Privacy Policy
OMNISEND
PRIVACY POLICY
Effective starting: 27.05.2022
Last revised: 20.01.2023
- GENERAL PROVISIONS
- We care about your privacy and the security of your personal data (“Personal Data”), so we have developed this privacy policy (the “Privacy Policy”), which explains how we process and protect your Personal Data, what your rights we ensure, and provides other information about the processing of your Personal Data.
- In this Privacy Policy, the term “Personal Data” means any information or set of information by which we may directly or indirectly identify you, such as your name, email address, telephone number, etc.
- We process Personal Data in accordance with the provisions of the General Data Protection Regulation No. 2016/679 (EU) (the “GDPR”) and the requirements of the legal acts of the Republic of Lithuania, as well as the instructions of the authorities.
- The Privacy Policy applies when you use our tools and resources, available at https://app.omnisend.com (the “Platform”), you request and use information, services or functionalities available on the Platform (the “Services“), you act as a marketing agency, freelancer or affiliate partner and use specific services accessible via the partner portal (the “Partners Portal”) (the “Partners Portal Services”), visit our website, available at https://www.omnisend.com/, and our blog available at https://blog.omnisend.com/ (jointly the “Website”), subscribe for our newsletters or visit our social network accounts on LinkedIn, Facebook, Twitter, Instagram and YouTube (the “Social Accounts”), contact us by e-mail, phone, other electronic communication means, apply for a job, etc.
- We may use specific software to register certain customers or partners (e.g. we may use affiliate management software for registering and managing our Affiliate partners). We want to inform you that our customers or partners will be made aware that we use such platforms upon registration and that such platforms have separate privacy policies.
- In this Privacy Policy a representative of the legal person, which registers to the Platform, Partners Portal, uses the Partners Portal Services or Services shall be called a “Customer”. Persons using the Website, Social Accounts, or contacting us shall be referred to as “you” (this definition also applies to the Customer when the specific Section of the Privacy Policy applies to both the Customer and other Data Subjects).
- The Platform, Partners Portal, Website and Social Accounts may contain links to external websites, such as our partner websites, websites promoting our Services. When you follow links to any of these websites, please note that these sites and the services accessed through them have their own separate privacy policies and that we assume no responsibility or liability for this policy or for the collection of Personal Data on these sites. Before submitting Personal Data there or using related services, it is important to review their privacy policy.
- By using the Services, Partners Portal Services, Platform, Partners Portal, Website or Social Accounts, subscribing to our newsletters, or contacting or addressing us on any other issues, you are agreeing to the terms of this Privacy Policy and the purposes, methods, and procedures for the use of your Personal Data specified therein. If you do not agree with the Privacy Policy, you may not use our Services or otherwise interact with us.
- Capitalized definitions that are not specifically defined in this Privacy Policy shall have the meanings set out in the Omnisend Terms and Conditions (the “Terms”), other documentation available at the Platform and Website and the GDPR.
- This Privacy Policy is subject to change, so please visit the Website from time to time and read the latest version of the Privacy Policy. Continued use of the Services, Partners Portal Services, Platform, Partners Portal, Website or Social Accounts will, to the greatest extent permitted by applicable law, be considered as consent to any updates to the Privacy Policy which may be made, from time to time.
- WHO ARE WE?
- We are Omnisend and we act as a group of private limited liability companies, in most cases acting as joint Controllers of your Personal Data (the “Omnisend”, “Company” or “we”). This Privacy Policy applies to all the legal entities (the “Affiliates”) listed below:
Name of the Company | UAB Omnisend | Omnisend, LLC. | Omnisend, Ltd. | |
Legal entity code: | 302530363 | 6567194 | EIN 301200039 | |
Address: | Verkių g. 25C-1, LT-08223 Vilnius, Republic of Lithuania. | Address – Unit A3, Gateway Tower, 32 Western Gateway, London, E16 1YL
England |
1401 Sam Rittenberg Blvd Suite 2, Charleston, SC 29407, United States | |
Contact details | E-mail: [email protected]
|
|||
Contacts of the DPO. | E-mail:[email protected]
Address: Verkių g. 25C-1, LT-08223 Vilnius, Republic of Lithuania |
- We act as a Personal Data Controller in offering and providing Services, Partners Portal Services, Platform and the Partners Portal, managing the Website and Social Accounts, performing the Companies’ day-to-day operations, complying with legal requirements, etc.
- When we receive and process Personal Data on behalf of our Customers that use our Services and the Platform, we conduct such processing only in accordance with the terms set forth in the Data Processing Agreement (the “DPA”) concluded between us and the Customer. In such scenario we act as a Personal Data Processor for our Customers, as it is stipulated in Article 28 of GDPR.
- We also offer various integrations, i.e. technical solutions, such as plug-ins, that allow you to integrate our Services on other platforms (e.g. eCommerce platforms, social networks, etc.). These integrations help you to analyze the flow of your customers (by providing anonymized statistical data), etc. You can see a list of integrations we offer here. For more information on how providers of those integrations process Personal Data please see their own privacy policies.
- When offering Partners Portal Services, we act as a Sub-Processor of Personal Data and we only subprocess Personal Data on behalf of the Customer solely according to the agreement signed between Omnisend and the delegating Customer who uses Partners Portal Services, for example, to help its clients to perform marketing campaigns and manage their accounts on the Platform. In such a scenario, again, we only process Personal Data on behalf of our Customer and strictly according to the DPA signed between us and such Customer. Our representatives, who are bound by a confidentiality agreement, may also log into such Partners Portal Services account to help them with the issues they face while using Partners Portal Services, adjust their account settings, etc. We assure you that such logins wouldn’t be performed without prior notice or regularly.
- WHAT PERSONAL DATA DO WE PROCESS?
