Last Updated December 31, 2019
We’ll start by getting a few definitions out of the way that should help you understand this policy. When we say “we,” “us,” and “Postalytics,” we’re referring to Postalytics Inc., a State of Delaware Corporation. When we say “you”, “user”, “Client”, “Customer” or “Member,” we’re referring to the person or entity that’s registered with us to use the Services. When we say “end user”, “target” or “campaign target” we are referring to individuals who are the targets in a campaign being run by a Postalytics client.
We provide online platforms that you may use to create, send, and manage mail (the “Services”). We offer the Services on our websites https://postalytics.com and https://app.postalytics.com (each a “Website” and together the “Websites”). In the course of providing the Services, we may collect Personal Information, which means information about a Member. A “Contact List” is a list of physical that one of our Members has sent, or intends to send, mail to, and all information relating to those addresses.
3. Effective Date
For Non-EEA Residents:
If you have any questions or comments, or if you want to update, delete, or change any Personal Information you’ve submitted on the Website, please email us at firstname.lastname@example.org or use our contact form to get in touch. You may also contact us by postal mail at:
55 Accord Park Drive
Rockland, MA 02370
For EEA Residents:
For the purposes of EU data protection legislation, Postalytics Inc. is the controller of your Personal Information. Our Data Protection Officer can be contacted at email@example.com.
Legal Basis for Processing Personal Information
We process Personal Information about you as a data controller as described in this policy, where such processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests typically include: improving, maintaining, providing, and enhancing our technology, products and services; ensuring the security of the Services and our Website; and for our marketing activities.
Legal Basis for Processing Personal Information (EEA Persons Only)
If you are from the European Economic Area, our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will normally collect and use Personal Information from you where the processing is in our legitimate interests and not overridden by your data-protection interests or fundamental rights and freedoms. Typically, our legitimate interests include improving, maintaining, providing, and enhancing our technology, products, and services; ensuring the security of the Services and our Websites; and for our marketing activities.
If you are a User, we may need the Personal Information to perform a contract with you. In some limited cases, we may also have a legal obligation to collect Personal Information from you.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not, as well as of the possible consequences if you do not provide your Personal Information.
Where required by law, we will collect Personal Information only where we have your consent to do so.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the “Questions” section below.
We operate in the United States
Our servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy.
Users located in Australia
If you are a User who lives in Australia, this section applies to you. We are subject to the operation of the Privacy Act 1988 (“Australian Privacy Act”). Here are the specific points you should be aware of:
Where we say we assume an obligation about Personal Information, we are also requiring our subcontractors to undertake a similar obligation, where relevant.
We will not use or disclose Personal Information for the purpose of our direct marketing to you unless you have consented to receive direct marketing; you would reasonably expect us to use your personal details for the marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account.
Our servers are located in the United States. In addition, we or our subcontractors may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of offshore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas.
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request.
If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.
For purposes of this section “Personal Information” has the meaning given in the California Consumer Privacy Act (“CCPA”).
Personal Information: How We Collect, Use, and Share It
We have collected the following statutory categories of Personal Information in the past twelve (12) months:
Identifiers, such as name, e-mail address, mailing address, and phone number. We collect this information directly from you or from third party sources.
Commercial information, such as subscription records. We collect this information directly from you.
Internet or network information, such as browsing and search history. We collect this information directly from your device.
Geolocation data, such as IP address. We collect this information from your device.
Financial information, such as Payment Information or financial account numbers in the process of providing you with a subscription. We collect this information from you.
Other personal information, in instances when you interact with us online, by phone or mail in the context of receiving help through our help desks or other support channels; participation in customer surveys or contests; or in providing the Postalytics Service.
Privacy Rights of California Residents
California residents have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.
The right of access means that you have the right to request that we disclose what Personal Information we have collected, used and disclosed about you in the past 12 months.
The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
Postalytics does not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).
How to Exercise your California Rights
You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent’s identity to protect your Personal Information.
Please use the contact details below, if you would like to:
Access this policy in an alternative format;
Exercise your rights;
Learn more about your rights or our privacy practices; or
Designate an authorized agent to make a request on your behalf.
To request the above information, please contact us through our contact form or email us at firstname.lastname@example.org.
