EcoMail Inc. Privacy Statement
Overview
Eco-Mail Inc. (“Eco-Mail,” “we” or “us”) is committed to protecting your privacy and earning your trust. This Privacy Statement, which is effective as of April 19, 2021 describes Eco-Mail’s privacy practices for both the web site located at www.eco-mail.com (our “Website”) on the one hand, and the applications which Eco-Mail creates, configures and hosts on behalf of its business customers, and any derivative products which are developed to work either remotely or on a mobile/tablet device (collectively “Applications”), on the other hand. The ownership of information and responsibility for determining the purposes and means of processing of information with respect to Eco-Mail’s Applications is subject to agreements entered into between Eco-Mail and each of its business customers, which allocate such ownership and authority to such business customers.
Eco-Mail is the leading enterprise software provider that digitizes an organization’s mail. Our solution eliminates sorting in the mailroom and physical delivery to recipients and facilitates remote work by both individuals and groups. In addition to contributing to tremendous cost savings, Eco-Mail streamlines operations, improves process, audit and compliance controls and allows businesses to be more flexible and responsive.
When it comes to handling your personal information, consistent with our mission and partnering approach with our business customers and the nature of our business (handling sensitive communications) we regard data protection and privacy not only as a compliance issue, but also as an ethical obligation and a basis on which we compete. We believe it is important to set an example for other companies to follow, which includes diligence and transparency with respect to our management of personal information. This Privacy Statement is part of our effort to achieve that.
We have created two separate Privacy Statements, one for our Website located at www.eco-mail.com and one for our Applications, each intended to provide you with information about what personal information we collect, how and why, how we use it, who we share it with, how we protect it, how long we keep it and your rights in respect of your personal information that we collect.
Website Privacy Statement
Updated: April 19, 2021
This Privacy Statement applies to Eco-Mail’s collection and processing of personal information as a controller (as such term is defined in the General Data Protection Regulation (EU) 2016/679 (the “GDPR”)) or as a business (as such term is defined under the California Consumer Privacy Act (“CCPA”)), in particular through our Website, or through webinars, webcasts, podcasts or other events we may host or sponsor online or at in person events such as trade shows or conferences. For information about our collection and processing of personal information in connection with our Applications where we operate in the capacity of processor (as such term is defined in the GDPR) or service provider (as such term is defined in the CCPA) please go to our Applications Privacy Statement. If you do not agree with our policies and practices, please do not use the Website or related services. By accessing the Website or related services, you agree to this Privacy Statement.
The term “personal information” as used herein means any information relating to an identified or identifiable natural person or household.
How we collect personal information
We may collect personal information from you directly or indirectly. For example, when you register for one of our events or sign up to receive our marketing materials, a demo or other promotional communications, you provide personal information directly to us. Other times, personal information is collected automatically pertaining to your use our Website. In addition, we may also obtain personal information from third parties or that is publicly available.
We collect personal information when you provide it
You may provide certain kinds of personal information directly by interacting with Eco-Mail online and offline (including via social media or web forms, by telephone, email, text, in person or through postal mail).
When you elect to contact us, request a demo or free trial, register for webinars, webcasts, podcasts or other events we may host or sponsor online or sign up for or download certain resources available on our Website, you may be requested to provide, among other things, your email address, phone number and employer name. We may also collect such personal information that you voluntarily provide at industry or Eco-Mail sponsored in-person events.
We collect personal information from third-party sources
We may collect personal information about you from third parties, including from companies we partner with to sponsor online or in-person events, public databases or third parties from whom we purchase data. We may combine this with information we already have about you. This helps us update, expand, and analyze our records, identify prospective customers, and provide information regarding our solutions that may interest you.
We also work with third parties to support delivery of our online services or content (such as email and content streaming), or those that help us manage events. Your personal information may be provided to us by those third parties.
We also may collect personal information from online social networks, for example via LinkedIn. We may collect personal information when you click “Share This” or “Like” buttons or otherwise use social media buttons or plug-ins.