- We process your Personal Data which we may obtain in the following ways:
3.1 When you provide Personal Data to us, for example, when you register to and use the Platform, Partners Portal, Services, Partners Portal Services, contact us, subscribe to our newsletter, apply for a job position offered by us, etc.;
3.2 When we collect your Personal Data when you use our Services, Partners Portal Services, Platform, Partners Portal, Website, Social Accounts, such as usage history, your IP address, device information, transaction information, general location, cookies, preferences, open URL links, etc.;
3.3 When we receive Personal Data from other parties, for example, when we receive information from public registers, state or local government institutions or bodies, our partners, other third parties, such as payment institutions, about payments made, etc.;
3.4 When your Personal Data, with your consent, is provided to us by other persons, including companies using our Services, for example, when such companies indicate your contacts, refer to you as an authorized person, etc.
- We process Personal Data to offer and provide Services, Partners Portal Services, Platform and Partners Portal, to fulfil our contractual obligations, as well as pursuing our or third parties’ legitimate interest, in compliance with legal regulations or obligations.
- The person providing Personal Data to us is responsible for the correctness, completeness, and relevance of such Personal Data, as well as for the consent of the person whose data is provided to submit his/her/their Personal Data to us. We may ask you to confirm that the person has the right to provide us with Personal Data (for example, by filling in service order or registration forms). If necessary (e. g. a person inquires to us about receiving their Personal Data), we will indicate the provider of such Personal Data.
- We process your Personal Data for the following purposes and under the following conditions:
Purpose of the processing of Personal Data | Personal Data being processed | Personal Data processing period | Legal basis for the processing of Personal Data |
Registration to and use of the Platform, user identification, provision of the Services. | Name, surname, email, phone number, username, password, used email or marketing automation software, platform used for online store, workplace and job information, position, relationship with the represented legal entity, billing name and address, Services and account usage history and data, marketing campaigns data, content associated with Services and account information about the Services ordered and used and changes therein. | During the period of use of the account and 5 years after the last login to the account.
Where the Personal data is processed based on consent during the validity term of the consent and in case of revocation of the consent – until the expiry of the consent. |
Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR).
Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Agency/freelancer registration to and use of the Partners Portal Services, identification, provision of the Partners Portal Services. | Name, surname, email, phone number, username, password, workplace and job information, partner client’s data, location data, Partners Portal Services and account usage history, marketing campaigns data, content associated with Services and account, other information about the Partner. | During the period of use of the account and 5 years after the last login to the account.
Where the Personal data is processed based on consent during the validity term of the consent and in case of revocation of the consent – until the expiry of the consent. |
Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR).
Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Affiliate partner registration to and use of the affiliate management software, identification of the Affiliate partner, maintenance of the business relations and communication with the Affiliate partner. | Name, surname, email, phone number, username, password, workplace and job information, position, relationship with the represented legal entity, self-employment certificate data, payments data, billing name and address, affiliate link sharing data, affiliate link analytical data, marketing campaigns data, content associated with account. | During the period of use of the account and 5 years after the last login to the account.
Where the Personal data is processed based on consent during the validity term of the consent and in case of revocation of the consent – until the expiry of the consent. |
Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR).
Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Services, Partners Portal Services quality management and services related communication. | Name, surname, email, phone number, username, password, workplace and job information, position, relationship with the represented legal entity, subscribed Services or Partners Portal Services, information needed to address quality issues, content of the request and response to the request. | During the administration of the question and 5 years after the end of the administration of the question or the last contact. | Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Conclusion and execution of contracts necessary for the Omnisend’s activities, other internal management. | Name, surname, phone number, e-mail, workplace and job information, position, relationship with the represented legal entity, self-employment certificate data, other data required for cooperation. | During the period of provision of Services/cooperation and 5 years after the end of provision of Services/cooperation unless a longer storage period is mandatory in accordance with the Index of General Document Storage Periods approved by order No. V-100 of the Chief Archivist of the Republic of Lithuania of 9 March 2011. | Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Execution of financial operations, accounting, debt management. | Name, surname, e-mail, phone number, address, workplace and job information, position, relationship with the represented legal entity, account number, credit institution, payment information, debt information, data transferred by the company collecting the contributions and confirmations of payments. | According to the regulatory legal acts, as well as in accordance with the Index of General Document Storage Periods approved by order No. V-100 of the Chief Archivist of the Republic of Lithuania of 9 March 2011.
When the data does not fall within the above-mentioned storage area – the period of validity of the contract/cooperation between the parties and 10 years after the end of the contract/relationship (last contact). |
Data processing is necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR).
Data processing is necessary to fulfill a legal obligation imposed on the data controller (Article 6(1)(c) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Evaluation and selection of candidates for the offered job. | Name, surname, e-mail, phone number, address, education and activity data, content of the CV, other information required for the selection/evaluation of the candidate or provided by the candidate. | During the recruitment campaign period and 3 months after the selection if the candidate’s consent to the retention of data after the selection has been obtained.
When data are received not for a specific recruitment campaign, they shall be stored for 3 months after the date of their receipt. |
Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Management of electronic information channels (Platform, Partners Portal, Social Accounts, Website), ensuring functionality and security and improving quality. | IP address, data collected with the help of cookies and settings, browser used, date and time of login, mobile device model and manufacturer, mobile device operating system (iOS, Android), password usage information.
Data collected through the integration of Social Accounts. |
Website, Platform and Partners Portal data are stored as described in the section of this Privacy Policy “How Do We Use Analytical Data, Cookies and Other Tracking Technologies”.
