# GDPR FAQ

> This FAQ explains how Mailrith's GDPR consent tools work, how double opt-in relates to consent, when to ask existing Subscribers for consent, how to store proof, and how to handle Subscriber privacy requests.

- Human page: https://mailrith.com/docs/gdpr-faq
- Markdown page: https://mailrith.com/docs/gdpr-faq.md
- Category: Privacy And Compliance
- Reading time: 15 min read
- Last updated: 2026-06-13
- Related keywords: GDPR FAQ, GDPR FAQ documentation, Privacy And Compliance, Privacy And Compliance documentation, Mailrith documentation, Mailrith help, Intro, International Transfers, Double Opt-In And Consent, When A Checkbox Is Needed, GDPR And Double Opt-In, Proof Of Consent, Consent For Existing Lists, Existing-List Consent Feature, Next Steps, Pre-Checked Checkboxes, Add Consent Checkboxes, Checkboxes And Tags, Audits, Data Not To Store, Delete Subscriber Data, Link To A Privacy Policy, Your Own Privacy Policy, Delete Or Unsubscribe, CCPA: The California Consumer Privacy Act, Forms, Landing Pages, Segments, Tags

## AI Agent Notes
- Use this article as step-by-step Mailrith product guidance, not as legal, financial, or deliverability advice unless the article says so.
- Preserve exact Mailrith UI labels from the steps when explaining a workflow.
- Prefer Mailrith's product term Subscribers when referring to people on an email list.

## What this guide covers
A resource for GDPR questions, Mailrith's GDPR consent tools, proof of consent, existing-list consent, privacy requests, and Subscriber deletion workflows.

## Sections
- Intro
- International Transfers
- Double Opt-In And Consent
- When A Checkbox Is Needed
- GDPR And Double Opt-In
- Proof Of Consent
- Consent For Existing Lists
- Existing-List Consent Feature
- Next Steps
- Pre-Checked Checkboxes
- Add Consent Checkboxes
- Checkboxes And Tags
- Audits
- Data Not To Store
- Delete Subscriber Data
- Link To A Privacy Policy
- Your Own Privacy Policy
- Delete Or Unsubscribe

## Visual Reference
![Mailrith Workspaces page where workspace privacy and consent settings can be configured.](https://mailrith.com/docs/screenshots/workspaces.png)

Workspace owners configure GDPR Consent from the Edit Workspace drawer, then use Segments and the GDPR Consent Link when they need to request consent from existing Subscribers.

## Intro

This article explains how Mailrith's GDPR consent tools work. It is product help, not legal advice.

GDPR, UK GDPR, and Swiss privacy law can apply differently depending on where your business is located, where your Subscribers are located, what data you collect, and how you use that data. Talk to your own attorney if you have questions about your legal obligations.

Mailrith is operated by Rawool Publications in India. You can review Mailrith's [Privacy Policy](https://mailrith.com/privacy-policy.md), [Terms of Service](https://mailrith.com/terms-of-service.md), [GDPR and CCPA overview](https://mailrith.com/gdpr.md), and [DPA](https://mailrith.com/dpa.md).

## How Mailrith Transfers Personal Data From The EU/EEA, UK, And Switzerland To India And Elsewhere

Mailrith is operated from India, so Subscriber Personal Data may be processed in India. Mailrith also sends through customer-owned delivery providers and customer-connected integrations. That means Subscriber Personal Data may also be handled by the SMTP providers, email delivery APIs, webhooks, Zaps, CRMs, AI providers, internal systems, or other tools you choose to connect.

Review these resources before you rely on a transfer setup:

- [Mailrith's DPA](https://mailrith.com/dpa.md)
- [Mailrith's Privacy Policy](https://mailrith.com/privacy-policy.md)
- The privacy and data processing terms for your selected delivery providers and integrations.
- Your own transfer requirements with your attorney.

Mailrith does not decide whether your full setup is compliant.

## Is Double Opt-In Enough To Prove Consent?

Double opt-in helps show that a Subscriber confirmed access to an email address. It does not automatically prove consent for every later purpose.

For example, double opt-in may help show that the Subscriber confirmed they wanted to join your list. It may not prove that they agreed to receive advertising emails, tracking, profiling, or other separate uses unless those purposes were clearly explained when consent was collected.

If you need to prove consent, keep records that show:

- What the Subscriber agreed to.
- When they agreed.
- Where the consent was collected.
- Which form, landing page, import, integration, or API workflow collected it.
- Any wording shown to the Subscriber at the time.