We collect personal information using automated technologies
Personal information is collected by automated technologies and shared with us when visitors navigate through our Website online. We may track your browsing actions and log your IP address. We track product preferences and content downloads, to make future visits to our Website more efficient.
Other automated collection technologies – such as cookies, beacons, tags, and scripts – are used by us to analyze trends, administer the Website, and track users’ movements around the Website. We, and our third-party partners, also use these technologies to gather demographic information about our user base as individuals and in the aggregate.
Options with respect to Collection of Your Personal Data
Opt out of marketing communications
If at any time you wish to opt-out of future newsletters or other promotional emails from us, you may click the “unsubscribe” link in the email or otherwise contact us at [email protected]. It may take up to 10 business days before you stop receiving promotional emails. This opt-out does not apply to operational communications, for example, order confirmation emails.
Access, update or delete information
If you have supplied us with personal information, for example by entering your contact and other personal information on the “Contact” page of our Website, you may update or delete your contact or other personal information by contacting us at [email protected].
Cookies & browser web storage
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. To prevent the use of Google Analytics relating to your use of our Website, you can download and install the browser plug-in available here. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Website may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.
Targeted online advertising
Some of our third party partners that collect information about users’ activities on or through the Website may be members of organizations or programs that provide choices to individuals regarding the use of their browsing behavior for purposes of targeted advertising. Users may opt out of receiving targeted advertising by:
- Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit allaboutcookies.org.
- Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our Website from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
- Platform opt-outs. The following prominent advertising partners (that we may engage from time to time) offer opt-out features that let you opt-out of use of your information for interest-based advertising:
- Google: https://adssettings.google.com
- Bing: https://about.ads.microsoft.com/en-us/resources/policies/personalized-ads
- Outbrain: https://my.outbrain.com/recommendations-settings/home
- Criteo: https://www.criteo.com/privacy/disable-criteo-services-on-internet-browsers/
- BidSwitch: http://x.bidswitch.net/opt-out
- Xandr: https://platform.xandr.com/privacy-center/
- Aggregate Knowledge: http://www.aggregateknowledge.com/privacy/ak-optout/
- Pinterest: https://help.pinterest.com/en/article/personalization-and-data
- Facebook: https://www.facebook.com/about/ads
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
- Digital advertising Alliance: http://optout.aboutads.info
- Network Advertising Initiative: http://optout.networkadvertising.org/?c=1
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt-out on every browser and device that you use.
Do Not Track
Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
We will not knowingly collect information from anyone younger than 18 years
Our Website and services associated with our Website are not intended for use by anyone younger than 18 years old, and we will never knowingly collect personal information from anyone younger than that. If you are under 18, please do not send any information about yourself to us. If we become aware that personal information of anyone younger than 18 has been provided to us for any purpose we will delete the information from our files.
Our Legal Basis for Collection
Certain data protection laws require that we have a legal basis for collecting your personal information. The legal basis we rely upon may be different in each circumstance or we may have one or more legal bases for the collection.
When accessing our Website, we collect personal information from you where (1) we have your consent, (2) where your personal information is necessary for us to provide a service (for example, when you register for certain resources on our Website), or (3) where we have a legitimate interest to process your information and that legitimate interest is not overridden by your data protection interests or fundamental rights and freedoms. Examples of processing of personal information to further our own legitimate interests, in a manner that does not outweigh your rights and freedoms, may include continuously improving, customizing, and personalizing our Website, including taking steps to protect against fraud, spam, and abuse; analyzing and improving the safety and security of our Website; and, aggregating and/or anonymizing personal information so that it is no longer considered personal information.
Also, in some cases, we may have a legal obligation to process your personal information, or to process your personal information to exercise, establish or defend legal claims.
How we use personal information
Consistent with our mission we endeavor to be transparent about our use of your personal information.
As mentioned above, visitors to the Website will provide their name and email address and other personal information when they elect to contact us, request a demo or free trial, register for webinars, webcasts, podcasts or other events we may host or sponsor online or sign up for or download certain resources available on our Website.
