Barbara Rath / Autorin


"Öffne ein Buch - und das Buch öffnet dich."


Kopie des Vertrages über Auftragsdatenverarbeitung zwischen

MailerLite & Barbara Rath


Data Processing Agreement


This Data Processing Agreement (“Agreement”) is formed between UAB MailerLite

(“MailerLite”) and Freie Autorin (“Customer”) (hereinafter collectively referred to

as “Parties” and individually “Party”) to reflect the Parties’ agreement with regard

to the Processing of Personal Data, in accordance with the requirements of Data

Protection Laws.

The Agreement is effective on the date both Parties sign the Agreement.


1. Definitions

1.1. "Customer Data" means any Personal Data that MailerLite Processes on behalf

of the Customer as a Data Processor in the course of providing its Services.

1.2. "Data Controller" means an entity that determines the purposes and means of

the Processing of Personal Data.

1.3. "Data Processor" means an entity that Processes Personal Data on behalf of a

Data Controller.

1.4. "Data Protection Laws" means all data protection and privacy laws and

regulations of the EU, EEA and their member states, Switzerland and the United

Kingdom, applicable to the Processing of Personal Data.

1.5. "Data Subject" means the identified or identifiable person to whom Personal

Data relates.

1.6. "EEA" means the European Economic Area, the United Kingdom, and


1.7. “EU” means European Union.

1.8. "GDPR" means the Regulation (EU) 2016/679 of the European Parliament and

the Council of 27 April 2016 on the protection of natural persons with regard to the

Processing of Personal Data and on the free movement of such data and repealing

Directive 95/46/EC (General Data Protection Regulation).

1.9. "Personal Data" means any information relating to an identified or identifiable

natural person as defined in GDPR.

1.10. "Privacy Shield" means the EU-U.S. Privacy Shield Framework and Swiss-U.S.

Privacy Shield Framework self-certification program operated by the U.S.

Department of Commerce and approved by the European Commission pursuant to Decision C(2016)4176 of July 12, 2016, and by the Swiss Federal Council on

January 11, 2017.

1.11. "Processing" means any operation or set of operations which is performed

upon Personal Data, whether or not by automatic means, such as collection,

recording, organization, storage, adaptation or alteration, retrieval, consultation,

use, disclosure by transmission, dissemination or otherwise making available,

alignment or combination, blocking, erasure or destruction. "Process", "Processes"

and "Processed" shall be interpreted accordingly.

1.12. "Processor" means a natural or legal person, public authority, agency, or any

other body which Processes Personal Data on behalf of the Data Controller.

1.13. "Services" means any product or service provided by MailerLite pursuant to

MailerLite’s Terms of Service ("TOS").

1.14. "Sub-processor" means any third-party Processor engaged by MailerLite.


2. Applicability of this Agreement

2.1. This Agreement applies to the extent that MailerLite processes Customer Data

that originates from EU/EEA and/or that is otherwise subject to GDPR.

2.2. In the course of providing the Services to Customer, MailerLite may Process

Personal Data on behalf of Customer. MailerLite agrees to comply with the

following provisions with respect to any Personal Data Processed for Customer in

connection with the provision of the Services.


3. Role of Parties

The Parties agree that with regard to the Processing of Personal Data, Customer is

the Data Controller and MailerLite is a Data Processor, acting on behalf of



4. Customer’s Processing of Personal Data

4.1. The customer is responsible for the control of Personal Data complying with its

obligations as a Data Controller under Data Protection Laws, in particular for

justification of any transfer of Customer Data to MailerLite and for its decisions and

actions regarding the Processing and use of Personal Data.

4.2. Customer agrees that it has provided notice and received all consents and

rights necessary under Data Protection Laws for MailerLite to Process Customer

Data and provide the Services.


