the Service to process such data, the Customer confirms that security measures implemented by GetResponse are in his or her opinion sufficient to protect entrusted Personal Data. 

4. Categories of Personal Data to be processed

The Customer engages GetResponse for Processing of following categories of Personal Data:

a. regarding Contacts: e-mail address

The Service also allows for the Processing of other information such as:

-first and last name

-company phone number, private phone number, mobile phone number, fax number

-URL address of the website through which Contact provided its data to the Customer

-the Contact’s address details

-address of the website from which the Contact was redirected [http_referer]

-gender, age, date of birth


-Personal Data contained in content sent by the Customer with the use of the Service

-additional information about the Contact [comment] and other information based on fields defined by the Customer when collecting the Contacts’ data from forms;

regarding participants of Webinars the Service also allows for Processing of other information such as: 

The Service also allows for the processing of other information such as:


-additional information about the Webinar participant collected by the Customer from registration form, during Webinar or chat. 

regarding persons whose data is collected through forms the Service also allows for the Processing of other information such as:

additional information based on the fields defined by the Customer. 

b. regarding Users: email address, name of user;

c. regarding all above categories: data processed automatically while the Service is being used (data about the use of the Service; data collected using cookies or other technologies used to track users activity; IP data of the device from which the Contact was imported to the Customer’s Contact list or on which the Contact opened an email sent to him by the Customer as part of using the Service; location data; data about the web browser).