Website, Platform and Partners Portal data that is not included in the cookie information is stored for a maximum of 1 year from the date of collection, unless the person revokes his/her consent (when the data are processed on the basis of consent. Information in Social Accounts is stored according to the conditions set by the owner of this network. |
Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR);
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Sending news, conducting surveys, direct marketing, advertising campaigns. | Name, e-mail address, phone number, the data requested in the survey announcement/questionnaire, marketing, advertising campaign analytics. | Data are processed for 5 years from the receipt of consent. | Consent of the data subject to the processing of such data (Article 6(1)(a) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Settlement of out-of-court or judicial disputes and claims. | Name, surname, workplace address, workplace and job information, position, relationship with the represented legal entity, phone number, e-mail, the content of the claim or other similar document, information/documents related to the dispute/claim. | The entire period of the dispute/claim and 3 years after the end of the out-of-court dispute/claim resolution and 10 years after the end of judicial proceedings. | Data processing is necessary to fulfill a legal obligation imposed on the data controller (Article 6(1)(c) GDPR).
Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
Platform, Services, Partners Portal and Partners Portal Services personalization and quality assurance, protection of our IP and other rights. | Name, surname, email, phone number, username, password, workplace and job information, position, relationship with the represented legal entity, Platform, Partners Portal, Partners Portal Services and Services usage data. | Data are stored for a maximum of 1 year from the date of collection. | Legitimate interests of the data controller or a third party (Article 6(1)(f) GDPR). |
You have the right to refuse or withdraw your consent to the processing of your Personal Data at any time when these are processed based on your consent.
- In Social Accounts we can share information about ourselves, our content, events, news, surveys, as well information about the employees we are looking for. Social accounts users are also subject to the privacy policies of the social networks owners. When you contact us on Social Accounts, depending on the privacy settings you choose, we may see certain user account information such as profile first name, surname, image, sex, e-mail address, location, etc. (the list is not exhaustive). If a user posts information by communicating with us on our Social Accounts (e. g. posts a comment in the comments section of our Social Account or posts a message on our Social Account profile), depending on the privacy settings chosen, the posted information may be made public (for example, visible on our Social Account to other users).
- In some cases, we may send messages related to the ordering or provision of our Services or Partners Platform Services through the contact data provided by you, for example, to inform you about the confirmation of the order, the expiration date of the ordered Services, temporary or permanent changes to the Services, including, but not limited to, planned outages, new features offered, version updates, point releases, major releases, abuse warnings, and changes to our Terms, Privacy Policy and other documents and agreements. Such communications are necessary for the proper provision of our contractual obligations and Services and are not considered marketing communications.
- You have the right to change and update your information provided to us by changing it on the Platform or by contacting us. In some cases, we need to have accurate and up-to-date information about you, so we may ask you to periodically confirm that the information we have about you is correct.
- We assure you that Omnisend does not share, sell, rent, or trade any Personal Data with third parties for their marketing or commercial purposes.
- We use Stripe as a payment intermediary service to receive payments and to manage credit card processing. Stripe is not permitted to store, retain, or use billing Information except for the sole purpose of credit card processing on our behalf. For more information about the processing of your payment data, please refer to the privacy policy of the Stripe.
- When providing our Services or Partners Portal Services, we may, in certain cases, apply automated data decision-making, for example to clarify your needs and compliance with the requirements. Automated decision-making refers to the processing of Personal Data using, for example, a software code or algorithm that does not require human intervention. We regularly review the criteria and models used in automated decision-making to ensure their integrity, efficiency, and impartiality. We do not use profiling-based automated decision-making processes that may have legal consequences or similarly have a significant impact on the rights or freedoms of Data Subjects. Nevertheless, you have the right to request human intervention to express your opinion or object to the results of an automated decision-making, in which case your situation will be assessed by our specialist.
- To protect children’s rights, we do not knowingly collect any Personal Data from Data Subjects under the age of eighteen (18) that can be used to specifically identify them, and we do not permit Data Subjects under the age of eighteen (18) to use any of Omnisend’s Services. If you believe we might have any information from or about underage children, please contact us at [email protected].
We may, in certain cases, process Personal Data longer than indicated in this Privacy Policy, e. g. when we are required to do so by law, when we are engaged in litigation, arbitration, pre-trial investigation, etc. The Company assures that in such cases your Personal Data will be deleted immediately as soon as it becomes unnecessary for such purposes.
- HOW DO WE USE YOUR PERSONAL DATA AND WHAT PRINCIPLES DO WE KEEP?
- We collect and process only such Personal Data as it is necessary to achieve the Personal Data processing purposes we have specified.
- When processing your Personal Data:
4.1. We comply with the requirements of current and applicable legislation, including the GDPR;
4.2. We process your Personal Data in a lawful, fair, and transparent manner;
4.3. We collect your Personal Data for specified, clearly defined and legitimate purposes and do not process them in a way incompatible with those purposes, except to the extent permitted by law;
4.4. We take all reasonable steps to ensure that Personal Data that is inaccurate or incomplete, in accordance with the purposes for which they are processed, would be rectified, supplemented, suspended, or destroyed without delay;
4.5. We hold them in such a form that your identity can be established for no longer than is necessary for the purposes for which the Personal Data are processed;
4.6. We do not provide Personal Data to third parties or disclose them, other than as set forth in the Privacy Policy or applicable law;
4.7. We ensure that your Personal Data is processed securely, we ensure technical and organizational security measures, as well as we provide access to Personal Data only to those of our employees who need such access due to their work functions.
5.TO WHOM AND WHEN DO WE TRANSFER YOUR PERSONAL DATA?
- We will only transfer your Personal Data as described in this Privacy Policy.
- We may transfer your Personal Data to:
5.1. Our business partners, suppliers, sub-contractors, or agents who perform services for it, or consultants such as auditors, lawyers, tax advisors, analytics and search engine providers that assist us in the improvement and optimization of the Platform, etc., as well as the Personal Data Processors we use, such as ancillary service providers, IT companies, advertising and marketing companies, accounting companies, etc. We require data processors to store, process and treat Personal Data as responsibly as we do and only in accordance with our instructions. The list of our partners and data processors is provided to you on demand (you shall ask for this list separately, via the contacts provided in this Privacy Policy). We have such partners and data processors:
5.1.1. State or local government institutions and authorities, law enforcement and pre-trial investigation institutions, courts and other dispute resolution institutions, other persons performing functions assigned by law, in accordance with the procedure provided for by legislation of the Republic of Lithuania. We provide these entities with mandatory information required by law or specified by the entities themselves.