5. MailerLite’s Processing of Customer Data

5.1. In connection with MailerLite’s delivery of the Services to the Customer,

MailerLite shall Process certain categories and types of the Customer data, only for

the purposes described in this Agreement and only in accordance with Customer’s

documented lawful instructions, including with regard to transfers of Customer

data to a third country or an international organisation, unless required to do so by

EU or Member State of the EU law to which MailerLite is subject. In such a case,

MailerLite shall inform the Customer of that legal requirement before Processing,

unless that law prohibits such information on important grounds of public interest.

5.2. The Parties agree that this Agreement sets out the Customer’s complete and

final instructions to MailerLite in relation to the Processing of Customer Data. The

Processing outside the scope of these instructions shall require prior written

agreement between Customer and MailerLite.


6. Details of Data Processing

6.1. Subject matter: The subject matter of the data Processing under this

Agreement is the Customer Data.

6.2. Duration of Processing: MailerLite will Process Customer Data for the duration

of the Services, as described in the TOS.

6.3. Nature of the Processing: MailerLite provides email marketing and automation

software as a service and other related services, as described in the TOS.

6.4. Purpose of the Processing: The purpose of the data Processing under this

Agreement is the provision of the Services.

6.5. Categories of Data subjects:

“Users” - any individual accessing and/or using the Services through the

Customer's account;

“Subscribers” - any individual whose email address is included in the

Customer's distribution list / whose information is stored on or collected via

the Services / to whom Users send emails or otherwise engage or

communicate with via the Services.

6.6. Types of Customer Data:

Users: identification and contact data (name, contact details, including email

address, username); billing information (credit card details, account details,

payment information); organization information (name, address, geographic

location, area of responsibility, VAT code), IT information (IP address, usage

data, cookies data, online navigation data, location data, browser data,

access device information);

Subscribers: identification and contact data (name, date of birth, gender,

occupation or other demographic information, address, title, contact details,

including email address), personal interests or preferences (including

purchase history, marketing preferences and publicly available social media

profile information); IT information (IP address, usage data, cookies data,

online navigation data, location data, browser data, access device


6.7. Customer acknowledges that MailerLite shall have a right to use and disclose

data relating to the operation, support and/or use of the Services for its legitimate

business purposes, such as billing, account management, technical support,

product development, sales, and marketing. To the extent any such data is

considered Personal Data under Data Protection Laws, MailerLite is the Data

Controller of such data and accordingly shall process such data in accordance with

the MailerLite Privacy Policy and Data Protection Laws.

6.8. Customer acknowledges that in connection with the performance of the

Services, MailerLite employs the use of cookies, unique identifiers, web beacons

and similar tracking technologies. Customer shall maintain appropriate notice,

consent, opt-in and opt-out mechanisms as are required by Data Protection Laws

to enable MailerLite to deploy previously mentioned tracking technologies lawfully

on and collect data from the devices of Subscribers.


7. Confidentiality of Processing

MailerLite ensures that persons authorised by MailerLite to Process the Customer

Data have committed themselves to confidentiality or are under an appropriate

statutory obligation of confidentiality.


8. Security of Processing

8.1. MailerLite shall implement appropriate technical and organizational security

measures to ensure a level of security appropriate to the risk and protect

Customer Data from any unauthorized or unlawful breach of security that leads to

the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of

or access to Customer Data and to preserve the security and confidentiality of the

Customer Data, in accordance with MailerLite’s Privacy Policy.

8.2. The Parties shall take steps to ensure that any natural person acting under the

authority of the Customer or MailerLite who has access to Personal Data does not

Process them except on instructions from the Customer unless he or she is

required to do so by EU or EU Member State law.

8.3. The customer is responsible for reviewing the information made available by

MailerLite relating to its data security and making an independent determination

as to whether the Services meet Customer’s requirements and legal obligations

under Data Protection Laws. Customer acknowledges that MailerLite may update

or modify MailerLite’s security standards from time to time provided that such

updates and modifications do not result in the degradation of the overall security

of the Services purchased by the Customer.

