- Effective: May 24, 2018. Last changed: August 27, 2019 (adding vulnerability email)
One of our core value is integrity. We believe that the new European legislation (GDPR) giving you additional rights is a good thing and therefore, we decided to apply it to everyone, not just EU resident. So if you live in the US, you will benefit from the same level of privacy as if you were EU resident with us.
1. DEFINITIONS AND INTERPRETATION
HCG Partners GmbH acts as both a data processor and a data controller under the GDPR:
- As a data processor – When we operate on your data on your behalf (e.g. sending emails to prospects you want us to contact and follow up on your behalf).
- As a data controller – When we collect personal information such as name & email address in exchange for you to use our Services.
2. INFORMATION WE COLLECT
If you expressed consent to be contacted by us, we will store the information you provided to Drip (https://www.drip.com/), an email marketing platform. That way, we can send you emails for announcements, survey, articles, and any other marketing information. You can unsubscribe at any time (instructions are provided with each email sent to you).
When you interact with us through the Services, we may collect Personal Data and other information from you, as further described below:
On the Site:
- We use Google Analytics (https://www.google.com/analytics) as web site analytic tools to track our site performance (number of unique visitors, bounce rates, referrals, and other performance indicators). The data retention is set to 26 months and we did not allow Google to share our data.
- We use SumoMe (https://sumo.com) to provide you with the option to get more information from us directly by email. You can unsubscribe at any time (instructions are provided with each email sent to you).
- We use Zopim (https://www.zopim.com/) to allow you to get in touch with us to ask questions about the Service. We may capture some information (like browser information and the page you were looking at) on top of the one provided for reaching out (like name and email). We don’t keep data there for more than 30 days. Our support tickets are then being handled in Helpscout (https://www.helpscout.net/) where we keep data for 36 months to provide a greater level of service (to assist returning visitors, to train new support agents, prevent abuses of our system and in some cases, to let you know we make some progress on issues causing you to leave our Service).
- Cookies: We employ cookies to have the above applications working properly on our site.
In the App:
- We collect information from you when you voluntarily provide such information, such as when you register for access to the Service. Information we collect may include but not be limited to the first name, last name, email address, company name, and website or other content you add to your QuickMail.io account. Those are used to better serve you (e.g. Assisting you via support or Invoice generation). We keep those data for 26 months after you cancel our services to be able to provide invoices to past clients and prevent abuse of our system. We may recontact you based on a legitimate interest (e.g. the reason of cancellation was a missing feature we developed after your cancellation).
- Payment information is processed by Stripe (https://stripe.com, https://stripe.com/guides/general-data-protection-regulation)
- We use Google Analytics to track our App usage. The data retention there is set to 26 months and we did not allow Google to share our data.
- Data We Collect Automatically: When you interact with us through the Services, we receive and store certain informations such as IP address, and your activities within the Services. We may store such information or such information may be included in databases owned and maintained by service providers such as Amazon AWS & Salesforce Heroku. We may use such information to help us improve the App, assist with support, legal compliance or conflict resolutions. The data retention is set to 3 months.
- Aggregated Information: we may conduct research on our customers’ performance. Anonymized data may be shared with a broader audience for marketing and educational purposes (e.g. Blog articles or speaking events). We may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for lawful purposes.
Data from Google is not aggregated.
Google API users: Data obtained from Google APIs will only be used in accordance to the “Limited Use[s]” as referenced in the Google API Policy (https://developers.google.com/terms/api-services-user-data-policy).
- Info through other Services: You may give us permission to collect your information in other services. For example, you may connect a social networking service (“SNS”) or Email Service Provider such as Google, Microsoft, Facebook or LinkedIn to your QuickMail.io account. When you do this, we capture your first name, last name and email address to prevent you from having to enter them, as well as a security tokens to allow us to provide you with the Service (e.g. sending emails on your behalf).
- You may decide to provide information to 3rd Parties by enabling some Add-ons. We have no control over data collection and retention for the 3rd Party applications you decide to enable in our App (e.g. Zapier, BriteVerify, Close.io, Hunter.io, Built-with, NeverBounce or Clearbit) and encourage you to check their respective privacy policies before enabling the add-on. We may work closely with them and exchange personal information such as name and email to resolve issues raised by you as a support request.
- Asking for support within the App is done using Helpscout (https://www.helpscout.net/). Helpscout collects additional information to help do our job efficiently such as the page you were looking at and your browser information. We keep data for 36 months to provide a greater level of service (to returning visitors, to train new support agents and prevent abuses of our system).