5.2. Other third parties, such as payment institutions, etc.
5.3. If necessary, to companies that intend to buy or would buy the Company’s business or would conduct joint activities with us or would cooperate in another form.
5.4. To Affiliates with whom we are under common corporate control. In case such Affiliate is established outside the EEA we will conduct such Personal Data transfer only following conditions set out in the subsections 5.4.1. – 5.4.5. of the Privacy Policy (e. g. will sign EU Standard Contractual Clauses approved by the European Commission for the transfer of data outside the EEA with such Affiliate).
- We normally process Personal Data within the EEA, but in some cases your Personal Data may be transferred outside the EEA. The Company will always take steps to ensure any transfer of such information to entities based outside the EEA is carefully managed to protect your rights and interests by implementing appropriate safeguards to protect Personal Data.
- Your Personal Data will only be transferred outside the EEA under the following conditions:
5.1. EU Standard Contractual Clauses approved by the European Commission, which ensure the security of transfers of your Personal Data, have been signed with such partners. We use and have incorporated European Commission approved Standard Contractual Clauses into our DPA.
5.2. The Commission of the European Union has decided on the eligibility of the country in which our partner is established, i.e., an adequate level of security is ensured;
5.3. You have given your consent to the transfer of your Personal Data outside the EEA; or
5.4. A special permit of the State Data Protection Inspectorate of the Republic of Lithuania was obtained to carry out such transfer.
- WHAT RIGHTS DO YOU HAVE?
- As a data subject, you have the following rights regarding your Personal Data:
6.1. To know (to be informed) about the processing of your Personal Data (right to know);
6.2. To access your Personal Data and the way they are processed (right of access);
6.3. To request the correction or, depending on the purposes of the processing of Personal Data, supplementation of incomplete Personal Data (right to rectification);
6.4. To request the erasure of your Personal Data or the suspension of your Personal Data processing activities (excluding storage) (right to erase and right to “be forgotten”);
6.5.To request us to restrict the processing of Personal Data for one of the legitimate reasons (right to restrict);
6.6.The right to transfer data (right to transfer). This right may be exercised only if there are grounds for its exercise and appropriate technical measures to ensure that the transfer of the requested Personal Data does not pose a risk of security breach to the data of other Data Subjects;
6.7.The right to object to the processing of your Personal Data when we process Personal Data based on a legitimate interest of the Company or a third party, including profiling. If you object, we will only be able to further process your Personal Data for compelling legitimate reasons that take precedence over your interests, rights, and freedoms, or to make, enforce or defend legal claims;
6.8. To revoke your consent to the processing of your Personal Data when this data are processed or intended to be processed for direct marketing purposes, including profiling as far as such direct marketing is concerned (based on the Personal Data you provide, profiling may be carried out for direct marketing purposes to offer you individually tailored solutions and proposals. You can revoke your consent to the processing of Personal Data by automated processing, including profiling, or object to it at any time).
- If you do not want your Personal Data to be processed for direct marketing purposes, for the purposes of direct marketing, competitions, the organization of surveys, including profiling, you can refuse such processing without giving reasons for refusal (disagreement), by writing an email to [email protected], or in another way specified in the message provided to you (for example, by clicking on the link in the newsletter).
- We may refuse to exercise your rights listed above, except for refusal to process your Personal Data for direct marketing purposes, competitions or in other cases when Personal Data is processed with your consent, when your request is allowed to us not to comply with the provision of the GDPR, or when, in cases provided for by law, it is necessary to ensure the prevention, investigation and detection of crimes, violations of official or professional ethics, as well as the protection of the rights and freedoms of the Data Subject, us and other persons.
- You can exercise part of your rights as a Data Subject by changing the user account settings in the Platform or Partners Portal and the information contained therein. You may submit any request or instruction related to the processing of Personal Data to us in writing by e-mail [email protected]. When submitting such a request, we may ask you to fill in the necessary forms, as well as provide an identification document or other information that will help us to verify your identity, to better understand the content of your request. Upon request by e-mail, depending on its content, we may ask you to come to us or submit a written request.
- Upon receipt of your request or instruction regarding the processing of Personal Data, no later than within 1 month from the date of the request, we will provide a response and perform the actions specified in the request or inform you why we refuse to perform them. If necessary, the specified period may be extended by a further 2 months, considering the complexity and number of requests. In such a case, within 1 month from the date of receipt of the request, we will inform you of such extension.
- If Personal Data is deleted upon your request, we will only store copies of information that are necessary to protect our legitimate interests and those of others, to comply with the obligations of state institutions, to resolve disputes, to recognize interference or to comply with any agreements you have entered with us.
- WILL WE SEND YOU NEWS?
- With your consent, we may use your Personal Data for direct marketing purposes to provide you with newsletters, offers and information about our Services, as well as to inquire about the quality of our Services.
- The above content can be sent by e-mail, messages to the phone number specified by you, as well as messages in your account in the Platform or Partners Portal. Your contacts may be transferred to our partners who provide us with news sending or quality assessment services.
- After sending such content, we can collect information about the people who received it, for example, which message people opened, what links they clicked on, etc. Such information is collected to offer you relevant and more tailored news and content.
- Even if you have given your consent to the processing of Personal Data for direct marketing purposes, you can easily withdraw this consent for all or part of the Personal Data processing activities at any time. To do this, you can:
7.1. notify us of your withdrawal in the manner specified in the provided message (e. g. by clicking on the “unsubscribe” link in the newsletter, etc.); or
7.2. send us a notification to the e-mail address specified in this Privacy Policy. If you so request withdrawal of consent, we may ask you to verify your identity.