8.4. Customer agrees it is responsible for its secure use of the Services, including

securing its account authentication credentials, protecting the security of

Customer Data when in transit to and from the Services and taking any

appropriate steps to securely encrypt or backup any Customer Data uploaded to

the Services.


9. Sub-Processing

9.1. Customer agrees that MailerLite may engage Sub-Processors to Process

Customer Data on Customer's behalf. The Sub-Processors currently engaged by

MailerLite and authorized by Customer are listed in the Annex.

9.2. MailerLite shall ensure that Sub-Processor will protect the Customer Data to

the standard required by Data Protection Laws and remain responsible for its

compliance with the obligations of this Agreement and for any acts or omissions of

the Sub-Processor that cause MailerLite to breach any of its obligations under this



10. Changes to Sub-Processors

10.1. MailerLite shall provide a list of the Sub-Processors upon written request

from Customer and notify Customer via email if it adds or removes Sub-Processors

at least 10 days prior to any such changes.

10.2. Customer may object in writing to MailerLite’s addition of a new Sub-

Processor within 5 business days of such notice, provided that such objection is

based on reasonable grounds relating to Data Protection Laws. In such event, the

MailerLite and Customer shall discuss such concerns in a good faith effort to

achieve resolution. If the resolution is not possible, Customer may suspend or

terminate the Agreement by providing written notice to MailerLite.


11. Cooperation

11.1. MailerLite’s Services provide Customer with controls that Customer may use

to retrieve, correct, delete or restrict Customer Data, which Customer may use to

assist it in connection with its obligations under Data Protection Laws, including

responding to requests from data subjects or applicable data protection

authorities. Requests from Data Subjects may include the Data Subject's right of

access, right to rectification, restriction from Processing, erasure ("right to be

forgotten"), data portability, and object to the Processing.

11.2. To the extent that Customer is unable to independently access the relevant

Customer Data within the Services, MailerLite will, at Customer's expense, provide

reasonable cooperation to help Customer respond to any requests from Data

Subjects or applicable data protection authorities relating to the Processing of

Personal Data under the Agreement. In the event any such request is made

directly to MailerLite, MailerLite shall not respond to such communication directly

without Customer's prior authorization unless legally compelled to do so. If

MailerLite is required to respond to a request, MailerLite shall promptly notify

Customer and provide it with a copy of the request unless legally prohibited from

doing so.

11.3. To the extent MailerLite is required under Data Protection Laws, MailerLite

shall, at Customer's expense, provide reasonably requested information regarding

the Services to enable Customer to carry out data protection impact assessments

or prior consultations with data protection authorities as required by Data

Protection Laws.

11.4. If a law enforcement agency sends MailerLite a demand for Customer Data

(for example, through a subpoena or court order), MailerLite shall attempt to

redirect the law enforcement agency to request that data directly from Customer.

As part of this effort, MailerLite may provide Customer’s basic contact information

to the law enforcement agency. If compelled to disclose Customer Data to a law

enforcement agency, MailerLite shall give Customer reasonable notice of the

demand to allow Customer to seek a protective order or other appropriate

remedies unless MailerLite is legally prohibited from doing so.


12. Security Reports and Audits

12.1. Upon request, MailerLite shall supply, on a confidential basis, a copy of its

audit reports to Customer, so that Customer can verify MailerLite's compliance

with the audit standards and this Agreement.

12.2. MailerLite shall also provide written responses, on a confidential basis, to all

Customer’s reasonable requests for information to confirm MailerLite's compliance

with this Agreement.

12.3. Upon becoming aware of any unauthorized or unlawful breach of security,

MailerLite shall notify Customer without undue delay and shall provide timely

information as it becomes known or as is reasonably requested by Customer.


