Proper Check

Conformité

Guide de conformité pour la vérification d'e-mails

Pour les responsables de traitement : base légale, sources de listes, résultats et marketing après vérification.

Prestataire de services

Les services électroniques sur propercheck.pl sont fournis par :

  • ZORDON INTELLIGENCE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
  • KRS: 0001190915
  • NIP: 7252358503
  • REGON: 542545843
  • Phone: 576 895 831
  • kontakt@propercheck.pl

Why compliance matters

Email verification often involves personal data (e.g. jan.smith@company.com). Processing such lists — even a technical “does this mailbox exist?” check — is governed by GDPR and electronic communications rules when you use results for marketing or sales. Violations can lead to administrative fines and liability toward the people whose data you process.

Controller vs processor — roles in EmailVerifier

When using the verification service:

  • You (or your company) are the controller of the email addresses you submit — you decide the purpose, legal basis, and how long you keep results on your side
  • EmailVerifier (ZORDON INTELLIGENCE sp. z o.o.) acts as processor — it processes addresses only on your instructions to deliver verification, under our terms and DPA on request
  • We do not sell address databases, build a public people directory, or share your lists with other clients
  • After a job completes, files and results are kept for the period defined in our terms, then deleted from our systems

Legal basis for list verification

Typical legal bases when verifying (you choose them as controller):

  • Contract performance (Art. 6(1)(b) GDPR) — verifying addresses of customers or partners in the course of your service
  • Legitimate interest (Art. 6(1)(f) GDPR) — e.g. list hygiene, limiting bounces, protecting sender reputation; requires an LIA and objection rights
  • Consent (Art. 6(1)(a) GDPR) — when addresses come from marketing forms; verification should be described in your privacy notice
  • EmailVerifier does not assess whether your legal basis is valid — that is your responsibility as controller

Where you may legally source lists

The service verifies addresses you are allowed to process. Permitted sources include:

  • Your own lists from sign-up forms, CRM, e-commerce, or events (with an appropriate legal basis)
  • B2B contact lists collected in the course of a commercial relationship
  • CSV/XLSX imports whose origin and legal basis you can document
  • Not permitted: scraping public people directories, buying “ready-made email lists” without a legal basis, verifying lists obtained in breach of GDPR or telecom rules

What you may do with verification results

  • Remove or quarantine invalid, disposable, and risky addresses before campaigns
  • Segment the list (valid / catch-all / unknown) according to your risk policy
  • Store results in CRM or email tools for a period justified by your purpose
  • Share results only with parties acting on your instructions (e.g. agency under a DPA)
  • You may not: resell verified lists, publish people catalogues, or use the service to build lead databases for third parties without data subjects’ knowledge

Marketing after verification — consent, opt-out, commercial rules

Technical verification does not replace marketing consent. If you plan to send after verification:

  • B2C — prior consent for commercial information is usually required (or another valid basis under local law)
  • B2B — legitimate interest is often used, but content must relate to the recipient’s business; personal addresses (sole traders, named employees) need extra care
  • Every message should identify the sender, include GDPR information (or a link), and offer an easy opt-out
  • Addresses marked invalid or objected under Art. 21 GDPR should not receive further messages
  • Objection form when EmailVerifier processes your contact data: /rodo-sprzeciw (PL locale path)

Information obligation (Art. 14 GDPR)

When you obtain personal data not directly from the person (e.g. partner list, B2B import), you must provide information within a reasonable time. Minimum scope:

  • Controller identity (your company) and contact details
  • Purpose (e.g. list quality verification, B2B newsletter)
  • Legal basis and data source (where the address came from)
  • Retention period and data subject rights (access, rectification, erasure, objection, complaint to the supervisory authority)
  • Notice that technical verification is performed by processor EmailVerifier in the EU

Data minimisation and retention

  • Submit only email addresses needed for verification — avoid unnecessary personal columns in CSV if not required
  • Delete verification results on your side when they are no longer needed for your purpose
  • In the EmailVerifier dashboard you can export and delete jobs per our terms; you can delete your account in settings
  • Document retention periods in your record of processing activities (Art. 30 GDPR)

Suppression lists, bounces, and sender reputation

Verification supports list hygiene; it does not replace sending policy:

  • Treat invalid status as a signal for permanent suppression
  • Catch-all and unknown require your own risk policy — bulk sending without safeguards can harm domain reputation
  • Respect objections and unsubscribes — sync them across CRM, email tool, and files imported to EmailVerifier
  • Do not use the service to “refresh” spam lists or bypass mailbox provider blocks

Record of processing activities

If you regularly verify large lists or run B2B marketing, maintain a record (Art. 30 GDPR). An entry for verification should include:

  • Purpose: list quality verification / campaign preparation
  • Data categories: email addresses, result metadata (status, score, date)
  • Recipients: EmailVerifier (processor), optionally CRM or agency (under a DPA)
  • Deletion deadlines and security measures (HTTPS, dashboard access control, API keys)

Safe use recommendations

  • Before your first bulk verification, confirm you have a legal basis and documented list origin
  • Start with a sample (sandbox / small job), review results, then verify the full list
  • Limit dashboard and API key access — rotate tokens when the team changes
  • With agencies, sign a DPA (Art. 28 GDPR) covering verification results too
  • Before campaigns above a few thousand recipients, consider legal advice
  • Document decisions (LIA, list source, retention) — it helps in case of an audit

Liability

EmailVerifier provides a technical mailbox verification tool. We do not guarantee that your use of lists or results is lawful — as controller you decide whether the data source, legal basis, and follow-up marketing are compliant. By using the service you confirm you may process submitted addresses and will not use results in breach of GDPR, commercial communication rules, or EmailVerifier terms.

Étape suivante

Lancez des campagnes avec une liste propre — pas un piège à rebonds.

Créez un compte et obtenez des crédits d'essai gratuits. Importez CSV ou vérifiez une adresse — sans appel commercial.

Crédits gratuits pour démarrer Export CSV avec statuts Facture TVA automatiquement
à partir de quelques centimes par vérification Créer un compte gratuit