- If you withdraw your consent, we will try to stop sending such content to you immediately.
- Withdrawal of consent does not automatically oblige us to destroy your Personal Data or provide you with information about the Personal Data processed by us, therefore, for these actions you should submit a separate request.
- To show you more relevant personalized advertising, our advertising partners use various mobile and online cookies. Personalized advertising will only be shown to you with your consent. Advertising personalization cookies are used to measure a group, activate contextual advertising, and/or target campaigns. If you are authorized to use cookies, a user profile with an alias will be generated, but it will not be possible to identify the person. We do not control these third-party monitoring technologies and their use. Third-party cookies are governed by the privacy policies of third parties. You can opt out of personalized cookies by changing your browser settings or by other means that are listed in Section 9 of the Privacy Policy.
- HOW WE PROTECT YOUR PERSONAL DATA?
- Your Personal Data are processed responsibly, securely and are protected from loss, unauthorized use, and alteration. We have put in place physical and technical measures to protect the information we collect from an accidental or unlawful destruction, damage, alteration, loss, disclosure, as well as from any other unlawful processing. Security measures for Personal Data shall be determined considering the risks arising from the processing of Personal Data.
- Our employees are under a written obligation not to disclose or distribute your Personal Data to third parties, unauthorized persons.
- We will strive not to store outdated and irrelevant Personal Data, therefore, when updated (e. g. after adjusting or changing information in your account, etc.), the only relevant information is stored. Historical information is stored, if necessary, following the law or during our business activities.
- HOW WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
- Cookies are a small text file that stores information (often consisting only of a sequence of numbers and letters that identifies the device but may also contain other information) that is used in the browser of the device (computer, tablet, mobile phone, etc.) (e. g. Google Chrome, Internet Explorer, Firefox, Mozilla, Opera, etc.) according to its settings and stored on the device’s hard drive. In our Privacy Policy, we use the term “cookies” to describe cookies and other similar technologies, such as Pixel Tags, Web Beacons, Network Data Collectors. The use of cookies ensures better and more efficient operation of the Platform, Partners Portal, and the Website.
- We use cookies to analyze information flows and user behavior, promote trust and ensure security, as well as to ensure the proper functioning of the Platform, Partners Portal, and the Website, improve it, remember your chosen settings to personalize the content displayed to you, link the Website, Platform and Partners Portal to Social Accounts.
- You can choose whether you want to accept cookies. If you do not agree to cookies being stored in the browser or memory of your device, you can mark it in the cookie consent bar, change the settings of the browser you are using, and disable cookies (all at once or one at a time, or in groups) or follow the official instructions for the device. Please note that in some cases, the refusal of cookies may slow down browsing speed, limit the functioning of certain functions of the Platform, Partners Portal or the Website, or block access to the afore-mentioned channels. Further information on the refusal of cookies can be found at the www.AllAboutCookies.org or https://www.google.com/privacy_ads.html.
- We may use mandatory cookies that are necessary for the operation of the Platform, Partners Portal and the Website, analytical cookies, functional cookies, which are intended to analyze the visitors of the Platform, Partners Portal, and the Website, memorize users’ preferences, and apply them to the Platform, Partners Portal or Website, performance cookies, third-party cookies used by third parties, advertising cookies, which are intended to show you personalized and general advertising.
- We use these Google Inc. tools:
9.1. Google Analytics – which allows you to analyze the use of the Platform, Partners Portal or Website, compile reports, plan and predict the activity of the Platform, Partners Portal or Website. Data collected by Google Analytics is typically stored on a Google Inc. server in the U.S. You can change your browser settings to prevent Google Analytics from analyzing information by changing your browser settings. In this case, you will be entered with an opt-out cookie. However, if you delete all cookies, the opt-out cookie may also be deleted. You can also prevent Google from capturing data created by a cookie based on your use of the Platform or the Website and from processing such data by downloading and installing a browser plug-in from https://tools.google.com/dlpage/gaoptout?hl=en.
9.2. Google Ads – which allows you to evaluate the use of the Platform, Partners Portal, and the Website in relation to the advertisements displayed, to draw up reports. All this information is anonymous. Data collected by Google Ads is typically stored on a Google server in the U.S. If you don’t want to receive tailor-made advertising and/or want to opt out of Google Inc. cookies, you can turn off Google Inc. advertising settings at the https://www.google.com/settings/ads by changing your settings as needed. In this case, an opt-out cookie may be entered for you. However, if you delete all cookies, the opt-out cookie may also be deleted.
9.3. Google Remarketing – allows users to re-receive ads on Google partner network sites. If you don’t want to receive tailor-made advertising and/or want to opt out of Google Inc. cookies, you can turn off Google Inc. advertising settings at the https://www.google.com/settings/ads by changing your settings as needed. In this case, an opt-out cookie may be entered for you. However, if you delete all cookies, the opt-out cookie may also be deleted.
Cookies used by us can be found here: https://www.omnisend.com/cookies/
- HOW DO WE PROCESS PERSONAL DATA WHEN WE ACT AS A DATA PROCESSOR?
- We act as Data Processor when we provide Services to our Customers (in this case we process their Lists, receive their campaign’s analytical data, etc.). We receive this Personal Data directly from a Customer or collect it during the provision of the Services and process it to properly provide our Services. Data are processed when we administer the Platform, solve tasks related to the proper functioning of the Platform and similar.
- The Personal Data processed by us as a Personal Data Processor may, among others, include identification and contact data (name, surname, phone, e-mail, username), data received during the provision of Services (IP address, correspondence, campaign’s analytical data).
- We process Personal Data for no longer than the duration of the agreement between us and the Customer to provide Services unless such data should be processed for a longer period to prove the proper provision of Services.