Collecting and using this information allows not only easier, quicker access to our Website, content, and services on subsequent visits but also allows us to secure the information you have provided. As users navigate through the Website, their movements will be tracked and analyzed. Using this information allows us to provide more relevant content and create a better visitor experience. We also use personal information to:
- provide, operate and improve the Website and our services;
- market our products and services, typically through email and telephone;
- understand your needs and interests, and personalize your experience with the Website and our communications;
- respond to your requests, questions, feedback and support requests;
- maintain the security and integrity of the Website;
- communicate with you about and provide updates regarding the Website and marketing information, such as special promotions or surveys, etc.;
- comply with legal and regulatory requirements applicable to our business and internal policies, including those relating to maintaining records;
- protect all parties in the event of disputes;
- comply with court orders and legal processes, and to enforce our Terms of Use and this Privacy Statement; and
- accomplish any other legal, business, or marketing purposes consistent with the practices described in this Privacy Statement.
As noted above, we are the controller or business with respect to personal information we receive through our Website for our own business purposes, but where we are acting as a processor or service provider in delivery of our Applications, including providing guidance and services to our business customers, we do so as a processor or service provider as those terms are defined in the GDPR and CCPA, respectively. The information we receive through our Applications and related services is subject to our Applications Privacy Statement.
If you provide personal information about others, or others give us your information, its use is limited to the specific purpose for which it was provided. Typically, this includes your name and business contact information (email address, phone number and employer).
We do not sell personal information we receive through our Website or share it other than as outlined in this Privacy Statement.
How we share your personal information
We may share your personal information with third parties for various reasons, among them email delivery, data hosting, analytics, payment processing and content streaming. These services may collect browsing data that includes IP addresses, referring pages, and users’ movements as they navigate our Website. Other third parties help us with our marketing, including sending marketing communications and analyzing the effectiveness of our marketing efforts. When we share your personal information with a third party, we require that third party to protect the information consistent with this Privacy Statement and limit its use of the information to performing the services they provide to us.
Your content: if you make a public post, other users may see it
We may make available on our Website, or link to, features that allow you to generate your own content or share information online (e.g., on our blog or LinkedIn). Please do not embed personal information in the content you generate or share personal information online in public forums, because any such information can be collected and used by others. We have no control over, and take no responsibility for, the use, storage, dissemination or erasure of personal information embedded in user-generated content or shared on the Website or linked pages. By posting personal information online in public forums, you may receive unsolicited messages from other parties.
Third party sites
If you make a post on a third-party social media site, such as LinkedIn, or by identifying us in your social media feed by tagging us using a hashtag (#) or “at” (@), your personal information may be publicly available and is subject to the privacy policies of those third-party social media sites. As a reminder, this Privacy Statement describes how we collect and process your personal information. We recommend you review the privacy policies of any third-party sites you visit to understand their data collection and processing practices.
Feedback you provide to us
If you provide suggestions for improving our Website or services, please be aware that any feedback relating to our Website or social media channels may be publicly shared.
Successors to our business may access your personal information
In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, any user information we control may be among the assets transferred to third parties as successors in interest. As part of this type of transaction, we reserve the right to transfer or assign your personal information to third parties. Other than to the extent ordered by a bankruptcy or other court, or as otherwise agreed to by you, the use and disclosure of all transferred user information will be subject to this Privacy Statement.
Compliance with legal requirements
We may disclose your information to government authorities or other third parties if:
- we are required to do so by law, or in response to a subpoena or court order;
- we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, or to protect our property or other rights or those of other users of the Website, third parties, or the public at large; or
- we believe that you have misused the Website by using it to attack or gain unauthorized access to a system or to engage in spamming or other conduct that violates applicable laws or our Terms of Use.
How we secure personal information
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we have implemented industry-accepted organizational, physical, and technology-based security measures to protect against loss, misuse, unauthorized access, and alteration of personal information in our systems. We ensure that any employee, contractor, corporation, organization, or vendor who has access to personal information in our systems is subject to legal and/or professional obligations to safeguard that personal information which obligations are at least as stringent as those undertaken by us under this Privacy Statement.
