Email marketing with Inxmail

Legally and GDPR-compliant

Legally compliant and fair email is a core component of the Inxmail philosophy. By hosting our solutions in Germany, we meet German data protection standards and provide the technical foundation for legally compliant email marketing. In addition, we support our customers and partners with services focusing on legally compliant email marketing and GDPR guidelines.

  • Software made and hosted in Germany
  • GDPR-compliant order data processing
  • Technical and organisational measures pursuant to GDPR
  • Founding member of the Certified Senders Alliance (CSA)
  • Signatory of the German Dialogue Marketing Association (DDV) email marketing quality standard

We are here for you

Mon.-Fri. 8 am - 5 pm
+49 761 296979-0

Contact us

EU General Data Protection Regulation (GDPR)

The new EU General Data Protection Regulation will bring about several changes for online marketing in general as well as for email marketing in particular. Learn about the changes that will go into effect with the GDPR and what you must do to perform lawful email marketing in the future.

What is the GDPR?

The GDPR is an agreed regulation with the goal of strengthening and standardising data protection rights for EU citizens.

What are the goals?

  • Creating uniform standards in all EU member states
  • Giving individual citizens more control over their data
  • Standardising data protection legislation within Europe

To whom does this apply?

The GDPR applies to everyone who processes the personal data of EU citizens.

Contract data processing agreement (CDPA)

Enter into a contract data processing agreement (CDPA) with every external company that assists you with email marketing and has access to the data of your recipients.

Inxmail provides you with a CDPA that complies with the GDPR. Please feel free to contact us if you have questions about the CDPA.

Contact us

Legal note

Inxmail GmbH assumes no liability for the correctness, completeness and topicality of the information provided in this document. In particular, the information is also general in nature and does not constitute legal advice in any individual case. To solve specific legal cases and questions, please make sure you consult a lawyer.


We collected and answered the most frequently asked questions about the GDPR here.

1. What is the GDPR?

The GDPR is an agreed regulation with the goal of strengthening and standardising the protection rights for the personal data of EU citizens.

2. What are the goals of the GDPR?

  • Creating uniform standards in all EU member states
  • Giving individual citizens more control over their data
  • Standardising data protection legislation within Europe

3. When does the GDPR go into effect?

The GDPR was already agreed on by the EU Parliament on 14 April 2016 and came into force on 25 May 2016. Direct application of the GDPR will become mandatory for all EU member states from 25 May 2018.

4. To whom does the GDPR apply?

The GDPR applies to everyone who processes the personal data of EU citizens.

5. Where does the GDPR apply?

The GDPR applies in all 28 EU member states. It also applies to companies and organisations outside the EU insofar as their data processing affects EU residents.

6. Why does the GDPR exist?

The GDPR supersedes the Data Protection Directive. It closes gaps in the data protection laws of individual EU member states and defines a uniform data protection standard throughout the EU.

7. How will the GDPR change email marketing?

The GDPR calls for the implementation of several new requirements:

  • Declaration of consent
    It will be mandatory to obtain consent for every single use of personal data. This consent must be voluntary, specific, informed and clear. 

    Application example: John Doe actively, voluntarily and expressly consents to downloading a white paper from Inxmail by providing his email address to Inxmail for this purpose.

  • Prohibition of coupling
    The request for personal data must be made individually for each designated use and may not be automatically coupled with other services. 

    Application example: John Doe has agreed to the download of a white paper from Inxmail, but Inxmail may not automatically add him to the recipient list for the Inxmail newsletter.

  • Tracking
    It will be prohibited to draw conclusions about the behaviour of individual newsletter recipients unless they have actively consented to the person-related tracking and processing of their personal data. However, the assignment of an ID (pseudonym) will be permitted. Data that can be directly attributed to a specific person should be saved separately from all other data. The recipient must also always have the option to switch from person-related to anonymised tracking.

    Application example: John Doe switches from personalised to anonymised tracking. Now it is no longer possible to draw conclusions about his behaviour during a statistical analysis. Only general statements can be made about usage behaviour, e.g., “80 per cent of the newsletter recipients clicked the link to in the email“.

  • Age verification
    Personal data of children under 16 years of age cannot be processed unless the parents give their consent.

    Application example: During a newsletter subscription process, a section of text appears for age verification purposes: ‘By subscribing, I confirm that I am over 16.’

  • Duty of disclosure
    Recipients will have the right to view the personal data which the service provider has saved about them for each designated use. This data must be available in a structured and standard technical format.

    Application example: With Inxmail, John Doe has the option to access his data in a profile with a browser. Here he has the option to revoke his consent to person-related tracking, for example, and can also subscribe or unsubscribe to one or several Inxmail newsletters.

  • Right to erasure
    In order to facilitate quick responses to requests for erasure, it must be documented which person-related data is processed at the company, where this data comes from and, if applicable, to whom the data was transmitted.

    Application example: John Doe requests the erasure of his data at Inxmail. The data is deleted automatically from the databases and a confirmation is sent to John Doe.

8. How can you prepare for the GDPR?

You should (have someone) review the following items:

  • Documentation of person-related data in your company
  • Data compilation process (declaration of consent, age verification, documentation etc.)
  • Rights of individuals (revocation of consent, erasure process, duty of disclosure etc.)
  • Data protection (privacy policy, data protection officer etc.)

9. What changes will go into effect at Inxmail?

We implemented all necessary changes for our email marketing solutions. As such, we established the conditions for you to fulfil your obligations under the terms of the GDPR.

10. What opportunities will be created in email marketing by the GDPR?

Since individuals will have more control over the use of their own data, this will give email marketing the opportunity to collect qualified data. Customers who expressly agree to the use of their data will have a great interest in your products or services. This will provide an ideal starting point to approach customers in a targeted way, create customer experiences and sustainably increase customer loyalty as well as your sales.

11. What are the penalties for a breach?

The penalties for data security breaches will be increased drastically:
In the case of a breach, penalties can reach up to EUR 20 million or, if a company has committed the breach, up to four per cent of the worldwide annual sales (depending on which amount is higher).