- We ensure that data trusted to us by the Customers remain private and confidential. We, however, may scan the content of your campaigns to ensure it complies with the Terms and applicable laws. We need to perform such actions to create blacklists, to develop and test algorithms, heuristics and other methods and tools for detecting violations and to apply those methods and tools to the Services. We will not sell, rent, loan, or invite external access to any data trusted to us. We also undertake not to use the Personal Data trusted to us for any other purposes than those specified in the DPA.
- Acting as a Data Processor, we undertake to:
10.1. Process Personal Data in accordance with the DPA and only to the extent necessary for the performance of agreement and the provision of Services under it;
10.2. Immediately inform Customer if we are unable to process Personal Data for any reason;
10.3. Entrust the processing of Personal Data only to authorized persons who have assumed the duty of confidentiality to the extent necessary;
10.4. Upon receipt of a request from the Data Subject, the supervisory authority or any other person to provide the processed Personal Data, transmit such request to the Customer;
10.5. Not to use Personal Data for purposes other than the performance of agreement and DPA, take measures to prevent accidental or unlawful destruction, alteration, disclosure of Personal Data, as well as any other unlawful processing;
10.6. Apply appropriate technical and organizational security measures to protect Personal Data in accordance with the GDPR;
10.7. Taking into account the nature of the Personal Data provided, the manner in which it is provided, to enable the Customer to access, correct, delete, restrict and transfer the Personal Data processed by us;
10.8. considering the nature of the processing of Personal Data, the way it is provided, and the technical and organizational measures applied, at the request of the Customer, to assist:
10.8.1. To fulfill the Customer’s obligation to respond to requests to exercise the rights of the Data Subject to the extent that such rights are applied taking into account the Services provided and the conditions for the processing of Personal Data;
10.8.2. To fulfil specific obligations applicable to the Customer under the GDPR or other laws regulating the protection of Personal Data, such as reporting a Personal Data breach, providing information in the context of a data protection impact assessment and prior consultations.
- If, because of an instruction or request submitted by the Customer, we incur additional costs not provided for in agreement between us and the Customer, we will immediately inform the Customer and we may suspend the processing of Personal Data (except storage) until the issue of compensation of additional costs is resolved.
- If we notice Personal Data breaches (actions or omissions that may cause or threaten the security of Personal Data), we will immediately inform the Customer in writing, providing the information required by the GDPR.
- At the Customer’s request, we will provide the information necessary to prove compliance with the applicable Personal Data processing obligations, as well as allow the Customer to perform audits and inspections on our activities while processing data on Customer’s behalf and cooperate in their performance.
- We allow the Customer to carry out a verification related to the processing of Personal Data, which is obligated to be carried out by the supervisory authority in accordance with the Personal Data protection legislation. Verification may be carried out only to the extent defined by law and, in any event, the confidentiality of the information obtained during the inspection must be ensured, unless the law requires such information to be made public. We may ask the Customer to reimburse reasonable costs incurred because of such verification.
- Where the processing of Personal Data is not necessary for the performance of our obligations under the agreement or the DPA, or when the contractual relationship between us and the Customer expires, we will destroy or return all Personal Data processed on behalf of the Customer and delete copies of this data, unless otherwise provided for in the applicable laws.
- Liabilities of the Customer:
10.1. The Customer ensures that the Personal Data submitted to us for processing is collected and processed lawfully, for legitimate purposes and on the grounds, and the Customer has all necessary consents and the right to transfer Personal Data. The Customer undertakes to properly inform Data Subjects about the processing and transfer of their Personal Data to us. The Customer shall be liable for all damages suffered by Data Subjects due to improper processing of Personal Data by the Customer;
10.2. We do not individually verify the lawfulness of the transfer of such data. If any person indicates that Personal Data transferred to us is collected or processed unlawfully, we will immediately suspend the processing of such Personal Data until the Customer denies these circumstances. The Customer bears all the costs and negative consequences associated with such denial, including delays in the supply of Services. We will not be liable for such consequences;
10.3. The Customer undertakes to provide the necessary and lawful instructions regarding the processing of Personal Data in a timely and proper manner, as well as all information and documents necessary for the processing of Personal Data. Instructions are provided in writing, including by email or by filling in our prepared forms.
You can learn more about how we process Personal Data when we act as a Data Processor in the DPA.
- IF YOU ARE A RESIDENT OF THE UNITES STATES, WHAT DATA PROTECTIONS AND PRIVACY RIGHTS MAY BE/ ARE AFFORDED YOU?
- These additional disclosures are made pursuant to the California Privacy Rights Act, Virginia Consumer Data Protection Act, Utah Consumer Privacy Act, Colorado Privacy Act, Connecticut Data Privacy Act, and the Privacy and Security of Personal Information Chapter of the Nevada Revised Statutes Section 603A, as such laws may be in effect from time to time.
11.1. Additional Information for California Residents. (Effective January 1, 2023)
11.1.1. This Section supplements the description of our information collection and sharing practices elsewhere in this Privacy Policy to provide certain disclosures specific to California residents whose Personal Information we may collect, use, disclose and otherwise process pursuant to the then-current rules implementing the California Consumer Privacy Act, as amended by the California Privacy Rights Act. When we say “Personal Information” in this Section 11.1., we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.