While we use commercially reasonable, industry-accepted means to protect your personal information, no method of transmission over the Internet or form of electronic storage is completely secure and we cannot guarantee its absolute security.
Eco-Mail prohibits unauthorized access or use of personal information stored on its servers. Such access is a violation of law, and we will fully investigate and press charges against any party that has illegally accessed information within our systems.
Data Retention
Where Eco-Mail collects your personal information for its own independent business purpose, such as through our Website, or in connection with webinars and events, we do so as a controller or business and will retain your information in accordance with our data retention practices. Typically, we retain your personal information for the time necessary to serve the purpose for which it was originally collected or you subsequently authorized, and in accordance with applicable law. For example, we will retain your information for as long as necessary to comply with our legal obligations and rights, to resolve disputes, and to enforce our agreements.
Location of Processing
Eco-Mail is headquartered in the United States. Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Website you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data privacy or protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal information, including for purposes of national security or law enforcement requirements.
The United States currently is not a country the European Union (“EU”) deems “adequate” under applicable data protection laws. Eco-Mail collects, transfers, and processes personal information under terms required by applicable law, including: when you provide your consent, to perform a contract with you (such as to deliver products or services), or to fulfill a compelling legitimate interest of Eco-Mail in a manner that does not outweigh your rights and freedoms. Eco-Mail regularly enters into data protection agreements or other legally approved mechanisms with its vendors to support compliance with applicable law.
We take appropriate safeguards to require that the personal information we process will remain protected in accordance with this Privacy Statement when transferred internationally, including when processed internationally by third-party service providers and partners. For personal information from the European Economic Area, the United Kingdom, or Switzerland, data protection laws in those jurisdictions require that that we tell you the legal safeguards we have in place to protect that personal information. We may implement the European Commission’s standard contractual clauses, rely on general derogations in the GDPR or rely on a third-party service provider’s binding corporate rules or other legally approved mechanism for any transfer of personal information to non-European Economic Area, United Kingdom, or Switzerland third-party service providers.
Personal information received by Eco-Mail is presently, where required, transferred and processed in accordance with the applicable European Commission standard contractual clauses or general derogations in the GDPR. More information about the standard contractual clauses can be found here.
Any questions, complaints, access or other requests, and other issues arising under Eco-Mail’s Privacy Statement more generally, should be directed to [email protected] or Eco-Mail Inc., 118 North Bedford Road, Suite 100, Mt. Kisco, NY 10549, Attn: Data Privacy.
A citizen of a country within the European Economic Area, the United Kingdom, or Switzerland may also address any privacy-related questions or problems to the appropriate data protection authority in his or her country.
European Economic Area, Switzerland, or United Kingdom
Individuals from the EU, the United Kingdom and Switzerland have certain rights associated with their personal information based on applicable law.
In addition to the rights granted under this Privacy Statement, EU, the United Kingdom and Switzerland data subjects have the following data protection rights under applicable law:
- You can request access to, correction of, updates to, or request deletion of your personal information in our possession.
- You can request more information about how we process your personal information, where and how we collected that information, the categories of that information, with whom we share it, and how long we retain it.
- You can object to the processing of your personal information, ask us to restrict the processing, or request portability of your personal information.
- You have the right to opt out of marketing communications we send at any time. You can opt out by clicking on the “unsubscribe” or “opt-out” link in any marketing email we send you.
- If we have collected and processed your personal information based upon your consent, you may withdraw your consent at any time; however, withdrawing your consent will not affect the lawfulness of any processing we conducted before your withdrawal, nor will it affect processing of your personal information when we have relied on other legal grounds for the processing.
- Upon your request, and where it is technically feasible, Eco-Mail will provide you with a copy of your personal information in a portable format or transmit it directly to another controller.
- You have the right to make a complaint to the appropriate data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. Contact details are available here.
