Privacy Policy
As expressly required by the GDPR, when you use our services you can exercise your rights at any time and in total transparency. We invite you to read carefully the following instructions and to pay close attention.
We are always very attentive to the privacy and security of our customers all over the world, so we have taken steps to ensure the safest and most transparent service possible. That includes extending our privacy policy to meet the 2016/79 EU Regulation which came into force on May 25th.
By using our websites and our services, you understand and consent to the collection, storage, processing and transfer of your information to our facilities in the United States as well as to third parties. Those third parties are able to use that data according to the terms and methods described in this statement.
To protect the data of European citizens entered into our systems by our users, we apply a model of Data Privacy Agreement (DPA). We indicate the methods of treatment, cooperation and the conditions of service that we have adopted.
Registered users in the EU (whether subscribers or users of free versions) who use our email marketer for commercial purposes must join our DPA to continue using our applications.
As data controllers we guarantee compliance with the rules concerning the protection of personal data. We provide all useful information about the processing of data, both information communicated directly and voluntarily and any information collected by the system while navigating on the site and using our services.
Specifically, the data processor for us. is its pro-tempore administrator, assisted by the Data Protection Officer (DPO), who guarantee compliance with the rules imposed by the GDPR.
When you use our services, you can import data into your system together with the personal information you have collected from your subscribers or from other people. In this case, because we have no direct relationship with your members or anyone other than you, you become the data controller. It will be your job to make sure that you have the appropriate authorization to collect and process information related to the various subjects.
- In a manner consistent with the use of processed personal data, you enter into a Data Policy Agreement (DPA) with us as a service provider for your subscribers through our platforms. The agreement serves to ensure the correct use of data with the appropriate guarantees which we provide to you as the data processor.
In this case we will keep personal data, processed on behalf of our users, for as long as necessary in order to:- provide our services
- fulfill our legal obligations;
- resolve disputes;
- prevent abuse;
- enforce our agreements.
In the specific case where we are the data controllers for a European citizen we designate an EU representative to act on behalf of us during the cooperation phases with the control authorities.
Our vital task is to give you the best support.
For European customers, we will also issue billing and minimize the transfer of data to and from the United States.
We are awaiting approval to issue a certificate of compliance with the EU-US Privacy Shield Framework. We are committed to submitting all personal information received from EU member states so that they apply with the principles of the Privacy Shield Framework.
For more information on Privacy Shield Frameworks, please visit the Privacy Shield website of the US Department of commerce
Data collected by our applications automatically during your activities on the site and while using our services
- When you use our services or browse on one of our websites, our system log files may collect information about you, such as:
- your IP address;
- your operating system;
- your ID and your browser type;
- GPS coordinates.
Even your browsing activity on our site can be traced, through:
- tracking technologies (such as Google Analytics) or similar on our website that are used to analyze trends, administer the website, track how users use the website and propose targeted advertising;
- cookies, to optimize your browsing preferences.
When we send an email to the subscribers of a service or a list of contacts, web beacons or pixel tags enable us to track certain actions. The proprietary tracking technologies contained in our emails allow us to measure the performance of email campaigns and improve the functionality offered to specific user segments.
Web beacons let you gather information about when a user opens an email, their IP address, browser, email clients and other similar details. We also include web beacons in emails that are not subject to mass submission.
The collected data is used to provide reports on how your email campaign was executed and delivered, and the actions the subscribers of your contact list have undertaken.When you contact and interact with us, we also collect data that you have shared with technical assistance or customer care while using our electronic systems (online chat, forum, telephone). This information is collected as:
- part of the log files;
- a third-party database of suppliers.
For your peace of mind, we specify that these data are not accompanied by any additional personal information and are used to:
- derive anonymous statistical information;
- control usage needs;
- determine responsibility in the event of hypothetical computer crimes;
- track requests for assistance to ensure the rapid delivery of comprehensive solutions;
- learn how and when you use our services, applications and software in order to improve them, both for you and for all our users.
Data provided voluntarily for the use of the services
- In many cases we collect information that you voluntarily provide in order to fulfil a request, specifically when:
- you sign up to use our services, applications and software;
- request support from our customer support team;
- write to us by email;
- complete a contact form (or other form);
- integrate services with another website or web service;
- communicate with us in any way (including by telephone).