11.1.2. The CCPA requires that we describe the Personal Information we collect using the categories as defined by the CCPA. While our collection, use and disclosure of Personal Information varies based on our relationship and interactions with you, this Section explains the categories of Personal information that we may generally collect about California consumers. In the preceding 12 months, we have collected the following categories of Personal Information as defined under the CCPA:
- Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, and account name;
- Characteristics of protected classifications under state or federal law, such as age or gender;
- Commercial Information, including records of Services purchased and credit card or other payment information;
- Internet or electronic network activity information, information, including, but not limited to, browsing history, search history, and information regarding your interaction with the Services including an internet website, application, or advertisement;
- Geolocation data; audio, electronic, visual, thermal, olfactory, or similar information such as profile pictures;
- Professional or employment-related information;
- Education information; and
- Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
11.1.3. As stated in 11.1.7. below, you may have the right to request certain information in regard to our collection, use or sharing of your Personal Information. While you may exercise such right through the methods provided forth herein, in being upmost transparent, we are providing you with following information ahead of time which may alleviate your need or desire to request additional information from us at a later time:
- We collect Personal Information for business and commercial purposes described in Section 3.4 above.
- We collect Personal Information directly from you, automatically from your use of our Services and from others as described in Sections 3.1, 3.2., 3.3.
- We may share your Personal Information to third parties as described in Section 5 above. Specifically, as related to the CCPA, we “share” Personal Information to third parties for the purposes of providing personalized ads or content, also known as “cross-context behavioral advertising” or “internet-based advertising”. As such, we may “share” your Personal Information with a third party to help serve you with personalized content or ads that may be more relevant to your interests, and to otherwise advertise our Services.
- We may collect the following sensitive Personal Information as defined under the CCPA: Contents of mail, email, or text messages. Note that we only collect, use, disclose or process sensitive Personal Information for the limited purposes permitted under the CCPA and not for the purposes of inferring any characteristics about a consumer.
11.1.4. In the twelve (12) months prior to the effective date of this Disclosure, we have not sold any Personal Information of yours.
11.1.5. We retain your information for as long as necessary to provide you with the Website and/or Services, as applicable. This means we keep your account information for as long as you maintain an account with us. We may retain transactional information for at least seven (7) years to ensure we can perform legitimate business functions, such as accounting for tax obligations. We also retain your information as necessary to comply with our legal obligations, resolve disputes and enforce our terms and policies.
11.1.6. Personal Information does not include information that is de-identified. When we receive or use deidentified information, we maintain it in de-identified form and do not attempt to reidentify the information.
11.1.7. California law provides some California residents with the rights listed below:
11.1.7.1. You may have the right to know and see what Personal Information we have collected about you, including:
- The categories of Personal Information we have collected about you;
- The categories of sources from which the Personal Information is collected;
- The business or commercial purpose for collecting or sharing your Personal Information;
- The categories of third parties with whom we have disclosed your Personal Information; and
- The specific pieces of Personal Information we have collected about you.
11.1.7.2. You may have the right to request that we delete the Personal Information we have collected from you (and direct our service providers to do the same).
11.1.7.3. You may have the right to request that we correct inaccurate personal information.
11.1.7.4. You may have the right to opt out of the sharing of your personal information to a third party for cross-context behavioral advertising.
11.1.7.5. You may have the right to exercise control over our collection and processing of certain sensitive Personal Information.
11.1.7.6. You may the right to direct us not to use automated decision-making or profiling for certain purposes.
11.1.7.7. You have the right not to receive retaliatory or discriminatory treatment for exercising these rights.
- However, please note that if the exercise of these rights limits our ability to process Personal Information (such as in the case of a deletion request), we may no longer be able to provide you our Services or engage with you in the same manner.
11.1.8. To request access to or deletion of your Personal Information, or to exercise any other privacy rights under California law, please contact us at [email protected], or on our toll-free number at 1-800-905-0937, or via any other method which may be specified in Section 12 below.
11.1.8.1. In order to protect your Personal Information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect your account has been accessed without your authorization, we may ask you to provide additional Personal Information for verification.
11.1.8.2. You may use an authorized agent to submit a rights request. If you do so, the authorized agent must present signed written authorization to act on your behalf, and you will also be required to independently verify your own identity directly with us and confirm with us that you provided the authorized agent permission to submit the rights request. This verification process is not necessary if your authorized agent provides documentation showing that the authorized agent has power of attorney to act on your behalf under Cal. Prob. Code §§ 4121 to 4130.
11.1.9. Since 2005, California Civil Code Section 1798.83, termed the California Shine the Light Law, permits you, if a California resident, to request certain information regarding any disclosure of Personal Information that we may make to third parties for their direct marketing purposes. Presently, we do not share our Personal Information with third parties for their own direct marketing purposes, and we will not do so without obtaining express consent. For inquiries regarding our disclosure policy, please use the contact details provided in Section 12 below.
11.1.10. California Business and Professions Code Section 22575(b) (as amended effective January 1, 2014) permits you, if a California resident, to be informed as to how we respond to Web browser “Do Not Track” settings. We do not currently take actions to respond to ‘Do Not Track’ settings. Instead we adhere to the standards set out in this Privacy Policy, as well as the specific requirements of applicable law. If you would like to find out more about Do Not Track you may find the following link useful: http://www.allaboutdnt.com/.
11.2. Addition Information for Utah Residents. (Effective December 1, 2023.)
- For purposes of this Section 11.2., “Personal Data” means information that is linked or reasonably linkable to an identified individual or an identifiable individual. “Personal Data” does not include de-identified data, aggregated data, or publicly available information.
11.2.1. If you are a Utah resident, pursuant to the Utah Consumer Privacy Act, we must share with you that:
- We collect Personal Data for the purposes described in Section 3.4 above;
- We may share your Personal Data to third parties as described in Section 5 above; and
- We collect the categories of Personal Data described in Section 3.2. above.
11.2.2. Utah law provides some Utah residents with the rights listed below:
11.2.2.1. You may have the right to know and see what Personal Data we have collected about you in a portable format.
11.2.2.2. You may have the right to request that we delete the Personal Data we have collected about you.
11.2.2.3. You may have the right to opt out of targeted advertising (as defined under Utah law).
11.2.3. To request access to or deletion of your Personal Data, or to exercise any other privacy rights under Utah law, please contact us at [email protected], or on our toll-free number at 1-800-905-0937, or via any other method which may be specified in Section 12 below.