To make a request, including withdrawal of consent to processing of your personal information, please contact us by emailing us at [email protected] with “Data Subject Request” in the subject line. Provide full details relating to your request, including your contact information and any other details you believe are relevant. We are committed to responding to verifiable requests to exercise data protection rights in accordance with applicable laws.
California Consumer Rights
The California Consumer Privacy Act provides specific rights to consumers who reside in California. If you are a resident of California, as that term is defined under California law, this section shall apply in addition to all other applicable rights and information contained in this Privacy Statement.
- You have the right to request that we provide you with information about what personal information we collect, use, and disclose.
- You have the right to request that we delete personal information we, or our service providers, store about you.
- We will not discriminate or retaliate against you if you elect to exercise any rights under this section of our Privacy Statement or otherwise under the CCPA.
- As noted above, we do not sell your personal information and we only share your personal information with third parties as described in this Statement. If we ever change our policy, you will have the right to request that we not sell your personal information.
- You have the right to designate an authorized agent to make a request on your behalf. Please see the Identity Verification Requirement below for information on our process for verifying that we have received a legally valid request.
- If you are a California resident and have additional questions as to your rights under this Privacy Statement and the CCPA or wish to submit a request with respect to your personal information, please contact us at [email protected] as described below.
Identity verification requirement
The law requires us to verify that any request submitted was made by someone with the legal right to access the information. Therefore, before accessing or divulging any information pursuant to a data access request, we may request that you provide us with additional information so we can verify your identity and legal authority, particularly where the information provided with the request is insufficient to confirm legal authority and/or identity.
To make a request, please contact us by emailing us at [email protected] with “Data Subject Request” in the subject line and provide full details about your request, including your contact information and anything you believe is relevant. We will provide a response to an access request within the timeframes required by law. If we cannot substantively respond in a timely manner, we will notify you and provide the reason for the delay.
Under certain circumstances, we may not fulfill your request, such as when doing so would interfere with our regulatory or legal obligations, when we cannot verify your identity, if your request involves disproportionate cost or effort as provided under applicable law, or when the law allows or requires us to retain that information. In all such cases, however, we will respond to your request within a reasonable time, as required by law, and provide an explanation.
Updates
This Privacy Statement will be reviewed at least every 12 months and updated to reflect our personal information handling practices. We reserve the right to amend this Privacy Statement at any time, for any reason, without additional notice to you, other than through posting the updated Privacy Statement on our Website. We invite you to return to this page to ensure you are informed of any updates we make about how we collect, use, and protect customer information. You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the beginning of this Privacy Statement.
Contact Us
If you have questions about the way we handle personal information, please contact us at:
Eco-Mail Inc.
118 North Bedford Road, Suite 100
Mt. Kisco, NY 10549
Attn: Data Privacy
or
Applications Privacy Statement
Updated: April 19, 2021
Eco-Mail Inc. (“Eco-Mail”, “Company”, “we”, “us”) is committed to protecting your privacy and earning your trust.
Eco-Mail is the leading enterprise software provider that digitizes an organization’s mail. When it comes to handling your personal information, consistent with our mission and partnering approach with our business customers and the nature of our business (handling sensitive communications) we regard data protection and privacy not only as a compliance issue, but also as an ethical obligation and a basis on which we compete. We believe it is important to set an example for other companies to follow, which includes diligence and transparency with respect to our management of personal information. This Privacy Statement is part of our effort to achieve that.
This Privacy Statement applies to the applications Eco-Mail creates, configures and hosts on behalf of its business customers, and any derivative products which are developed to work either remotely or on a mobile/tablet device (collectively “Applications”). It does not apply to any website, mobile app, service, or product that does not display or link to this Privacy Statement or that contains its own privacy statement. For information about how we use personal information we receive in connection with operating our business, including our company website, please see our Website Privacy Statement. If you do not agree with these policies and practices, please do not use the Applications. By accessing the Applications or using our software services, you agree to this Privacy Statement.
