Last Updated: Jan 18, 2022
1.Owner of SmartrMail
Smartr Commerce, Inc. dba SmartrMail (“us," “we," or "our") operates the website https://www.smartrmail.com (the “Site”), the related software and email sending services (collectively, (“SmartrMail”)). Our registered business address is 19 W. 24th St., Floor 3, New York, NY 10010.
4. Our Role as Data Controller and Data Processor
We act in the capacity of a data controller and a data processor with regard to the personal information processed through SmartrMail in terms of the applicable data protection laws, including the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which personal information is handled by us, as explained in detail below:
5. Sources of Personal Information
We obtain your personal Information from the following categories of sources:
6. What Information Do We Collect?
Listed below are the instances in which we gather your personal and non-personal information and details on how the information is used.
6.1 Personal Information
We collect only a minimal amount of personal information that is necessary for the purposes for which it is asked and used. We neither rent nor sell your personal information to anyone.
To register a user account that allows you to use the full functionality of SmartrMail, you must provide us with your name, email address and password of your choice. (Note: we do not have access to your password.) You must provide truthful information to comply with our terms as well as CAN SPAM laws. If you decide to signup through any third-party service like Shopify, Neto, BigCommerce, PrestaShop, or WooCommerce, we will receive the said data from those third parties. We use your personal information to register your user account, contact you, if necessary, provide you with the requested services, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (i.e., operate, analyse, grow, and administer SmartrMail). We store such data until you amend it or delete your user account.
When you contact us by email, we collect your name, email address, and any information that you decide to include in your message. We use such data to respond to your inquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). We store such data until you stop communicating with us.
When you make a payment, you will be asked to provide your name and payment details like your credit card number, expiration date, security code, and billing address. Please note that we do not process payments - it is done by our third-party payment processor Stripe. We may have access to a limited amount of your personal data as disclosed to us by Stripe (e.g., your email address). Your payment data is used to process your payments and maintain our business records. The legal bases on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (i.e., administering our business). We store such data for the time period we are required by law to keep our accountancy records.
When you use SmartrMail, we or our third-party analytics service providers (as explained below) collect your IP address (mostly, in an anonymised form). We use your IP address to analyse the technical aspects of your use of SmartrMail, prevent fraud and abuse of SmartrMail, ensure the security of SmartrMail, and tailor SmartrMail for your location. The legal basis on which we rely when processing your IP address is ‘pursuing our legitimate business interests’ (i.e., to analyse and protect SmartrMail) and ‘your consent’. We store such data until it is necessary for analysing and protecting SmartrMail or you withdraw your consent.
When you subscribe to our newsletter through the opt-in box available on the Site, we collect your email address. We use it to deliver our newsletter once per week. You can unsubscribe from it at any time by clicking the ‘unsubscribe’ link available in each email. The legal basis on which we rely is ‘your consent’. We keep your email address until you unsubscribe.
When you submit a comment under our blog posts, we collect your name, email address, website, and any other information that you decide to provide us in your comment. We use such information to feature your comment and enforce our terms. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to protect SmartrMail) and ‘your consent’. We keep such information as long as your comment is featured on the Site.
6.2 Non-Personal Information
Log files and analytics data
In order to analyse your use of SmartrMail, we automatically collect certain technical non-personal information about your use of SmartrMail. Such information does not allow us to identify you as an individual person in any manner. The non-personal data includes your activity on SmartrMail (e.g., what functionalities you use, how much time you spend on SmartrMail, how long it takes for SmartrMail to load and process your requests, and what errors occur). We only use this data in aggregate form, that is, as a statistical measure, and not in a manner that would identify you personally. This type of aggregate data enables us to calculate how often users use parts of SmartrMail so that we can make SmartrMail appealing to as many customers as possible, and improve those services. As part of this use of information, we may provide aggregate information to our partners about how our customers, collectively, use SmartrMail. We share this type of statistical data so that our partners also understand how often people use their services and SmartrMail, so that they, too, may provide you with an optimal online experience. Again, we will not, intentionally, disclose aggregate information to a partner in a manner that could identify you personally.
If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and any subsequent responses. Where reasonably possible, we remove all personal information that is not necessary for keeping such records.
Aggregated and de-identified information
If we combine your non-personal information with certain elements of your personal information and such a combination allows us to identify you as a natural person, we will handle such aggregated data as personal information. If your personal information is de-identified in a way that it can no longer be associated with a natural person, it will not be considered personal information and we may use it for any business purpose.
6.3 Refusal to provide personal information
If you refuse to provide us with your personal information when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of SmartrMail or get our response. Please contact us immediately if you think that any personal information that we collect is excessive or not necessary for the intended purpose.
6.4 Sensitive information
We do not collect or have access to any special categories of sensitive information from you, unless you decide, at your own discretion, to provide such information to us. Sensitive data is information that relates to your health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, sex life, or sexual orientation. If you decide, at your sole discretion, to include the said sensitive data into The Clients' Data, we will process such data for the purpose of fulfilling our contractual obligations.