## When Is A Checkbox Needed?

A checkbox may be needed when you rely on consent for a specific purpose and need the Subscriber to take a clear action.

Common examples may include asking for permission to:

- Send marketing email.
- Use data for advertising or personalized marketing.
- Share data with selected providers for a stated purpose.

Whether you need a checkbox depends on your legal basis, your location, your Subscribers' locations, and how you use the data. Ask your attorney if you are not sure.

## Does GDPR Require Double Opt-In?

GDPR does not always require double opt-in. Double opt-in is a product and recordkeeping tool that can help confirm that the email address belongs to the Subscriber.

You may still need separate consent records depending on what you send and how you use Subscriber data. Double opt-in alone does not replace a clear consent request when consent is required.

## How Should I Store Proof Of Consent?

Store proof in a way that you can find later if a Subscriber, regulator, or legal advisor asks about it.

Useful records may include:

- Subscriber email address.
- Date and time of consent.
- IP address, if collected by your form or system.
- Form, landing page, integration, import, or API source.
- Consent language shown to the Subscriber.
- Consent purpose, such as email or advertising.
- Related Tags or Segments.
- Any later withdrawal of consent.

Mailrith uses consent Tags named **GDPR: Email Consent** and **GDPR: Advertising Consent**. These Tags can help you identify Subscribers who have provided those consent types in Mailrith.

## Do I Need To Get New Consent From My Entire List?

Not always. You may already have valid consent or another legal basis for some Subscribers. You may need to ask again if your records are missing, unclear, outdated, or do not cover how you now use the data.

Before contacting your whole list, consider:

- How each Subscriber joined.
- What they were told at the time.
- Whether you can prove consent.
- Whether you changed the type of email or data use.
- Whether the Subscriber is in the EU/EEA, UK, or Switzerland.

Ask your attorney before deciding whether to re-permission all Subscribers.

## Does Mailrith Offer A Feature For Obtaining Consent From An Existing List?

Yes. When workspace **GDPR Consent** is turned on, you can send existing Subscribers a broadcast that includes the **GDPR Consent Link**.

1. Open **Workspaces**.
2. Choose the workspace row.
3. Open the **Edit Workspace** drawer.
4. Scroll to **Privacy & Consent**.
5. Set **GDPR Consent**.
6. Create a **Segment** for the Subscribers you want to ask.
7. Create a broadcast for that Segment.
8. In the email editor, open the **Personalize** menu.
9. Insert the **GDPR Consent Link**.
10. Send the broadcast.

Mailrith can collect consent through signed GDPR consent links in emails when **GDPR Consent** is enabled.

## Next Steps

To ask existing Subscribers for consent, first turn on **GDPR Consent** for your workspace.

1. Open **Workspaces**.
2. Choose the workspace row.
3. Open the **Edit Workspace** drawer.
4. Scroll to **Privacy & Consent**.
5. Set **GDPR Consent** to one of these options: **Don't Ask Anyone**
6. **Ask Only In The EU, UK, And Switzerland**
7. **Ask All Subscribers**

Then create a Segment for the Subscribers you want to contact and send them a broadcast with the **GDPR Consent Link**. You can insert the link from the email editor's **Personalize** menu when workspace **GDPR Consent** is turned on.

Sample re-permission email

**Subject:** Please Confirm You Still Want Emails From Us

Hi,

We are updating our email consent records. If you still want to receive emails from us, please confirm your preferences here:

**GDPR Consent Link**

If you do not confirm, we may stop sending you marketing emails.

Thank you.

Review the wording with your attorney before sending it.

## Can Consent Checkboxes Be Pre-Checked?

Consent checkboxes should not be pre-checked if you are relying on consent under GDPR, UK GDPR, or similar rules that require a clear action from the Subscriber.

A Subscriber should be able to make an active choice. If you are not sure what your form should say or how consent should be collected, ask your attorney.

## How Do I Add Consent Checkboxes To Forms Or Landing Pages?

Mailrith's GDPR consent tools are set at the workspace level.

1. Open **Workspaces**.
2. Choose the workspace row.
3. Open the **Edit Workspace** drawer.
4. Scroll to **Privacy & Consent**.
5. Set **GDPR Consent** to: **Don't Ask Anyone**
6. **Ask Only In The EU, UK, And Switzerland**
7. **Ask All Subscribers**

When **GDPR Consent** is enabled, Mailrith can collect consent through a Mailrith-hosted consent page after supported form or landing-page opt-ins.

If you collect Subscribers through imports, integrations, API workflows, or forms outside Mailrith, make sure your source system collects and stores the consent records you need.