11.3. Addition Information for Connecticut Residents. (Effective July 1, 2023.)
- For purposes of this Section 11.3., “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable individual. “Personal data” does not include de-identified data or publicly available information.
11.3.1. The Connecticut Data Privacy Act, if applicable to us, provides some Connecticut residents with the rights listed below:
- You may have the right to know and see what Personal Data we have collected about you in a portable format.
- You may have the right to request that we correct inaccurate Personal Data.
- You may have the right to request that we delete the Personal Data we have collected about you.
- You may have the right to opt out of targeted advertising (as defined under Connecticut law).
11.3.2. To request access to or deletion of your Personal Data, or to exercise any other privacy rights under Connecticut law, please contact us at [email protected], on our toll-free number at 1-800-905-0937, or via any other method which may be specified in Section 12 below.
11.4. Addition Information for Virginia Residents. (Effective January 1, 2023.)
- For purposes of this Section 11.4., “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable individual. “Personal data” does not include de-identified data or publicly available information.
11.4.1. If you are a Virginia resident, pursuant to the Virginia Consumer Privacy Act, we must share with you that:
- We collect Personal Data for the purposes described in Section 3.4 above;
- We may share your Personal Data to third parties as described in Section 5 above; and
- We collect the categories of Personal Data described in Section 3.2. above.
11.4.2. Virginia law, if applicable to us, provides some Virginia residents with the rights listed below:
- You may have the right to know and see what Personal Data we have collected about you.
- You may have the right to request that we correct inaccurate Personal Data.
- You may have the right to request that we delete the Personal Data we have collected about you.
- You may have the right to opt out of targeted advertising (as defined under Virginia law).
11.4.3. To request access to or deletion of your Personal Data, or to exercise any other privacy rights under Virginia law, please contact us at [email protected], on our toll-free number at 1-800-905-0937, or via any other method which may be specified in Section 12 below.
11.5. Addition Information for Colorado Residents. (Effective July 1, 2023.)
- For purposes of this Section 11.5., “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable individual. “Personal data” does not include de-identified data or publicly available information.
11.5.1. Colorado law, if applicable, provides some Colorado residents with the rights listed below:
- You may have the right to know and see what Personal Data we have collected about you in a portable format.
- You may have the right to request that we correct inaccurate Personal Data.
- You may have the right to request that we delete the Personal Data we have collected about you.
- You may have the right to opt out of targeted advertising (as defined under Colorado law).
11.5.2. To request access to or deletion of your Personal Data, or to exercise any other privacy rights under Colorado law, please contact us at [email protected], on our toll-free number at 1-800-905-0937, or via any other method which may be specified in Section 12 below.
11.5.3. Please note that to respond to some rights we may need to verify your request either by asking you to log in and authenticate your account or otherwise verify your identity by providing information about yourself or your account. Authorized agents can make a request on your behalf if you have given them legal power of attorney or we are provided proof of signed permission, verification of your identity, and, in some cases, confirmation that you provided the agent permission to submit the request.
11.6. Addition Information for Nevada Residents. (Effective October 1, 2019.)
11.6.1. If you are a Nevada resident, under Privacy and Security of Personal Information Chapter of the Nevada Revised Statutes Section 603A (“603A”), we are required to provide you with the following:
- We may collect certain covered information (as defined under Nevada Law) when you use or visit our Services, including, but not limited to first and last name, home or other physical address, electronic email address, and telephone number;
- We may share your covered information to third parties as described in Section 5 above; and
- Third parties may collect covered information about your online activities over time and across different internet websites or online services when you use our Services.
11.6.2. Nevada residents have a right to submit a verified request directing a website operator to not make any “sale” of covered information collected about a consumer for monetary consideration to a person for such person to license or sell the information to additional persons, subject to certain exceptions. We do not engage in the “sale” of covered information.
11.6.3. If you would like to review, correct, or update your covered information, you or your authorized representative may submit your request to [email protected], on our toll-free number at 1-800-905-0937, or via any other method which may be specified in Section 12 below.
- CONTACT US
- If you have any questions regarding the information provided in this Privacy Policy, please contact us by:
Email: [email protected]; or
Our toll-free number: 1-800-905-0937
- If you wish to submit a complaint regarding our processing of Personal Data, please provide it to us in writing, giving as much information as possible. We will cooperate with you and try to resolve all issues immediately.
- If you believe that your rights have been violated in accordance with the GDPR, you can lodge a complaint with our supervisory authority – the State Data Protection Inspectorate of the Republic of Lithuania, you can find more information and contact details on the website of the inspectorate (https://vdai.lrv.lt/). We strive to resolve all disputes expeditiously and peacefully, so first of all we invite you to contact us.
- All disputes and disagreements arising between us and our Customer while we act as Personal Data Processors or Sub-Processors shall be settled by negotiation between us. If no agreement is reached within 30 days from the date of receipt of the written notification of the disputed issue, disputes and disagreements shall be settled in the courts of the Republic of Lithuania, in accordance with the law of the Republic of Lithuania. In the event of disagreement between us and the Customer, the guilty party shall indemnify the other party for the direct losses it has suffered. Our liability in all cases shall be limited to the amount payable by the Customer for 1 month of the Services unless liability cannot be limited in accordance with the requirements of applicable law. Loss of Personal Data is considered an indirect loss.
- FINAL PROVISIONS
- We may change this Privacy Policy. We will notify you of the changes by placing an updated Privacy Policy on the Website, or by other common means of communication. Additions or changes to the Privacy Policy shall take effect from the date of renewal specified in the Privacy Policy unless another effective date is specified.
- If you continue to use the Platform, Partners Portal, the Services, visit the Website, contact us, etc. it is deemed that you have accepted the amended terms of the Privacy Policy.