Privacy Notice

UniSender is a service operated by Ecomz Holding Limited, Georgiou Karyou, 6B, office / flat 6B, Dasoupoli, Strovolos, 2014, Nicosia, Republic of Cyprus. In this Privacy Notice we shall call ourselves “we,” “us,” “our,” and “UniSender”, “Administration”.

 

UniSender enables Users to manage electronic newsletters, such as email and SMS messages or Viber messages, and provides analytics for the effective email management.

 

In terms of processing personal data there are three categories of persons that we interact with.

 

User – an individual or a representative of legal entity that uses our Service on the basis of the Contract. The Contract is the Terms of services or any other bilateral commitment, under which UniSender provides the Services. For detailed information on GDPR compliance, please visit “GDPR for Users“.

 

Contact – an individual whose email address is uploaded by the User on our platform for carrying out electronic newsletter campaigns. If you receive emails from us on behalf of a legal entity, please visit “GDPR for Subscribers“.

 

Visitor – an individual who visits our site to get to acquainted with the information on the site, contact the Administration, or for other reasons not related to the conclusion or execution of the Contract. The Visitor may simultaneously be the “User” and the “Contact” when using the UniSender site and its’ services. To understand how we process the personal data of the Visitor solely, please visit the “GDPR for the Visitors“.

 

Unless otherwise specified and corresponding to the context, the word meaning given herein are used in accordance with GDPR.

 

GDPR for Users

We provide support to our Users (our clients) in regard to compliance with the requirements of GDPR.

 

Within the meaning of Art 4 (7) GDPR you, as User of our Service, are a Controller of the personal data of your Contacts. Pursuant to Art 4 (8) GDPR, we shall act as a Processor. Our relationship with you regarding the processing of personal data are governed by the Contract, which contains requirements on the processing of personal data under para 3 Art 28 GDPR.

 

As a Controller, you have to comply with the requirements provided by Art 24 GDPR. In accordance with para 2 Art. 24 GDPR you are required to implement a policy for the processing of personal data, taking into account the use of our Service.

 

The lawful basis for processing the personal data of your Contacts must be subject to para. 1 Art. 6 GDPR. Such lawful basis can be determined only by you depending on your business processes. As a rule, for our Users such basis consists of consent and Contract (para 1 (a, b) Art. 6 GDPR).

 

In order to implement the data processing policy in accordance with the requirements of the GDPR in connection with the use of our Service, you can use:

  1. the description of the possible Tools that we provide under the Contract, the details shall be provided below;
  2. a list of our subprocessors, the details shall be provided below;
  3. conditions of the Contract that can be found at www.unisender.com;
  4. the ability to manage the personal data of Contacts through the web interface or API, in particular for the purposes of implementing the right to portability.

Tool – a microservice integrally related to the basic services of UniSender. With the use of Tools, you can create a special form for collecting data on the Contact, integrate with other services, analyze the data the way you need, carry out other tasks within the described functionality of the Tool.

 

According to the terms of the Contract, we take a general written authorisation to engage another subprocessor(s) as stipulated by para 2 Art 28 GDPR. We shall notify the User as per the Contract provisions in the event of any changes concerning such another subprocessor. Herewith, Contract contains provision on termination if you do not agree with the involvement of another sub processor.

 

What Users’ personal data do we process?

The User uses the web interface, we process the personal data of the User as the Visitor, allocating them to a separate category. Detailed information on the processing of personal data of the Visitor category can be found at “GDPR for Visitors“.

 

Besides acting as a Processor in respect to the personal data of your Contacts, UniSender is the Controller of your data. This is especially relevant to Users – individuals.

 

As a Controller, we process the following data:

  1. For the purposes of identification of an individual or an authorized representative of the legal entity: Email address, IP addresses, first name, surname, patronymic, phone number, country, time zone, language of notifications.
  2. For the purpose of the Contract performance: The history of your visits to our website, the User’s ID in the UniSender system, the account balance, the list and content of the created campaigns, information on payment methods, mailing reports, information about the additional services provided, information from integration with third-party services, postal and actual address of the individual, bank details, statistics on list change, API key, PIN code for creating the messages, information on connected and used tariffs, payment transaction IDs, payment methods and time, using Used dedicated IP for sending mailings, identifiers for Google+ and Facebook services, information about the Tools used.

As to legal entities, we process the basic information about the company for billing. Several representatives can be indicated in the account of the legal entity.

 

Third parties

We use Google Analytics to provide statistics about campaigns effectiveness, the basis for data processing is the Contract (para 1 (a) Art 6 GDPR). This Service is our subprocessor in respect to the processing of Contacts’ personal data in the course of services provision.

 

We use Yandex Metrics and Google Analytics to understand user behavior on the site in order to provide you with the best user experience, the basis for data processing is the Contract in accordance with para 1 (f) Art 6 GDPR.

 

Slemma – the service used by us for processing statistics on the campaigns of the User, this service meets the security requirements https://slemma.com/privacy-policy/, the basis for data processing is the Contract in accordance with para 1 (f) Art 6 GDPR.