This information may include your name and surname, your client name, physical address, email address, telephone number, details of gender, occupation, location, purchase history and other demographic information.
By providing this information, you consent to the fact that it is collected, used, transferred to the United States and stored by us, as described in our DPA and this Privacy Policy.
Consent to the processing of data
- We have provided a declaration of consent to the processing of data, prepared in an understandable and easily accessible form, without harassment clauses. You can always make an authentic, free choice.
In expressing or denying consent you must take into account:- the need to comply with the legal obligation to which we are subject as the data controller;
- the need to execute a contract to provide a service in which you have expressed an interest;
- possible pre-contractual measures to execute requests for quotes or to use demonstration versions.
You will always have the opportunity to give your consent by a positive and unequivocal act in which you express your free, specific and informed intent to accept the processing of personal data about you.
Depending on the situation, “positive and unequivocal act” means:- a written paper declaration;
- a communication through electronic means (for example, forms completed online) or paper;
- an oral communication with a registered procedure.
If the communication takes place by completing a contact form (or any other form) on the website, you must actively select a specific box that clearly indicates that you have intentionally accepted the proposed treatment.
In other cases you will have to check a box printed on a paper form, or you must expressly state the word “YES” during an oral communication in response to a request by the person in charge of the processing of your data. The action will be recorded and will be proof of your consent.
You may at any time decide to avoid processing data according to the rules of the GDPR and the conditions of opportunity.
Data retention – Times and methods of treatment
- We do our best to keep your data accurate, up-to-date, and limited to the information you provide. We will keep your information for as long as your account is active or for the time necessary to provide our services.
We may also retain and use your information to comply with our legal obligations, resolve disputes, prevent abuse and enforce our agreements.
The data we collect to meet our contractual obligations, and the information about how and when you use our services are stored in active databases, log files or other types of duly protected and encrypted data storage systems.
In particular:- personal data to fulfill the contractual conditions will be stored in management databases protected on our servers for the entire period of the agreement;
- personal data collected and related to contractual and billing obligations are stored by secure backup on our servers, for a period of 5 years following the termination of the contractual relationship: termination of the contractual relationship means the explicit termination of the contract by the user, us or the non-use of services for a period defined in the DPA;
- personal data collected to access our services, applications and software, whether purchased services, demonstrations or searches made following access by username and password of the individual’s account, will be stored on our servers via a database accessible from an active account. Subsequently, they will be stored by means of secure backup on our servers for as long as you use the service, or stored for 12 months in case of cancellation.
We did not require to store all your data forever. You will be able to access some of the data until you have an active contract, whether paid or free, and for a period that varies with the type of data in question and the plan signed. The information we store may include statistics relating to your account, the content of your emails, contact lists, etc.
The data received for a business contact, such as a Curriculum Vitae, will be archived and duly protected on the PC in the dedicated folders of Human Resources personnel, for the period of time necessary to complete the personnel selection operations.
The data received from the contact form for general information will be processed in the ways and times provided to give feedback to the type of contact. During that period, the information will be stored and accessible only to staff.
Data transfer from the EU
Some of our servers are located in the US so your information can be transferred, stored or processed outside the EU.
We assure you that you have already set up all the mechanisms within your business group to ensure the verification of compliance with the binding corporate rules. These mechanisms include checks on data protection, as well as methods to ensure adequate security and protection of the data subject’s rights. Your data will be processed exclusively by us.
Because our offices are also located in the United States, some of the accounts could be processed at these locations and in accordance with the GDPR. As a result, we have appointed the eDisplay company for the EU.
Data present in the contact lists of our customers
When you use our services, we have access to the information contained in the email contact lists of your account, as well as to the subject and content of the emails you send.
This data is stored on secure servers. Only a limited number of people are authorized to access that data, specifically to provide support services.
You can easily retrieve your contact lists from your accounts at any time using the export procedure. You can also change and/or delete contacts at any time from your accounts.
