Under the General Data Protection Regulation (GDPR), a data controller is defined as the entity that determines the purposes and means of the processing of personal data. In this regard, the user of Mailtrack is the data controller for the processing of personal data relating to communications to recipients sent through the services. This is because it is the user the one who decides on key elements of the processing, such as the type of data collected, the legal basis for its processing or the duration for which the data will be stored. 

This role entails several obligations regarding the processing of such personal data to ensure compliance with GDPR standards, such as the following:

1. The user must ensure that personal data is processed lawfully, fairly, and transparently. This involves informing the recipients about the processing of their data through the service (e.g. email tracking data) or identifying and documenting the relevant legal basis for the processing, such as the consent, contractual necessity, or legitimate interest. 
2. The user, as the data controller, must respond to requests from recipients who exercise their rights in relation to their personal data processed through the services. This includes the right to access their data, rectify inaccuracies, erase data (the right to be forgotten), restrict processing, and data portability. The user must have procedures in place to handle these requests in a timely manner.

Mailtrack, as a data processor under GDPR, is committed to assisting its users in fulfilling their obligations as data controllers. Therefore, in the event of receiving any request from a recipient, Mailtrack will promptly forward such request to the corresponding user. Learn more about managing recipient rights with Mailtrack.