## Do I Need A Checkbox For Every Tag In My Account?

Usually, consent should match a clear purpose, not every internal Tag.

For example, you may need consent for email marketing or advertising use. You usually do not need a separate checkbox just because you use Tags to organize Subscribers internally.

Mailrith uses consent Tags named **GDPR: Email Consent** and **GDPR: Advertising Consent**. For other Tags, decide whether they represent a separate purpose that needs separate consent. Ask your attorney if you are unsure.

## What Happens If I Get Audited?

If you are audited or receive a legal request, you may need to show how you collected, stored, and honored consent.

You can use Mailrith tools such as Subscriber filters, Segments, Tags, exports, unsubscribe handling, and privacy-request support paths to help gather records.

You may also need records from systems outside Mailrith, including your SMTP provider, email delivery API, webhook tools, Zaps, CRM, AI providers, internal systems, forms, landing pages, or import sources.

Mailrith does not decide whether your records are legally enough. Work with your attorney.

## What Type Of Data Can I Not Store In Mailrith?

Mailrith is not designed for special category data, health records, payment card numbers, government identity numbers, passwords, children's data, or similarly sensitive information.

Do not place that type of information in:

- Subscriber fields.
- Forms.
- Landing pages.
- Automations.
- Email content.

Use systems designed for sensitive data if your business needs to collect it.

## A Subscriber Asked Me To Delete Their Data. How Do I Do That?

First, verify the request using your own privacy process.

Then review where the Subscriber's data exists. Mailrith may hold Subscriber data in your workspace, but the same data may also exist in customer-connected providers such as SMTP providers, email delivery APIs, webhooks, Zaps, CRMs, AI providers, and internal systems.

If you need Mailrith support for a privacy request, email **support@mailrith.com** and include:

- Workspace name.
- Subscriber email address.
- Request type.
- Verification status.
- Due date.

Do not include sensitive information that is not needed for the request.

## Do I Need To Link To My Privacy Policy On My Form? How Do I Do That?

You may need to show Subscribers your Privacy Policy when you collect their information. Whether it is required for your exact form depends on your business and applicable law.

Use clear form or landing page text that tells Subscribers what they are signing up for and links to your Privacy Policy.

**Example:** By signing up, you agree to receive emails from us. You can unsubscribe at any time. Read our Privacy Policy: [your privacy policy link]

Ask your attorney what wording your form should use.

## Do I Need To Have My Own Privacy Policy?

In most cases, if you collect Subscriber Personal Data, you should have your own Privacy Policy that explains what you collect, why you collect it, how you use it, who you share it with, and how people can contact you.

Mailrith's Privacy Policy explains how Mailrith handles data. It does not replace your own Privacy Policy for your business.

Talk to your attorney about what your Privacy Policy should include.

## Should I Delete Subscribers Or Unsubscribe Them?

Use unsubscribe when the Subscriber no longer wants marketing email but you still need to keep a limited record, such as suppression or compliance history.

Use deletion when the Subscriber has requested deletion and you have verified that request, unless you need to keep certain data for a valid legal or business reason.

Before deleting, check whether the Subscriber's data also exists in connected providers or internal systems. Deleting or changing a Subscriber in Mailrith may not remove data from customer-connected providers outside Mailrith.

## Related Guides
- [CCPA: The California Consumer Privacy Act](https://mailrith.com/docs/ccpa-the-california-consumer-privacy-act.md): This article explains how CCPA and CPRA concepts can affect Mailrith customers, what Subscriber data may count as personal information, how Mailrith can help with access or deletion requests, and where to review Mailrith's DPA.
- [Forms](https://mailrith.com/docs/forms.md): Forms collect subscribers directly into Mailrith. Combine email capture, custom field inputs, and tag assignment in one builder. Then embed the form on any website with a single code snippet.
- [Landing Pages](https://mailrith.com/docs/landing-pages.md): Landing pages give campaigns a focused public page for signups, registrations, waitlists, downloads, or announcements. This guide covers page creation, block editing, styling, form capture, sharing, and reporting.
- [Segments](https://mailrith.com/docs/segments.md): Segments define reusable subscriber rules that stay current without manual maintenance. Use segments to target broadcasts, filter sequence emails, and build complex nested conditions from simple building blocks.
- [Tags](https://mailrith.com/docs/tags.md): Tags are a fast way to categorize subscribers. Apply tags through imports, forms, automations, and magic links. Then use those tags as targeting filters anywhere you send email in Mailrith.