In no case will we sell, share or lease your contact lists to third parties, or use them for purposes other than those set out in this policy statement. We will use information from your contact lists only for legal requirements, for invoices and possibly for aggregate and non-systematic statistics, in order to provide you with the best services.
Remember that you are the creator of your contact lists and associated email campaigns so you are considered the data controller under the GDPR. We act only as a data processor.
Cookies
- Some of our Web pages utilize “cookies” and other tracking technologies. A “cookie” is a small text file that may be used, for example, to collect information about Web site activity. Some cookies and other technologies may serve to recall Personal Information previously indicated by a Web user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them.You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser, but please note that if you choose to erase or block your cookies, you will need to re-enter your original user ID and password to gain access to certain parts of the Web site.
Tracking technologies may record information such as Internet domain and host names; Internet protocol (IP) addresses; browser software and operating system types; clickstream patterns; and dates and times that our site is accessed. Our use of cookies and other tracking technologies allows us to improve our Web site and your Web experience. We may also analyze information that does not contain Personal Information for trends and statistics.
Purpose and goal of data processing – Legal basis as data controller
- We process your information to pursue our goals and those of third parties, applying appropriate safeguards to protect your privacy.The main purpose of collecting personal data is to offer a safe, optimal, efficient and personalized experience. To achieve this goal we inform you that we pursue legitimate interests, as foreseen by article 6 of the GDPR on the lawfulness of data processing: “It is also a legitimate interest of the data controller concerned to process personal data strictly necessary for fraud prevention purposes. It may be considered legitimate interest to process personal data for direct marketing purposes.”We assure you that your data will be used only for the following purposes:
- To promote the use of our services. When you request information or register for free services, leaving us your data, we may contact you by phone or send you an email:
- to ask for your feedback;
- to propose that you register for one of our services, applications or software.
If you already use one of our services (free or paid) and we believe you could benefit from using another delivery service, application or software, we could send you an email about that opportunity or contact you to send you information and promotional content in compliance with your marketing preferences.
- To invoice or send payment notices. We may use your information to send you emails with invoices, receipts, or insolvency notices. We use third parties to process credit card transactions securely and send invoicing data to those third parties to process your orders and payments.
- To send you system warning messages. You may receive communications regarding services, applications or email marketer software you use. The purpose is to warn you in case of:
- temporary or permanent changes to our services, applications or software;
- change of conditions of use;
- scheduled breaks;
- new features;
- version updates;
- notices of abuse or data breach (also called “data breach”);
- updates and changes to our Privacy Policy.
- To provide assistance. We may communicate with you, or with members of your contact list, to provide assistance and support regarding the services, applications and software used.
- For legal reasons. You may receive communications from a legal nature, such as compliance with court orders.
- To provide information to representatives and consultants, including lawyers and accountants. We may need to use your information in order to comply with the legal, accounting or security requirements as described by law.
- To respond to legitimate requests from public authorities. If a public authority were to make a legitimate request, motivated by compliance with national security requirements or by law enforcement, your data could be used.
- To transfer your information in the event of sale, merger, consolidation, liquidation, reorganization or acquisition. In this case, any purchaser will be subject to our obligations under this Privacy Policy, including access and selection rights. We will notify you of the change by sending you an email or posting a notice on our website.
- To promote the use of our services. When you request information or register for free services, leaving us your data, we may contact you by phone or send you an email:
When we share your information – Recipients of the data
- The personal data that we collect are meant to provide our commercial, accounting and technical assistance services. They could also be sent to contracting companies that we use to execute services, such as eDisplay Srl, a company that represents us in the EU.
Personal data cannot be transferred to third parties for marketing purposes without your explicit consent. The disclosure to third parties of personal data, which you have provided us, can only take place in the following cases:- with permission from you;
- at the request of competent legal authorities for judicial inquiries or in the context of a judicial dispute.
Purpose and goal of data processing as a responsible B2B user
- When you use our services, you can import into our system the personal information you have collected from your subscribers or other people. We have no direct relationship with your subscribers so it is your job to ensure that you have the appropriate authorization for the collection and processing of data relating to those subjects.
In line with the GDPR, we may transfer your personal information or subscriber information to companies that support us and help us to ensure our services.
