UniSender provides certain services relating to the development, transmission, analysis, and management of email messages through the web site located at www.unisender.com and such other sites as may be designated by us (each, the “Site” or collectively, the “Sites”) and/or through UniSender API (the “Services”).
This Policy should be read in conjunction with the Terms of Service (https://www.unisender.com/en/terms/) (the “Agreement”), into which it is incorporated by reference.
We may modify this Policy from time to time. We will provide you with notice of any material changes to this Policy by publishing or communicate the changes through our Services or by other means so that you may review the changes before continuing to use our Services. Your continued use of the Services after we publish or communicate a notice about any changes to this Policy means that you are consenting to the changes.
- “Personal Information” or “Personal data” is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- “Process” or “Processing” means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
By using the Services, or registration with our website (www.unisender.com), you signify your agreement to the terms and conditions of this Policy and to our collection, use and disclosure of your personal data as set out herein. By giving your consent to us, you retain the right to have your personal data rectified, to be forgotten and/or to be erased.
You may change or withdraw your consent to the collection, use or disclosure of your personal data at any time by contacting us via email at firstname.lastname@example.org. In some circumstances, a change or withdrawal of consent may affect your ability to use the Services.
You also agree and accept that we may contact you by email or SMS in relation to your subscription.
PRIVACY LAWS/GDPR COMPLIANCE
UniSender is responsible for personal data under our control. We have established policies and procedures to effectively safeguard any confidential personal data that we collect and to deal with complaints and inquiries. We are committed to maintaining the accuracy, confidentiality, and security of your personal data, and we will ensure that you have access to information regarding the policies and procedures that we use to manage your personal data.
UniSender has designated a Privacy Officer/Data Protection Officer (“DPO”) who is accountable for our compliance with this Policy and for ensuring that information about our policies and practices relating to the management of personal data is easily accessible. All questions or concerns regarding this Policy and our compliance with it should be directed to the Privacy Officer in writing and sent by email or postal mail to:
ECOMZ Holding Limited
Attn: Data Privacy Officer
6B Georgiou Karyou, office 6B, Dasoupoli, Strovolos,
Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual User.
Personal Data Collected
- Identity and contact details of the data processor
Personal data is collected through our Site and Services by ECOMZ Holding Limited, a company registered under the laws of Cyprus under number 309897 with its registered office at 6B Georgiou Karyou, office 6B, Dasoupoli, Strovolos, Nicosia, Cyprus.
- Personal Information Collected Through our Site and the Services
UniSender collects certain Personal Information, as follows:
(a) Information Customers Provide to Us: You may provide personal information to us through the Site or Services – for example, when you subscribe to our Services, register a UniSender account, contact customer support, send us an email, or otherwise access or use UniSender. The following That Personal Information may include your email, title, first name, last name, country, time zone, Intracommunity VAT number where applicable, login & password, postal address, telephone number, IP address(es) and domain name. UniSender will also maintain your Services history and usage, record of your purchases, UniSender account balance, transactional information and any communications and responses logs.
(b) Information Collected Automatically Through our Services: By using our Services, the following Personal Information is also collected automatically and managed by us: log-in and browsing data, order history, information on subscriptions and support ticket messages, Customer’s ID with UniSender, third-party API/services integrations, API key, IP addresses, including dedicated IP usage history, browser types, log files, information on payment methods, PIN code for creating the messages, payment transaction IDs, and other information regarding Your system and connection. Some data is collected automatically by reason of your activity on the site.
We also collect and process information regarding the performance of the Services, including metrics related to the deliverability of emails and other electronic communications You send through the UniSender platform. This information allows us to improve the content and operation of the Services, and facilitate research and analysis of the Services.
The data you submit should not include any sensitive personal data, such as Government identifiers (i.e. social security, driving licence, or taxpayer identification numbers), complete credit card or complete personal bank card numbers, medical records or particulars connected with applications for care or treatment associated with private individuals.
In addition, and in the context of using our services, namely creating and sending emails and campaigns, UniSender has access to the information contained in the subject and content of the emails that you send out, as well as the email contacts you send to via our services.
This data is stored on secure servers and only a limited number of people are authorised to access your contact lists, in particular for the purpose of providing support services.
You are easily able to recover your contact lists from your UniSender account at any time, by clicking on the “export” button. You may also modify and or delete contacts at any time from your account.