5. Information We Collect
Certain parts of our Websites may ask you to provide Personal Information voluntarily. For example, we may ask you to provide certain Personal Information (such as your name, contact details, company name, profile information) in order to sign up for a free or paid Postalytics account, apply for a role with Postalytics, or otherwise submit inquiries to us. We may also collect Personal Information, such as your contact and job details and feedback, when you attend our events, take part in surveys, or through other business or marketing interactions we may have with you. You may choose to provide additional information when you communicate with us or otherwise interact with us, and we will keep copies of any such communications for our records.
The Personal Information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your Personal Information. We will also let you know prior to collection whether the provision of the Personal Information we are collecting is compulsory or may be provided on a voluntary basis and the consequences, if any, of not providing the information.
When you visit our Websites, we may also collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered Personal Information under applicable data protection laws.
Contact List and Physical Address mailings: When you add a Contact List or use Postalytics to create a message via direct mail, or when you use our tools on a landing page or other web page, we have access to the data on your list and the information in your direct mail, landing page or web page.
A Contact List can be created in a number of ways, including by importing Lists, such as through a CSV or directly from your CRM or other tools. Your Contact Lists are stored on a secure Postalytics server. We do not, under any circumstances, sell your Contact Lists. If someone on your Contact List complains or contacts us, we might then contact that person. You may export (download) your Contact Lists from Postalytics at any time.
If we detect abusive or illegal behavior related to your Contact List, we may share your Contact List or portions of it with affected ISPs or anti-spam organizations to the extent permitted or required by applicable law.
Personalization & Variable, Relevant Content: Postalytics enables its users to create personalized, one to one messages and web experiences for marketing campaigns by enabling Contact List information provided by our users such as name, sex, address and/or any other information can be inserted into messages, URL’s, landing pages and web pages. Additionally, Postalytics enables users to create unique, highly relevant experiences by using variable data, variable content and variable logic techniques to customize the look and feel, the presentation of content and the flow of landing pages and web pages.
Campaign Behavior: Postalytics enables its users to send messages and provide access to landing pages and web pages and tracks the behavior of the campaign targets for analysis and for campaign follow up. Such behavior includes actions like opens, clicks, visits, forms filled out, buttons selected as well as lack of actions like targets who do not open, respond, click or fill out forms. A Postalytics feature enables users to send specialized messages to segments of a campaign defined by the actions or lack of actions. All of the information tracked and gathered about Campaign Behavior is used to build reports for users to understand the effectiveness of their campaigns.
Information from your Use of the Service: We may get information about how and when you use the Services. This information may include your IP address, time, date, browser used, and actions taken by you within the application.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Postalytics Subscription Service or Websites you visit. Postalytics keeps track of the Websites and pages you visit within Postalytics, in order to determine what portion of the Postalytics Website or Subscription Service is the most popular or most used. This data is used to deliver customized content and promotions within the Postalytics Website and Subscription Service to customers whose behavior indicates that they are interested in a particular subject area.
Web Beacons: When we send emails to registered Postalytics customers, we’ll sometimes track who opened the emails and who clicked the links. We do that to measure our Email Campaigns’ performance and to improve our features for specific segments of customers. To do this, we include single pixel gifs, also called web beacons, in emails we send. Web beacons allow us to collect information about when you open the email, your IP address, your browser or email client type, and other similar details. We also include Web Beacons in the emails we deliver for you. We use the data from those Web Beacons to create the reports you see about who has or hasn’t opened emails or clicked links. Reports are also available to us when we send you email, so we may collect and review that information.
6. Use and Disclosure of Your Personal Information
We may use and disclose your Personal Information only as follows:
To promote use of our Services. For example, if you leave your Personal Information when you visit our Website and don’t sign up for any of the Services, we may send you an email asking whether you want to sign up. And if you use any of our Services, and we think you might benefit from using another Service we offer, we may send you an email telling you about it.
To bill and collect money owed to us. This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments. To learn more about the steps we take to safeguard that data, see Section 7 below.
To provide customer support.
To protect the rights and safety of our Members and third parties, as well as our own.
To meet legal requirements like complying with court orders and valid subpoenas.
To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements.
To prosecute and defend a court, arbitration, or similar proceeding.
To support and improve the Services we offer. This includes adding features that compare the results of Members’ Campaigns.
To communicate with you about your account for informational, not promotional, reasons.
To transfer your information in the case of a sale, merger, consolidation, or acquisition.