For statistical or research purposes we may categorize the information collected through our services. Specifically:- data that you have provided to us directly;
- data collected by you;
- data collected by the members of your lists in an indistinct way.
Data processed to provide, support and improve the services we offer and to make suggestions
- We collect data for legitimate and accurate purposes:
- to offer better services and to provide you with more accurate statistics that help you increase the performance of your campaigns and the percentage of email delivery;
- to add new features, in order to guarantee the best offer to our users;
- to suggest products or services that may be interesting or that may be relevant to you or to subscribers of your lists. (Some of these suggestions are generated by our “data science” algorithms.)
Profiling allows us to combine personal information with other information we collect or obtain from you (such as information from our partners who manage credit card payments), to serve you in a personalized way according to your preferences or restrictions, or for advertising or targeting purposes in accordance with this Privacy Policy.
When we combine personal information with other information in this way, we treat that information scrupulously to ensure that all security measures are applied to the processing of personal data as described in this Notice.
Profiling
We also use your data for direct marketing purposes. You can at any time refuse this type of activity. You are and always will be informed on how, where and when we adopt this measure.
Our services contain no automatic action that can affect you legally or significantly.
Right of access, rectification, and opposition
- We have established mechanisms and procedures that, at any time and for legitimate reasons, guarantee you the ability to:
- oppose the processing of data;
- request cancellation, modification or updating of all your personal information in our possession.
-
email marketer also lets you change your data whenever you want by accessing your profile through our portals or by contacting us at the email address indicated in the privacy section of the website to which the specific service refers.
You can unsubscribe from our newsletter or choose not to receive commercial communications via email. Just use the unsubscribe link included in every email.
You can forward requests for the cancellation, modification or updating of all personal information electronically using the appropriate forms or by informing us by email.
These requests will be processed within a maximum period of 30 days, unless there is a justified delay.
If we are the data processor, according to the cooperation principle, we will help the data controller to implement the requests mentioned above.
Right to be forgotten
We have generated all the necessary procedures to guarantee your right to be forgotten, which allows you to correct your personal data.
In response to your legitimate request we will delete your data which will no longer be subjected to any type of processing. Nor will we use your data for any purpose other than those necessary for which the data were previously collected or processed.
You have the right to withdraw your consent or oppose the processing of data if you believe that the latter does not comply with this regulation.
To take advantage of this right you will have to prove that you are eligible to make the request by sending us documents proving your identity. Please remember to explain your decision.
Once we have received your communication, we will respond as soon as possible to confirm and demonstrate the cancellation of your data.
Right to data portability
To further strengthen the control of any data processed automatically, you will have the right to download such data from our applications.
The data will be available in a structured format, commonly used and readable by an electronic device (such as computers, smartphones, tablets, etc.)
The files with your personal data can be transmitted to another similar data controller, ensuring your right to data portability.
Right of withdrawal of consent to data processing
If you no longer wish to receive our promotional emails, you can follow the instructions for removal from our contact list included in each email.
Remember: the withdrawal of consent to the processing of data, limited to the use of a service offered free of charge, suspends ipso jure the supply.
Right of withdrawal of consent to the processing of data for members of customer lists
If you have subscribed to the contact list of one of our users, we remind you that we are solely responsible for data processing. The user is the data controller, and it is up to that user to delete or update your data.
If you no longer wish to receive communications sent by one of our users, we invite you to unsubscribe via the link available in the email you received, or contact the user in question directly to make your request.
A request made to us to revoke your consent to the processing of your data, will be reported to the user who has your contact information in their list. That user will have to remove or update your data.
Technical measures
We assign the utmost importance to the security and integrity of your personal data.
In accordance with the GDPR, we commit ourselves daily to take all the necessary precautions to preserve the security of your data and, in particular, to protect them from:
- accidental or illicit destruction;
- accidental or illicit loss;
- accidental or illicit corruption;
- circulation or disclosure to unauthorized persons;
- unauthorized access;
- unlawful processing.
To this end, we have adopted industry-standard technical security measures, including:
- a multilevel firewall;
- proven antivirus and intrusion detection software;
- encrypted transmission of data through SSL / HTTPS / VPN technology.
