“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
“EEA” includes all current member states to the European Union and the European Economic Area.
“Process”, in respect of personal data, includes to collect, store, and disclose to others.
“Customer”, where the context permits, means the person or entity that uses the Services to run its marketing or retention campaign.
TABLE OF CONTENTS
- CATEGORIES OF PERSONAL DATA WE COLLECT
- FOR WHAT PURPOSES WE PROCESS PERSONAL DATA
- UNDER WHAT LEGAL BASES WE PROCESS YOUR PERSONAL DATA (Applies only to EEA-based users)
- WITH WHOM WE SHARE YOUR PERSONAL DATA
- HOW YOU CAN EXERCISE YOUR PRIVACY RIGHTS
- AGE LIMITATION
- INTERNATIONAL DATA TRANSFERS
- DATA RETENTION
- HOW “DO NOT TRACK” REQUESTS ARE HANDLED
- CONTACT US
1. CATEGORIES OF PERSONAL DATA WE COLLECT
We collect data you give us voluntarily (for example, when you send us an email). In most cases, we receive data about you from the Customers (which obtained your data, for example, when you registered for their services). In addition, we collect data automatically (such as, for example, web beacons).
1.1. Data you give us voluntarily
You provide us information about yourself when you send us an email or communicate with us in any other way.
1.2. Data provided to us by third parties
We receive certain information (such as your name, date of birth, gender, online status, registration data, interactions with other users of the product etc.) from the Customers on whose behalf the Services are provided. In all such cases we act as a data processor and follow the instructions of the Customers. While providing the Service, we assume that and expect the Customers’ compliance with the data protection laws applicable to them. Abidance by such requirements is also an important representation of the Customer under our Terms and Conditions of Use.
1.3. Data we collect automatically:
1.3.1. Usage data
We record how you interact with our Service. For example, we use web beacons (also called pixel tags), on our Websites and in our emails. Web beacons track users’ behavior (such as opening the emails and clicking the links). This allows us to measure the performance of our email campaigns and to improve our features for specific segments of customers.
A cookie is a small text file that is stored on a user's computer for record-keeping purposes. Cookies can be either session cookies or persistent cookies. A session cookie expires when you close your browser and is used to make it easier for you to navigate our Service. A persistent cookie remains on your hard drive for an extended period of time. We also use tracking pixels that set cookies to assist with delivering online advertising.
Cookies are used, in particular, to automatically recognize you the next time you visit our Website. As a result, the information, which you have earlier entered in certain fields on the Website may automatically appear the next time when you use our Service. Cookie data will be stored on your device and most of the times only for a limited time period.
2. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA
We process your personal data:
2.1. To provide our Service
This includes enabling you to use the Service in a seamless manner and preventing or addressing Service errors or technical issues.
2.2. To communicate with you regarding your use of our Service
2.3. To research and analyze your use of the Service
2.4. To send you marketing and retention communications on behalf of the Customers
We process your personal data for marketing and retention campaigns. As a result, you will receive information about certain Customer’s products, such as for example, special offers. If you do not want to receive marketing emails from the Customer, you can unsubscribe following instructions in the footer of the marketing emails.
2.5. To enforce our Terms and Conditions of Use and to prevent and combat fraud
We use personal data to enforce our agreements and contractual commitments, to detect, prevent, and combat fraud. As a result of such processing, we may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with our Terms and Conditions of Use).
2.6. To comply with legal obligations
We may process, use, or share your data when the law requires it, in particular, if a law enforcement agency requests your data by available legal means.
3. UNDER WHAT LEGAL BASES WE PROCESS YOUR PERSONAL DATA (Applies only to EEA-based users)
In this section, we are letting you know what legal basis we use for each particular purpose of processing. For more information on a particular purpose, please refer to Section 2. This section applies only to EEA-based users.
We process your personal data under the following legal bases:
3.1. To perform our contract with you;
Under this legal basis we:
- Provide our Service (in accordance with our Terms and Conditions of Use);
- Customize your experience;
- Provide you with customer support.
3.2. For our (or others') legitimate interests unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data;
We rely on legitimate interests:
- To communicate with you regarding your use of our Service;
- To research and analyze your use of the Service
Our legitimate interest for this purpose is our interest in improving our Service so that we understand users’ preferences and are able to provide you with a better experience;
- To send you marketing communications
The legitimate interest we rely on for this processing is our interest to promote our Service in a measured and appropriate way;
- To enforce our Terms and Conditions of Use and to prevent and combat fraud
Our legitimate interests for this purpose are enforcing our legal rights, preventing and addressing fraud, and unauthorized use of the Service, non- compliance with our Terms and Conditions of Use.
3.3. To comply with legal obligations.
4. WITH WHOM WE SHARE YOUR PERSONAL DATA
4.1. Service providers
We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions. We share your personal information with the following types of service providers:
- Cloud storage providers (Servers.com, Hetzner Online)
- Data analytics providers (Tableu, ReturnPath)
4.2. Law enforcement agencies and other public authorities
We may use and disclose personal data to enforce our Terms and Conditions of Use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.
4.3. Third parties as part of a merger or acquisition
As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
5. HOW YOU CAN EXERCISE YOUR RIGHTS
To be in control of your personal data, you have the following rights:
Accessing / reviewing / updating / correcting your personal data. You may review, edit, or change the personal data that you had previously provided to us y sending us an email at email@example.com.
Deleting your personal data. You can request the erasure of your personal data by sending us an email at firstname.lastname@example.org. When you request the deletion of your personal data, we will use reasonable efforts to honor your request. In some cases, we may be legally required to keep some of the data for a certain time; in such an event, we will fulfill your request after we have complied with our obligations.
Objecting to or restricting the use of your personal data. You can ask us to stop using all or some of your personal data or limit our use thereof by requesting its erasure as described above or sending a request at email@example.com.
Additional information for EEA-based users
If you are based in the EEA, you have the following rights in addition to the above:
The right to lodge a complaint with the supervisory authority.
We would love you to contact us directly, so we could address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work, or where the alleged infringement has taken place.
The right to data portability.
If you wish to receive your personal data in a machine-readable format, you can do so by requesting a copy of your personal data as described above (or send the respective request at firstname.lastname@example.org). The data will be made available to you in the .json file format.]
6. AGE LIMITATION
We do not knowingly process personal data from persons under 16 years of age. If you learn that anyone younger than 16 has provided us with personal data, please contact us at email@example.com
7. INTERNATIONAL DATA TRANSFERS
In particular, if we transfer personal data originating from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission (details availablehere), or (ii) the EU-U.S. Privacy Shield Framework (details available here), or (iii) the European Commission adequacy decisions about certain countries (details availablehere ).
9. DATA RETENTION
10. HOW “DO NOT TRACK” REQUESTS ARE HANDLED
11. CONTACT US
Last Updated: 01 May 2020