YOUR CONTACTS’ DATA
As creator of the contacts and associated emails, you are considered the data controller of the Contacts Personal Information within the meaning of the GDPR, and UniSender is acting only as a data processor. In this capacity, you are responsible in particular for:
- making all the declarations necessary to the relative data protection authority,
- complying with all current regulations in force, including the data protection laws,
- obtaining the explicit consent of the Contacts concerned when collecting their personal data,
- ensuring your authority to use the personal data collected in accordance with the defined end purposes and refraining from any unauthorised use.
If a recipient of your emails sent via our services requests us to modify or delete his/her personal data, we will honor that request after proper verification and will inform you of it.
In no case does UniSender sell, share or rent out your Contacts Personal Information to third parties, nor does it use them for any purpose other than those set forth in this policy. We will use the information from your contacts only for legal requirements, to invoice and collect summaries for our own statistics and for the purposes of providing you with customer support services.
USE OF PERSONAL DATA
We may use your Personal Data and information we collect through the Services for a range of reasons, which include:
- To provide, operate, optimize and maintain the Services;
- To deal with Customer enquiries and support requests, and to provide information and access to resources or services that they have requested from us;
- To manage the UniSender platform, system administration and security;
- To process and complete transactions;
- To compile aggregated statistics about the operation and use of the Services and to better understand the preferences of our Customers;
- To send our Customers technical alerts, reports, updates, security notifications and other Service-related communications;
- To carry out research and development to improve our products and services;
- To send You marketing communications (where this is in accordance with Your communication preferences);
- Investigate and prevent fraud, unauthorized access or use of Services, breaches of terms and policies, and other wrongful behavior;
- To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify You.
LEGAL BASIS FOR PROCESSING
Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from You only where we have Your consent to do so, where we need the Personal Data to perform a contract with You, or where the processing is in Our legitimate interests and not overridden by Your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the Personal Data in question.
If we ask You to provide Personal Data to comply with a legal requirement or to perform a contract with You, we will make this clear at the relevant time and advise You whether the provision of Your Personal Data is mandatory or not (as well as of the possible consequences if You do not provide Your Personal Data).
Similarly, if we collect and use Your Personal Data in reliance on our or a third partys legitimate interests and those interests are not already listed above (in the “Use of Personal Data” section), we will make clear to You at the relevant time what those legitimate interests are.
If You have questions about or need further information concerning the legal basis on which we collect and use Your Personal Data, please contact us using the contact details provided in “Contact Us” section below
THIRD PARTY TRANSFERS AND SUBPROCESSORS
We may share and disclose Your Personal Data to our vendors and other third-party service providers who require access to Your Personal Data to assist in the provision of the Services, and other business-related functions
We use Google Analytics to provide statistics of campaigns effectiveness. This Service is our subprocessor in respect to the processing of Contacts’ Personal Information in the course of Your use of the Services. The basis for data processing is to perform the Agreement with You (in accordance with para 1 (b) Art 6 GDPR).
We use third party analytics tools, such as Facebook Analytics, Google Analytics, Yandex Metrica and Amplitude, which collect and process User data when using the Service, including device ID, IP address, cookies and others. Data received by third party services is not available to us: we receive and use information from third party services only in aggregate and anonymized form. You can learn more about the data is collected by these services and the relevant privacy policies by visiting the links below:
All data we obtain through analytics tools is used only to analyze how the Service, Site and social media or Internet pages are used, and to improve our products and customer-driven advertising. The objective for the use of analytics tools is to improve the quality of our Service, Site and content thereof. Through the use of analytics tools, we are able to learn exactly how the Service and Site are used, and to continually optimize the delivery of information and improve the Service. Our legitimate interest for the processing of Personal Data in accordance with para 1 (f) of Art 6 GDPR also derives from these objectives.
We use Google AdSense to display ads on our Site. Thus, some HTTP cookies are installed on your device and some information about your use of the Site is transmitted to Google, which may combine it with other data you provided to them. For more information, please visit this link.
We use AdRoll for remarketing purposes. You can opt out of remarketing AdRoll by visiting this AdRoll advertising settings page: http://info.evidon.com/pub_info/573?v=1&nt=1&nw=false/
You may access the Service through Google+ and Facebook on the basis of the Agreement and in accordance with para 1 (a) Art 6 GDPR. Customer decides whether to use such services or not.