To protect personal data from unauthorized disclosures, we have used specially developed coding methods, as well as algorithms that ensure the security of transactions, accesses and data backups.
We guarantee the accuracy and correct use of data:
- with appropriate electronic, physical and management procedures in order to safeguard and preserve the data collected through our services;
- with the appropriate training of any staff members who have obtained specific authorization to access the data in compliance with the provisions of the GPDR.
However, there is no absolute defense against piracy attacks or hackers. In the event of a breach of security (a “data breach”), we are committed to informing you without undue delay and will work to the best of our ability to neutralize the intrusion and minimize the impact. In the event that you suffer a loss due to a security breach, we are committed to providing you with all the assistance you need to be able to assert your rights.
If, in an exceptional case, the loss suffered was due to a serious fault by us, we will provide compensation within the limit of liability provided by our General Conditions of Use.
If a user, a subscriber to contact lists or a hacker discovers and takes advantage of a security breach, such a person is responsible for prosecution. we will take all measures, including the filing of a complaint and/or legal action, to preserve the data and rights of its users and ourselves, and to limit any effects.
The aforementioned measures are those that we adopt for the protection of your data. As the user of our services, applications or software, you must perform the following actions:
- check the authentication of people accessing the data;
- use a unique and sufficiently secure password, remembering to change it regularly and to never leave it unattended;
- make sure that you take security measures for data that are processed by Email marketer team and that you share on non-secure communication channels.
The purpose of these technical measures is to make your data incomprehensible or inaccessible to unauthorized persons.
For any questions related to the security of our services, applications and software, please contact our technical support staff available on our official channels: email, online chat and phone.
Data breach management
- Article 33 of the GDPR requires the data controller to notify the control authority of any violation of personal data (a data breach), within seventy-two hours of the moment it becomes known.
We distinguish three types of violations:- breach of confidentiality— unauthorized or accidental disclosure or access to personal data;
- integrity violation— an unauthorized or accidental alteration of personal data;
- availability violation— the loss, inaccessibility or destruction, whether accidental or unauthorized, of personal data.
If the violation is also related to your data, our team, as data processor, will notify you in the following ways:
- personally and directly;
- by means of public communication or a similar and effective measure when direct and personal communication involves disproportionate efforts.
Always keep in mind that you, as a user, are the data controller. It will be your duty to promptly inform your subscribers on the contact lists. You can communicate that violation in the following ways:
- personally and directly to your subscribers;
- with a public or equally effective communication that can reach all of your contacts affected by the data breach.
The direct communication to your subscribers must be distinguished from other messages that you usually send. The notice of the violation must be clear, unambiguous and must draw the attention of the interested party.
In particular, Article 24 and Article 32 of the GDPR require the data controller to:- implement appropriate technical and organizational measures to ensure compliance with the GDPR;
- be able to demonstrate that the processing of data has been carried out in accordance with the provisions of the GDPR;
- review and update the aforementioned measures when necessary;
- ensure a level of security appropriate to the risk.
Access to authorized data for customer care and technical assistance
- The collected data will be used if it is necessary or instrumental for:
- delivering technical assistance to users for the services provided by Email marketer that affect data controllers or their contact lists;
- concluding commercial negotiations by telephone or email;
- direct or indirect commercial advice.
Your data may be processed by Email marketer employees or third parties who will be appointed as external processors as appropriate. The owner or the data controller will be informed from time to time about the methods of treatment.
Minimization of data processing and archiving
We have prepared technical and organizational measures to guarantee the principle of minimization of data processing. Any data processing will always be adequate, relevant and limited to achieving the stated purposes.
The processing of data for statistical purposes, archiving in the public interest, scientific or historical research is subject to guarantees appropriate to the rights and freedoms of the interested party in accordance with the provisions of the GDPR.
Data transfer
- Because we operate servers all over the world, though mainly in the United States and Europe, your information may be processed on servers located outside the country where you live. The laws on the protection of personal data vary from country to country; some countries provide more protection than others.
Regardless of where your data is processed, we apply the same protections described in these policies, and we also comply with certain provisions relating to data transfer, including those provided for by the EU-US Privacy Shield Framework.