To send you informational and promotional content that you may choose (or “opt in”) to receive. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
7. Other Data Protection Rights
You and your Contacts may have the following data protection rights:
To access, correct, update or request deletion of Personal Information. Postalytics takes reasonable steps to ensure that the data we collect is reliable for its intended use, accurate, complete and up to date. As a Member, you can manage many of your individual account and profile settings within the dashboard provided through the Postalytics platform. You can also manage information about your Contacts within the dashboard provided through the Postalytics platform to assist you with responding to requests to access, correct, update or delete information that you receive from your Contacts.
In addition, individuals who are residents of the EEA can object to processing of their Personal Information, ask to restrict processing of their Personal Information or request portability of their Personal Information. You can exercise these rights by contacting us using the contact details provided in the “Questions” section. If any of your Contacts wishes to exercise any of these rights, they should contact you directly.
Similarly, if Personal Information is collected or processed on the basis of consent, the data subject can withdraw their consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent. If you receive these requests from Contacts, you can delete them from your lists within the Postalytics platform to ensure that you only market to Contacts who have not opted out of receiving such marketing.
The right to complain to a data protection authority about the collection and use of Personal Information. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA are available here.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection law. We may ask you to verify your identity in order to help us respond efficiently to your request. If we receive a request from one of your Contacts, we will either direct the Contact to reach out to you, or, if appropriate, we may respond directly to their request.
Tools and Algorithms
Postalytics analyzes lists, campaigns, templates and addresses to find trends in the data. That information helps us give you a better service.
Occasionally, we may have to disclose information about our customers to meet legal requirements. Third-party disputes are a common example: If two parties have a dispute, and one of them used Postalytics in a way that’s relevant to the dispute, then we might get a request for user data. Whether we say “no way” or comply depends on the subpoena.
8. Public Information and Third Parties
Blogs, Support Forums and Social Media. We have public blogs, support forums and links to Social Media sites about Postalytics on our Websites. Any information you include in a comment on any of these properties may be read, collected, and used by anyone. If your Personal Information appears on our blogs and you’d like it to be removed, contact us here. If we’re not able to remove your information, we’ll let you know why.
Social Media Widgets. Our Websites include social media features, like the Facebook Like button. These features may collect information about your IP address and which page you’re visiting on our site, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our site. Your interactions with those features are governed by the privacy policies of the companies that provide them.
9. Content of Campaigns
When you send campaign messages, they bounce around from server to server as they cross the internet and phone networks. Direct mail messages are handled by humans in many places. Along the way, server administrators and/or other humans can read what you send. Direct Mail wasn’t built for confidential information. If you have something confidential to send, please don’t use Postalytics.
Our rule of thumb is “Never send anything in a Direct Mail piece that you don’t want publicly known.”
10. Your Contact Lists
Your subscriber lists are stored on a secure Postalytics server. We don’t, under any circumstances, sell your lists, contact people on your lists, market to people on your lists, steal your lists, or share your lists with any other party, unless it’s required by law. If someone on your list complains or contacts us, we may then contact that person. Only authorized employees have access to view Contact Lists. You may export (download) your lists from Postalytics at any time.
We’ll use and disclose the information in your Contact Lists only for the reasons listed under Use of Your Personal Information, except the following. (In other words, we will not use and disclose the information in your Contact Lists to):
- bill or collect money owed to us;
- send you system alert messages;
- communicate with you about your account; or
- send you informational and promotional content.
Your List Data
It’s worth repeating: We respect your privacy and your subscribers’ privacy. We’d never sell your information or bother anyone on your mailing list.
11. Notice of Breach of Security
Nobody’s safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your Contact Lists, then Postalytics will notify you as soon as possible and later report the action we took in response.
12. Safeguarding Your Information
To protect your information, our credit card processing vendor has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, they make use of best-in-class security tools and practices to maintain a high level of security.
Postalytics accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party.
13. Accuracy of Data, Transparency, and Choice
We do our best to keep your data accurate and up to date, to the extent that you provide us with the information we need to do that. If your data changes (like a new email address), then you’re responsible for notifying us of those changes.
We only store data about you for as long as it’s reasonably required to fulfill the purposes that gave us the right to access it in the first place. We keep some data indefinitely, relating to when and where campaigns & messages were sent, which were returned, which resulted in a complaint, and similar information, because we use it to help us screen out people who violate our terms of service, improve our services, and for other reasons explained in this policy.
We’ll give you access to any Personal Information about you that we hold within 30 days of any request for that information you make by emailing email@example.com. Unless it’s prohibited by law, we’ll remove any Personal Information about you from our servers at your request.