As part of the services we provide to our business customers, you may interact with us online (through the Applications) or by email, telephone or ordinary mail and in doing so, you may share your personal information with us. The information received by Eco-Mail in delivering the Applications is collected on behalf of our business customers and is processed by us according to the contract with that business customer.
The term “personal information” as used herein means any information relating to an identified or identifiable natural person or household.
How we collect personal information
We may collect personal information from you directly or indirectly. For example, when your employer or other related company purchases an Application where you may be a recipient of digital mail, (a) your employer will generally provide personal information directly to us for your participation in and use of our Applications, and (b) you may enter personal information to register for use of such Application and from time to time thereafter as necessary for us to provide the services rendered through the Application. Other times, personal information may be collected automatically as you use our Applications as we outline in this Privacy Statement. We also may receive other personal information from our business customers or other related third parties to facilitate the provision of services rendered through an Application.
We collect personal information through the Applications on behalf of business customers who subscribe for our solutions. Our business customers determine purposes for and means by which personal information is collected, used, stored, or deleted within the Applications purchased by them, and how such information is processed. Eco-Mail acts as a service provider (as such term is defined under the California Consumer Privacy Act (“CCPA”)) or data processor (as such term is defined in the General Data Protection Regulation (EU) 2016/679 (the “GDPR”)) of this personal information under the terms of our contract with that customer, who is the business (as such term is defined in the CCPA) or data controller (as such term is defined under the GDPR) with respect to such personal information. Other than as required to process such information as instructed by our business customer, we make no decisions regarding the personal information we receive from you. Questions about how an applicable business customer (i.e., your employer) uses, shares, or processes your personal information should be directed to your employer. Unless prohibited by law, we will honor our business customer’s instructions with respect to your personal information.
Legal Basis for Collection
When we collect personal information through our Applications, we do so as a processor, or service provider, as instructed by our business customer, the controller or business. Certain data protection laws require that businesses or controllers have a lawful or legal basis for collecting personal information. The lawfulness of our collection of personal information in connection with our Applications is determined by the business or controller with respect to such information, who is our business customer. If you have questions about the legal basis or lawfulness of our collection of personal information, please contact that business customer (e.g., your employer) directly.
We collect personal information when you provide it
You may provide certain kinds of personal information directly by interacting with the Applications (whether you’re an employer or employee or other stakeholder) or offline (by phone, email, mail or in person). Depending on the Application, users will provide different types of personal information. The type of personal information we collect is determined by our business customer.
Types of personal information typically collected include:
- Name (first and last)
- Email address
- Job site, job title, department and supervisor
- Log-in credentials
Purposes of collecting such personal information are primarily to route and deliver mail in a digital format and to permit your employer to track, search and audit all aspects of such mail in transmission and at rest.
We collect personal information using automated technologies
In very limited circumstances, personal information is collected by automated technologies – such as cookies, beacons, tags, and scripts – within the Application being used. Such technologies are required for the operation of our Applications. Other personal information, such as IP addresses, may also be automatically collected from users of the Applications. Doing so protects and secures the integrity of our systems and the information we process. They may be shared with law enforcement to enforce our rights, ensure the security and integrity of our systems, or as otherwise required by applicable law.
We collect personal information from third-party sources
When we provide our business customers with our Applications, that often requires them to share personal information about their employees and other stakeholders with us. The kinds of personal information typically collected are names, business contact details (such as email addresses), and job titles. When your employer or business partner gives us your information, we use it only for the specific purpose for which it was provided pursuant to their instructions. Collecting this personal information helps us deliver our services and comply with customer contracts.
How we use personal information
Our business customers determine what personal information is collected by us and how it is used. We are a processor of the personal information collected and process such information solely in accordance with our business customer’s instructions. We primarily use it in these ways:
- To provide access to the Applications for our business customers and their end users (e.g., employees)
- To maintain the security and integrity of the Applications
- To communicate with our business customers and their end users about the Applications
- To respond requests for support
- To develop and improve the Applications
- To comply with legal and regulatory requirements applicable to our business and internal policies
- To protect all parties in the event of disputes
- To comply with court orders and legal processes, and to enforce our Terms of Use and this Privacy Statement.