- Cookies: We employ cookies and similar technologies to keep track of your local computer’s settings such as which account you have logged into and notification settings. In addition, we use technologies such as web beacons and single-pixel gifs to record log data such as open rates for emails sent by the system.
- When you invite team members, the invitation information doesn’t stay in our system for more than 5 days.
All requests concerning access and modification of your data should be sent to firstname.lastname@example.org
3. WHERE INFORMATION IS PROCESSED
The Company is based in Switzerland. Our servers are located in the U.S. to server better the majority of our users. Our email support uses Helpscout (https://www.helpscout.net/), Zopim (https://www.zopim.com/) and email services (G Suite), all located in the US. To use our services or contact us, you have to consent to the processing and transferring of your information in and to the U.S. and other countries.
For our infrastructure, we rely primarily on Amazon AWS (https://aws.amazon.com/compliance/gdpr-center/ https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/) and Heroku (https://www.heroku.com/) with Salesforce as parent company (https://www.salesforce.com/assets/pdf/misc/data-processing-addendum.pdf)
This allows us to transfer personal data from the EU to the US in a compliant way.
4. OUR USE OF YOUR INFORMATION
The email data (from Gmail, Outlook or other email provider used in the application) are never shared with third-parties and stays private to the user and his or her team if applicable.
5. OUR LEGAL BASES FOR HANDLING OF YOUR PERSONAL DATA
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds are as follows:
- To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our users, or to take steps at users’ request in anticipation of entering into a contract with them. For example, we handle personal data on this basis to create your account and provide our Services.
- Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals: This includes:
- Providing a safe user experience;
- Customer service;
- Marketing, e.g. sending emails or other communications to let you know about new features;
- Protecting our users, personnel, and property;
- Analyzing and improving our business, e.g. collecting information about how you use our Services to optimize the design and placement of certain features;
- Processing job applications;
- Managing legal issues.
- Legal compliance: We may need to use and disclose personal data in certain ways to comply with our legal obligations.
- Consent: Where required by law, and in some other cases, we handle personal data on the basis of your implied or express consent.
6. OUR DISCLOSURE OF YOUR INFORMATION
We are not in the business of selling your information. These are the circumstances in which we may share some information with certain third parties as set forth below:
- Consent: We may transfer your information with your consent.
- Agents, Consultants and Related Third Parties: Like many businesses, we sometimes hire other companies or individuals to perform certain business-related functions. Examples of such functions include the development of the application, maintaining databases and processing payments.
- Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of the Company or Related Companies, (iii) protect the personal safety of users of the Services or the public, or (iv) protect against legal liability.
7. UNSOLICITED INFORMATION
You may provide us with ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.
Our Services are targeted at users who are at least 16 year old and owning a credit card. We do not knowingly collect personal information from children under the age of 13. If we learn that we are engaged in data processing with children under the age of 13, we will halt such processing, close the account and take reasonable measures to promptly remove applicable information from our records.
9. LINKS TO OTHER WEB SITES
10. DATA RETENTION
We will retain your information for as long as your account is active or as needed to provide you services. When an account is closed, we will retain and use your information up to 26 months.
Data may persist in encrypted copies made for backup and business continuity purposes for an additional time.
11. CUSTOMER TESTIMONIALS
We post customer testimonials on our web site which may contain Personal Data. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. To request removal of your Personal Data from Testimonials please contact us by submitting a request at email@example.com.
We take reasonable steps to protect the information provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error-free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any information via the Internet.
13. YOUR DATA RIGHTS AND CHOICES
We believe that users should be treated equally no matter where they are in the world, and so we are making the following options to control your data available to all users, regardless of their location. You can update certain information by accessing your profile via “Settings.” You can also unsubscribe from certain emails by clicking the “unsubscribe” link they contain. You may change your browser settings to opt out from certain cookie-related processing. Further information about the procedure to follow in order to disable cookies can be found on your Internet browser provider’s website via your help screen.
You can correct, update, amendment or delete your data.
- How can you access the personal data we have about you?
If you would like to submit a data access request, send firstname.lastname@example.org a request. We will then start the process and provide you a link to access the personal data that we have on you within 30 days. For your protection, we will take steps to verify identity before responding to your request.
- How can you correct, update, amend, or delete the personal data we have about you?
In addition to the functionality available through the “Settings” of the Services, in which you can correct, update, amend, or delete certain personal data, you can also request other modifications from us directly. Please write to us at email@example.com with the words “Personal Data Request” in the subject or body of your message, along with an explanation of what data subject right you are seeking to exercise. For your protection, we will take steps to verify identity before responding to your request.
15. CONTACTING US
To report any vulnerability issue, please use firstname.lastname@example.org
You can find our Data Processing Amendment (DPA) here