 

You may access the Service through Google+ and Facebook on the basis of the Contract and in accordance with para 1 (a) Art 6 GDPR. User decides whether to use such services or not.

 

For the purposes of payment processing, we use the services of Buy Credit and PayPal, the basis for data processing is the Contract (para 1 (a) Art 6 GDPR).

 

We use Intercom to facilitate communications, for more information on Intercom’s services and it’s privacy policy, please visit https://www.intercom.com/terms-and-policies#privacy, the basis for data processing is a Contract in accordance with para 1 ( a) Art 6 GDPR.

 

For the purposes of storing User files, we use Amazon, the basis for processing data is the Contract in accordance with para 1 (a) Art 6 GDPR.

 

Hetzner is used as a data backup facility, the basis for data processing is the Contract in accordance with para 1 (a) Art 6 GDPR.

 

OVH storage services are used for logs storage, the basis for data processing is the Contract in accordance with para 1 (f) Art 6 GDPR.

 

Lattelecom – storage services provider of the hosting, basis for data processing is the Contract in accordance with para 1 (a) Art 6 GDPR.

 

FAQ for Users

Additional information on privacy compliance we shall provide in the form of questions and answers.

 

How is Users’ personal data used?

We use information in accordance with the principles of confidentiality and legal basis under Article 6 of GDPR, all collected information shall be allocated at UniSender and partially at our partners within minimum limits necessary.  No collected data from the Controllers is sold, exchanged or distributed by any means.

 

How can you confirm the compliance with GDPR?

We process personal data in a fairly, lawfully and transparent way. We comply with all requirements of the GDPR, which shall be confirmed by information published on this Site. If you still have inquiries, please do not hesitate to contact us.

 

Can Contact directly contact UniSender to take actions with regard to his/her personal data?

As a Processor, we process personal data on the basis of the Contract concluded with the User, who also acts as the Controller in respect to the personal data of its’ Contacts. To exercise your rights in respect to your personal data, Contact shall contact the Controller. The Controller shall ensure Contact’s right on accessibility, alteration, erasure of his personal data. UniSender can fulfil the request of the Contact on erasure of this personal data if due to objective reasons it is not possible to fulfil by the User or the processing of personal data does not comply with the requirements of the law. Should be noted that in such cases contractual penalties might be imposed on the User.

 

Is it possible to erase Contacts’ data completely, is it possible to use such data for statistics purposes?

The User’s data is subject to erasure within 30 (thirty) days after the expiry or termination of the Contract. In the course of erasure process personal data of the Users and Contacts will be anonymised in accordance with Opinion 05/2014 on Anonymisation Techniques WP29.

 

How do you implement technical and organizational measures designed to protect data subjects and reduce risk?

We carefully conducted the Data Protection Impact Assessment, in the line with Art. 35 GDPR. As a result of necessary measures taken, we concluded an agreement with hosting providers, which are able to adopt measures required for the data protection, developed documentation and organized business processes in accordance with the requirements of GDPR.

 

Can I refuse from certain statistics on Contacts?

We provide services for a large number of customers in the EU, our Service has the same features for everybody, the value of our services – unique analytics of the Contacts. If the proposed level of analytics is excessive for you, not suitable, or there is no legal basis for processing personal data of the Contacts in accordance with the proposed level of analytics, you can refuse to use certain Tools, and also contact us. We will provide information support to bring your activities in line with the requirements of GDPR.

 

Are your subprocessors compliant with GDPR? Can you opt out of using subprocessors?

Our Service is debugged while using certain subprocessors. To use different subprocessors depending on the preferences of the User is technically impossible or economically incompatible while comparing with the cost of implementing such functionality. Considering our close relationship with the subprocessors, we carefully selected such subprocessors and insured compliance with para 4 Art 28 points GDPR.

 

Why don’t you disclose the legal basis for processing personal data of the Contact?

Users act as data Controllers in respect to Contacts, and UniSender acts as the Processor for such Users. Data protection policy is mandatory for implementation by the Controller (para 2 Art 24 GDPR). Methods for processing personal data of the Contacts and Policy are to be sought from the User who manages such Contact. We, in turn, will assist Contact and provide information about the User who processes his/her personal data.

 

For additional information about the processing personal data of Users you also need to visit the “GDPR for Visitors

 

GDPR for Contacts

Contacts can receive emails and SMS messages or Viber messages sent by the Users by means of our Service. Each our User is the Controller in respect to any Contact. Administration acts solely as a Processor with regard to the processing of Contact’s personal data.

 

We, as Processor, process personal data on behalf of the Controller and do not have the right to use or process any personal data, other than on the basis of the concluded Contract with the User and for the purposes of the legitimate interests to improve UniSender Service. To exercise such legitimate interests, we use only anonymised data of Users and Contacts. Anonymization is carried out in accordance with the requirements within 30 days upon the expiry of the legal grounds for the processing.