Cooperation
- The services, applications and software we offer allow you to retrieve, correct, delete or limit customer data, simply and directly from your account.
If a recipient of your email asks you to change or delete your personal data, you will first need to identify the information of the person concerned, then you must comply with your obligations under the GDPR, which are to:- provide an answer to reasonable requests;
- proceed or not with the action requested by the member of your lists while providing a reason for your choice in the second case.
If you are not able to independently provide the required action regarding your customers’ data using the services we provide you, under our existing contract, we can offer you reasonable cooperation to help you answer any request from individuals or authorities competent in the protection and processing of personal data. You will be charged for any additional expenses.
In the event that a request is made directly to us, we will not respond directly without your prior authorization unless we are legally obliged to do so.
If our team is required to respond to such a request, we will promptly inform you by providing you with a copy of the request, unless for legal reasons we cannot do so.
Training
- We have created a diversified training plan based on the services we provide, the roles and internal tasks, and instructed staff on data processing and the risks involved.
The GDPR provides that all persons, supervisors, and anyone under the authority of the data controller or data processor must be duly instructed and trained on the tasks, responsibilities and performance of data processing operations, in addition to the aforementioned measures that they must undertake to maintain absolute confidentiality.
For training we have taken into account:- the job, by role and sector;
- the type of data processing being conducted.
In compliance with the GDPR, the certification of training will have a schedule and be updated periodically, based on the effective implementation of corporate procedures.
Supplier Instructions
We will systematically verify that suppliers issue guarantees on compliance with safety standards, and that those guarantees are maintained and updated over time. All service providers enter into a contract with us that protects personal data and limits their use of any personal information consistent with this Privacy Policy.
Complaints
- We will respond to any formal written complaints that we receive, first by contacting the people who submitted the complaints. We work with the relevant regulatory authorities, including local data protection authorities, to resolve any complaints related to the transfer of personal data which cannot be resolved directly.
Application of the rules
This Privacy Policy applies to all services offered by us and to the websites of applications developed and sold by us. Each service, application and specific software collects and processes only the data necessary for correct operation, as highlighted in the section dedicated to the DPA.
- You must provide your customers and/or users with adequate updated information in compliance with GDPR.
- Your email lists must contain only the verified contacts of those who gave their informed consent regarding the data.
- We suggest that you regularly change your login and password.
- You must pay attention to our new data processing conditions that have been updated to comply with the GDPR.
- Protect Your PC with a Password and antivirus: nobody else should have access to your data.
- When you export your data, make sure that your data is protected!
- Do not send confidential information through an email campaign.
Reference articles
Definitions
Algorithm
A process and set of rules followed by a computer in the execution of repetitive tasks to solve problems or to obtain results.
Profiling
A form of automated processing of personal data, consisting of the use of information to evaluate certain personal aspects relating to a natural person. In particular, profiling analyzes or predicts aspects of professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement.
Log
The significant events that occur between applications and the system as a service provider; the customers are the recipients of the services themselves. In general, a log is made at the beginning and the end of a service and when every condition is codified.
Third parties
Services used to complete purchasing procedures and to provide statistics, and systems for importing or exporting data to and from our platforms.
Cookie
A small file containing a string of characters sent to your computer when you visit a website. The cookie stores your preferences to allow a more personalized navigation experience.
Pixel tag and beacon
Technologies embedded in the email body to determine activities such as views or openings.
Personal data
Information that identifies you.
Particular data
Previously called “sensitive data,” this is a category of sensitive personal data such as biometrics, criminal record, health care etc.
IP address
A numerical label that uniquely identifies a device such as a computer, smartphone router, etc.
Data Privacy Agreement
Terms and conditions of use of the services offered by our company.
Data controller
The body that determines, individually or together with others, the purposes and means of processing personal data. The European Union or Member State defines the purposes and means of such processing and establishes the controller or the specific criteria applicable to his designation. This important role can be held by a natural or legal person, public authority, service or other body.
Data processor
The natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
Data Protection Officer (DPO)
The person responsible for evaluating and organizing the management of the processing of personal data and their protection, so that they are processed in a lawful and relevant manner.