- For any other legal or business purposes that comply with applicable law and the practices described in this Privacy Statement.
Collecting and using this information allows not only easier, quicker access to our Applications, content, and services on subsequent visits but also allows us to secure the information provided. As users navigate through the Applications, their movements will be tracked and analyzed, allowing us to improve our services, page response times and users’ experiences.
If you provide personal information about others when using our Applications, or others give us your information, its use is limited to the specific purpose for which it was provided.
Please note that personal information we receive within any Application is never sold and only shared with our business customer as outlined in this Privacy Statement.
How we share personal information
Once your personal information is collected in the Applications, as detailed above, we may share it with third parties for various reasons. As mentioned above, the primary person we share your personal information with is your employer.
In some cases, we use third parties to help deliver our services to our business customers and their end users. These third parties are restricted by contract from processing any personal information except to provide and deliver those services to us.
Other third parties help us analyze how our Applications are used. Such analysis improves the quality of those services and helps us to deliver them in a timely and functional manner. We may use anonymized or de-identified personal information collected through the Applications to create data sets for our purposes. Those sets do not include information that could reasonably be linked to an identifiable individual or household.
As noted previously, we share your personal information with the relevant business customer in accordance with our contract with that business customer. When we share personal information with our third party service providers, we require that third party to protect the information consistent with this Privacy Statement and applicable law and to limit use of the information strictly to performing the services they provide to us.
Successors to our business may access your personal information
In the event of a merger, acquisition, reorganization, bankruptcy, or other sale of all or a portion of our assets, any personal information in our possession may be among the assets transferred to third parties as successors in interest. As part of this type of transaction, we reserve the right to transfer your personal information in our possession to third parties, subject to our agreements with our business customers. The use and disclosure of all such transferred personal information will remain subject to the privacy policies of our business customers and this Privacy Statement.
Compliance with legal requirements
We may disclose your information to government authorities or other third parties if:
- we are required to do so by law, or in response to a subpoena or court order;
- we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, or to protect our property or other rights or those of other users of the Website, third parties, or the public at large; or
- we believe that you have misused the Website by using it to attack or gain unauthorized access to a system or to engage in spamming or other conduct that violates applicable laws or our Terms of Use.
How we secure personal information
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we have implemented industry-accepted organizational, physical, and technology-based security measures to protect against loss, misuse, unauthorized access, and alteration of personal information in our systems. We ensure that any employee, contractor, corporation, organization, or vendor who has access to personal information in our systems is subject to legal and professional obligations to safeguard that personal information which obligations are at least as stringent as those undertaken by us under this Privacy Statement.
While we use commercially reasonable, industry-accepted means to protect your personal information, no method of transmission over the Internet or form of electronic storage is completely secure and we cannot guarantee its absolute security.
Eco-Mail prohibits unauthorized access or use of personal information stored on its servers. Such access is a violation of law, and we will fully investigate and press charges against any party that has illegally accessed information within our systems.
Data Retention
Personal information collected by Eco-Mail through our Applications will be retained as directed by our business customers. Should you have any questions about how long your personal information is retained, please contact the applicable business customer (e.g., your employer) directly.
Location of Processing
Eco-Mail is headquartered in the United States. Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Applications you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data privacy or protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal information, including for purposes of national security or law enforcement requirements.
The United States currently is not a country the European Union (“EU”) has deemed “adequate” under applicable data protection laws. Eco-Mail collects, transfers, and processes personal information in accordance with its legal obligations under contracts with its business customers who, as we have noted previously in this Privacy Statement, determine the legal bases for our collection and processing (including transfer) of personal information, including personal information from the European Economic Area, the United Kingdom, and Switzerland. If you want to know what legal basis is relied upon for Eco-Mail to receive and processes personal information, you will need to contact the relevant business customer (e.g., your employer) directly.