For the purposes of storing Customer files, we use Amazon AWS, based on the Agreement concluded with us.
We may also share certain Personal Data collected through the Services or generated by the System (e.g. online identifiers) with third party companies so that they may offer products and services that we believe will be of interest to You or with third party advertising-serving companies to better target the adverts and other content displayed on our site and to provide offers we think may be of interest to You. You may reject the use of Your Personal Data for marketing purposes anytime by contacting us using the contact details provided in “Contact Us” section below.
UniSender does not disclose your personal data to third parties, except if: (1) you (or your account administrator acting on your behalf) requests or authorizes disclosure thereof; (2) the disclosure is required to process transactions or supply services which you have requested (i.e. to check you are employing best practice in your mailings or for the purposes of processing an acquisition card with credit-card issuing companies); (3) UniSender is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application; or, (4) the third party is a subcontractor or sub-processor of UniSender in the carrying out of services (for example: UniSender uses the services of an Internet provider or a telecommunications company).
Your personal information may be stored and processed by us in any country where we have facilities or where we engage service providers, and by reading this Policy and using the Services You acknowledge that Your Personal Data may be transferred to countries outside of Your country of residence, including the counties, which may have different data protection rules to those of Your country. Where we do so, our collection, storage and use of Your personal information will be in accordance with the purposes set out in this Policy.
Our servers and offices are located in the United States, Canada, Germany and Latvia so your information may be transferred to, stored, or processed in that countries. While the data protection, privacy, and other laws of that countries might not be as comprehensive as those in your country, we take many steps to protect your privacy. By using our Sites and Service, you understand and consent to the collection, storage, processing, and transfer of your information to our facilities in that countries and those third parties with whom we share it as described in this Policy.
Personal data of Russian citizens are necessarily also stored on servers in the Russian Federation by the registered personal data operator, as required by applicable laws.
We will ensure that where other non-EEA affiliates or third-party service providers have access to Personal Data outside of the EEA, that they too commit to provide the same level of protection as the GDPR principles.
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other lawful purposes. Where we have no ongoing legitimate business need to process Your personal information, we will either delete or anonymize it or.
General Personal Data retention period is 30 days, except for the general delivery and open stats data, which are stored for at least 180 days as of the mailing date.
UniSender reserves the right to delete any non-active account, i.e. an account that has not sent any emails for a period exceeding 12 months.
We maintain reasonable and appropriate security measures to protect Your personal information from loss, misuse, and unauthorized access, disclosure, alteration and destruction. We will take all reasonable steps to ensure the safety of Your personal information.
We use data centers around the world from top-notch data center providers to host our systems. They have SOC2 Type 2 reports and provide all the physical security protection measures you would expect.
We understand that software security is very important. We continuously scan our applications for vulnerabilities, using a combination of static source code analysis and dynamic testing. We understand that password reuse is a killer, and offer two-factor authentication for added protection of your account. We also:
- Encrypt all your data in transit using TLS.
- Have an independent penetration test conducted on an annual basis.
Information on how UniSender keeps your data secure can be found here.
YOUR DATA PROTECTION RIGHTS UNDER GDPR
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. UniSender aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.
If you wish to be informed of what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or to delete the information we have on you. Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where UniSender relied on your consent to process your personal information.
Please note that we may ask you to verify your identity before responding to such requests.
CHANGES TO THIS POLICY
We reserve the right to change or update this Policy from time to time. If material changes are made, we will place a prominent notice on our Site or Services for at least 15 days prior to the change taking effect, or communicate with You directly by email or through the Services, and will update the last revised date at the top of this Policy. We encourage You to regularly check back on this page to ensure You are up to date with any changes.
DATA PROCESSING AGREEMENT
UniSender offers a Data Processing Agreement based on the European Union Model Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer’s Data. UniSender Data Processing Agreement is available for signature here.
If You have any questions or concerns regarding the use or disclosure of Your personal information through the Services, You can contact us by sending an email to email@example.com or sending an official request to the address below:
Ecomz Holding Limited
6B Georgiou Karyou St., Office 6B, Dasoupoli, Strovolos, Nicosia, Cyprus
Version Date: 1 June 2020