13. Return or Deletion of Customer Data

13.1. Upon termination or expiration of the TOS and/or Agreement, MailerLite

shall, at Customer's request, delete or return to Customer all Customer Data in its

possession or control. This requirement shall not apply to the extent MailerLite is

required by applicable law to retain some or all of the Customer Data, or to

Customer Data it has archived on backup systems, which Customer Data

MailerLite shall securely isolate and protect from any further processing, except to

the extent required by applicable law.

13.2. The customer is responsible for any costs arising from the deletion of

Customer Data after the termination or expiration of the TOS.


14. International Transfers

14.1. MailerLite may transfer and process Customer Data anywhere in the world

where MailerLite or its Sub-Processors maintain data Processing operations.

MailerLite shall at all times provide an adequate level of protection (within the

meaning of Data Protection Laws) for the Customer Data Processed, in accordance

with the requirements of Data Protection Laws.

14.2. If MailerLite Processes any Customer Data protected by Data Protection Laws

under the TOS and Agreement and / or that originates from the EEA, in a country

that has not been designated by the European Commission or Swiss Federal Data

Protection Authority (as applicable) as providing an adequate level of protection

for Personal Data, the Parties agree that MailerLite shall be deemed to provide

adequate protection (within the meaning of Data Protection Laws) for any such

Customer Data by having self-certified its compliance with Privacy Shield. If

MailerLite is unable to comply with this requirement, MailerLite shall inform


14.3. The Parties agree that the data export solution identified in Section 14.2

shall not apply if and to the extent that MailerLite adopts an alternative data

export solution for the lawful transfer of Personal Data (as recognized by GDPR)

outside of the EEA, in which event, the alternative data export solution shall apply

instead, but only to the extent such mechanism extends to the territories to which

Personal Data is transferred.


15. Miscellaneous Provisions

15.1. Parties agree that this Agreement replaces any existing agreements the

Parties may have previously entered into in connection with the Services. If there

is any conflict between this Agreement and the TOS, the relevant terms of this

Agreement take precedence.

15.2. Any claims brought under or in connection with this Agreement are subject

to the terms and conditions, including but not limited to, the exclusions and

limitations set forth in the TOS.

15.3. No one other than a Party to this Agreement, its successors and permitted

assignees shall have any right to enforce any of its terms.

15.4. Any claims against MailerLite under this Agreement shall be brought solely

against the entity that is a Party to the Agreement. In no event shall any Party

limit its liability with respect to any individual's data protection rights under this

Agreement or otherwise. Customer further agrees that any regulatory penalties

incurred by MailerLite in relation to the Customer Data that arise as a result of, or

in connection with, Customer's failure to comply with its obligations under this

Agreement or any applicable Data Protection Laws shall count toward and reduce

MailerLite’s liability under the Agreement.

15.5. This Agreement shall be governed by and construed in accordance with

governing law and jurisdiction provisions in the TOS unless required otherwise by

applicable Data Protection Laws.

IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed by

their authorized representative:



By: UAB “MailerLite”

Name: Gediminas Andrijaitis

Title: Managing Director

Date: May 24th, 2018



By: Freie Autorin

Name: Barbara Rath

Title: Datenschutzbeauftragte

Date: May 24th, 2018



Annex - List of MailerLite Sub-Processors

MailerLite uses a range of third-party Sub-Processors to assist it in providing the

Services (as described in the Agreement). These Sub-Processors set out below

provide cloud hosting and storage services; content delivery and review services;

payment processing; marketing; analytics; data analysis; assist in providing

customer support; incident tracking, response, diagnosis and resolution services;


Entity Name Corporate Location

Telia Lietuva Vilnius, Lithuania

RackRay Vilnius, Lithuania

Amazon Washington, USA

CloudFlare California, USA

DigitalOcean New York, USA

OVH Roubaix, France

HelpScout Massachusetts, USA

Google California, USA

Intercom California, USA

Slack California, USA

250ok Indiana, USA

Dein Lesestoff [-cartcount]