We take appropriate safeguards to require that the personal information we process will remain protected in accordance with this Privacy Statement when transferred internationally, including when processed internationally by third-party service providers and partners. For personal information from the European Economic Area, the United Kingdom, or Switzerland, data protection laws in those jurisdictions require that that we tell you the legal safeguards we have in place to protect that personal information. We may implement the European Commission’s standard contractual clauses, rely on general derogations in the GDPR or rely on a third-party service provider’s binding corporate rules or other legally approved mechanism for any transfer of personal information to non-European Economic Area, United Kingdom, or Switzerland third-party service providers.
Personal information received by Eco-Mail is presently, where required, transferred and processed in accordance with the applicable European Commission standard contractual clauses or general derogations in the GDPR. More information about the standard contractual clauses can be found here.
Any questions, complaints, access requests, and other issues arising under Eco-Mail’s Privacy Statement more generally, should be directed to [email protected] or Eco-Mail Corporation, 118 North Bedford Road, Suite 100, Mt. Kisco, NY 10549, Attn: Data Privacy.
A citizen of a country within the European Economic Area, the United Kingdom, or Switzerland may also address any privacy-related questions or problems to the appropriate data protection authority in his or her country.
Your Rights
As mentioned above, we receive personal information through our Applications as processors or service providers for our business customers, who, as controllers or businesses, determine the lawfulness of our collection and the purpose for the processing. The personal information collected from end users of the Applications is managed by the business customer according to their own internal policies and procedures.
Accordingly, anyone seeking to exercise data protection rights granted by applicable law should direct their request to the relevant company or organization that is our busines customer (typically their employer). Inquiries made to Eco-Mail requesting access, alteration or deletion of personal information or other requests under applicable law will be forwarded to our business customer for resolution. Eco-Mail is not permitted to respond substantively to any such requests, but will support our business customers in their obligations in respect of such requests, unless otherwise required by law.
For Data Subjects from the European Union, United Kingdom and Switzerland
Certain data protection laws of the EU (GDPR), United Kingdom (Data Protection Act 2018) and Switzerland (Swiss Federal Data Protection Act) provide that controllers of personal information honor certain rights granted to data subjects who reside in the applicable country. As noted previously, Eco-Mail is a data processor to its business customers who are data controllers under these laws in jurisdictions where they are applicable. Eco-Mail is fully committed to supporting its business customers in their compliance with applicable law. If you are a data subject from the European Union, United Kingdom or Switzerland, and wish to exercise your rights in relation to personal data Eco-Mail may have collected on behalf of its business customer, please contact that business customer directly to exercise your rights. If we receive a request from a data subject for one of our business customers, we will direct the request to the business customer for review and response.
For California Consumers
The CCPA provides specific rights to those who live in California and requires that businesses subject to CCPA ensure those rights are honored. Certain Eco-Mail business customers may be subject to CCPA and, while Eco-Mail may not be directly subject to CCPA as a service provider, it will support its business customers in their compliance with the law. If you are a California resident and wish to exercise your rights in relation to personal information Eco-Mail may have collected on behalf of its business customer (e.g., your employer), please contact that business customer directly to exercise your rights. If we receive a request under CCPA from a California resident in relation to a business customer, we will direct the request to that business customer for review and response.
Updates
This Privacy Statement will be reviewed at least every 12 months and updated to reflect our personal information handling practices. We reserve the right to amend this Privacy Statement at any time, for any reason, without additional notice to you, other than through posting the updated Privacy Statement within our Applications. We invite you to return to this page to ensure you are informed of any updates we make about how we collect, use, and protect personal information on behalf of our business customers. You can see when this Privacy Statement was last updated by checking the “last updated” date displayed at the beginning of this Statement.
Contact Us
If you have questions about the way we handle personal information, please contact us at:
Eco-Mail Inc.
118 North Bedford Road, Suite 100
Mt. Kisco, NY 10549
Attn: Data Privacy
or