Privacy statement
Last updated: 6 July 2026
This statement describes how ListMailing processes personal data. For newsletter subscriber data, ListMailing acts as a processor; the customer sending the newsletters is the controller. For customer account data, ListMailing is itself the controller.
What data we process
- Account data: name, email address, hashed password, two-factor settings.
- Subscribers/contacts: email address, first and last name, subscription status and date, unsubscribe reason.
- Sending data: delivery status, bounces, complaints and (if enabled) open and click events per newsletter.
- Security logs: IP address, browser information and request data for blocked bot/spam attempts.
- Payment data: payment references and amounts (handled by Mollie).
Legal basis and purpose
- Performance of the contract (providing the service, sending newsletters).
- Consent (double opt-in) for receiving newsletters and for open/click statistics.
- Legitimate interest (security, abuse prevention, billing).
Sub-processors
We use the following parties. All data storage takes place within the EEA.
| Party | Purpose | Location |
|---|---|---|
| Amazon Web Services (SES/S3/CloudFront) | Email delivery and image storage | EU (Frankfurt) |
| Hetzner | Server hosting | Germany (EEA) |
| Mollie | Payment processing | Netherlands |
| Sentry | Error tracking | US (with EU SCCs/DPF) |
| Matomo (self-hosted, amphora.nl) | Website analytics (anonymised) | EEA |
Retention periods
- Security logs (bot blocks): 90 days.
- Per-recipient sending logs: 180 days.
- Account and contact data: for as long as the account/subscription exists, then deleted on request.
Your rights
You have the right to access, rectify and erase your data. Subscribers can unsubscribe from every newsletter. Requests can be directed to the sender of the newsletter; for account data, contact us via the details on our website. You may also lodge a complaint with the Dutch Data Protection Authority.