 

In accordance with the current legislation, we include in the Contract with the User the conditions where under they shall legitimately collect personal data of their Contacts, exclude the use of special categories of personal data. Our Users hold the right to possess and control their lists of mailings, including the information about each Contact.

 

Administration never communicates the Contacts, it does not share, transfer, sell, use or process the Contacts’ information in any way, other than on behalf of the User, and in some cases by the decision of the Contact.

 

Excepts are for other subprocessors who help us with the provision of our services, including technical support for the UniSender Service, processing and storing data. As stipulated in para 2 Art 28 GDPR, we disclose and use subprocessors with the consent of our Users.

 

All UniSender Service Users shall accept our Contract whereunder the User guarantees that all his Contacts have explicitly requested such electronic messages from the User (through opt-in).

 

The administration may take all necessary measures, including judicial, against any User who breaches the Contract.

 

You can unsubscribe at any time from any mailing list stored on the UniSender system. Any emails sent from our system will always contain a link to cancel the subscription. Unsubscribing from any User’s list ensures that you will no longer receive emails from such list or User.

 

Please note that the information about the Contact can be disclosed on the basis of the substantiated order of the authorized body (court, police, etc.).

 

What are the ways of processing personal data on behalf of the User?

On the basis of legitimate interest, we collect and analyze the following data of the Contact in order to improve our services using our own software:

  1. Information on the number of messages delivered and not delivered;
  2. Number of spam blocks;
  3. Number of spam complaints;
  4. Reasons for messages non delivery.

In accordance with the Contract concluded with the User, we process in the interests of the User the following statistics.

 

With the use of internal statistics:

  1. The indicator of the opening (reading) of messages;
  2. Number of visits from the mailing to the site (also with external statistics);

Using external statistics from Google Analytics:

  1. Number of visits to the target web site from the marketing campaign;
  2. Country of User Contacts;
  3. Characteristics of devices Contacts use to read marketing campaign (laptops or smartphones, screen size, operating system)
  4. Achieve the goal set by the User in Google Analytics (for example, downloading a file, registration on the site or placing an order);
  5. Evaluation of ROI (sales volume);
  6. Identify the behavior of the visitors who arrived from the marketing campaign.

If you are interested in detailed information on the principles of processing personal data on behalf of the User, please refer to the Contract.

 

If you think, that the User has sent electronic message in violation of applicable law, please email us at privacy@unisender.com.

GDPR for Visitors

We have allocated the personal data of the Visitors into a separate category. However, Users and Contacts (if you visit our web service) also fall into this category.

 

Who is collecting the data?

Administration is the data Controller for the Visitor within the meaning of Art 4 (7) GDPR and collects data.

 

What data is being collected?

Administration can collect, record and analyze information about Visitors of its website.

 

In addition, the Administration may collect and process any personal data that the Visitor voluntarily provides through the forms of our website, for example, to contact us. Worth to note that upon completion the registration, you become our User. For more information about processing the personal data of the User, please visit “GDPR for Users“.

 

The collected personal data may contain an IP address, e-mail address, phone number, job title, preferences and certain information about the company you work in (company name and address).

 

How will the information be used?

All Visitors’ data is kept confidential. We do not sell, transfer such data to any other organization in any way, except for certain service providers that help us in the provision of our services, including sales and marketing services. Any processing is carried out in accordance with the requirements of GDPR.

 

What is the legal basis for processing the data?

We process personal data of Visitors on the basis of the consent for each category of personal data and on the basis of legitimate interest to provide you with the best possible website we can (para 1 (a, f) Art 6).

 

Part of the data that we collect on the basis of the consent is necessary for the use of basic properties of the site unisender.com. This data includes information about the screen resolution of your device, IP address, certain cookies.

 

Part of the data we collect on the basis of legitimate interest is related to the use of the site unisender.com. This can include: the number of page views, interest in fragments of the information on the Site, other statistical information, logs.

 

On the basis of your consent, we process personal data that is not required for the use of the website, but is necessary to provide you with additional or relevant information. To do this, we use cookies in accordance with the pre-selected settings of your browser.

 

On the basis of your consent we will process the following personal data if you send us a message via email or telephone: e-mail address, telephone number, job title, areas of interest to you and certain information about the company you work in (name of company and address), as well as what is the relationship between the company you represent and you. In this case, a specific list of shared personal data is being defined personally by you.

 

Will the data be shared with any third parties?

We use the GA service to collect information according to our legitimate interest.

 

We expect that the owners of web browsers comply with the requirements of GDPR and give you the opportunity to manage cookies using opt-out. If you are allowed to use any cookies in accordance with the current settings of your browser, use these settings to restrict their use.

 

In case respective cookies are allowed, we will use the cookies of Facebook and will exchange information with this social network. You can also opt out of the exchange of information between our site and social networks directly in social networking accounts.

 

How long is the data stored?

We store data related to correspondence and web site logs not more than 30 days.

Information about web page visits and other use of the site we store not more than 30 days, then we anonymize such data.

 

How to file a complaint?

In case you think that your legitimate interests as a data subject are violated, please contact privacy@unisender.com