7. Processing the Clients' Data
7.1 Your obligations with regard to the Clients’ Data
The nature of SmartrMail is to provide a newsletter service built off a subscriber list that you can either enter manually or automatically through various opt-in functions through your website, etc. Your subscriber list must be composed of email addresses of people who have expressly opted to receive communications from you, if it is required by the marketing laws applicable to y, or you have another legal basis for sending them commercial messages. Subscriber lists may not be sold, bought or otherwise be composed from a third party subscriber list.
Information that you enter into your newsletter is at your discretion and must comply with the terms of SmartrMail. While the newsletter templates are customizable, the email footer is standard to ensure that the newsletters comply with CAN SPAM laws. Specifically, the 'unsubscribe' link will always be static on the newsletter and you will not be able to remove it.
7.2 The Clients' Data Submitted by our users
To use our services, our clients may provide us with information about their individual clients. Our clients, as data controllers, determine the scope of the information transferred to us and remain responsible for obtaining and disclosing the Clients' Data lawfully. The Clients' Data that we receive may vary by client. The Clients' Data typically includes client’s users’:
7.3 The Clients' Data Collected Automatically
If our clients request us, we may automatically collect information on behalf of them. This may include:
7.4 Purpose of the Clients’ Data
We process the Clients’ Data on behalf of our clients to provide products and services to our clients at their direction. We do not use this information for our own business purposes. We use personal information only as directed or authorized by our clients. The legal basis on which we rely is ‘performing a contract with our clients’. Typically, we are directed or authorized to use personal information collected on behalf of our clients to:
The processing of your personal information is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of personal information. Our security measures include access control, secured networks, SSL protocol, strong passwords, anonymisation of personal data (when possible), and carefully selected data processors.
You need to prevent unauthorized access to your account and personal information by protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account.
We endeavor to safeguard your personal information to ensure that it is kept private. However, we cannot guarantee the security of user account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
9. Disclosure of Personal Information
9.1 Data processors
In addition to us, in some cases, your personal information may be accessible to third parties involved with the operation of SmartrMail (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed as our data processors.
The disclosure is limited to the situations when your personal information is required for the following purposes:
9.2 List of our data processors
9.3 Selling personal information
We do not directly sell your personal information to third parties. However, some of your personal information, including online identifiers (e.g., cookie-generated data and IP addresses) may be used for advertising, marketing, and monetisation purposes (e.g., programmatic advertising, retargeting, third-party marketing, profiling, or cross-device tracking). To make sure that you have full transparency and control over your personal information, we provide you with a possibility to manage your personal information as described below.
10. Place of Processing and International Transfers
We process your personal information in our operating offices located in Australia and in any other places where the parties involved in the processing (our data processors are located).
Depending on your location, data transfers may involve transferring your personal information to a country other than your own. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal information or we conclude a data processing agreement with the respective data processor that ensures such protection. We will not transfer your personal information internationally if no appropriate level of protection can be granted to it.
11. Retention Time
Your personal information shall be processed and stored for as long as required by the purpose it has been collected for.Therefore:
We may be allowed to retain your personal information for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain personal information for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, your personal data shall be securely deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
12. Cookies and Other Tracking Technologies
Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your mobile and computer's browser (the “Browser”) to enable our systems to recognize your Browser and tell us how and when pages in our site are visited and by how many people. Also, SmartrMail cookies are used for login information and session management. The lawful bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to secure, analyse and promote our business) and ‘your consent’ (for non-essential cookies).
When you visit SmartrMail for the first time, we may ask you to provide us with your consent to our use of all cookies via a cookie consent banner (for example, if you are based in the EU). If you do not provide your opt-in consent, we will not serve you our non-essential cookies. Please note that we may not be able to provide you with the best possible user experience on SmartrMail if not all cookies are enabled.
We use different types of cookies, including:
Below, you can find a list of cookies that we use on SmartrMail, including their purpose and expiration time:
|Essential technical cookies|
|__cfduid||cloudflare.com(US)||30 days||The cookie is used to identify trusted web traffic.|
|CONSENT||YouTube.com(US)||6041 days||The cookie is used to detect users who have accepted marketing category in the cookie consent banner.|
|debug||smartrmail.com(US)||Persistent||The cookie is used to detect errors on the website. This information is sent to us in order to optimize your experience on the website.|
|li_gc||linkedin.com(US)||2 years||The cookie is used to store your consent.|
|test_cookie||doubleclick.net(US)||1 day||The cookie is used to check whether your browser supports cookies.|
|lang||ads.linkedin.com(US)||End of session||The cookie remembers the user's selected language version of a website.|
|_dc_gtm_UA||smartrmail.com(US)||1 day||The cookie is used by Google Tag Manager to control the loading of a Google Analytics script tag.|
|bounce||adnxs.com(Germany)||End of session||The cookie determines if you leave the website straight away for internal statistics purposes.|
|cb||prfct.co(US)||End of session||The cookie is used to collect your IP address, geographical location and website navigation - this information is used for internal statistics.|
|_ga||smartrmail.com(US)||2 years||The cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website.|
|collect||google-analytics.com(US)||End of session||The cookie is used to send data about your device and behaviour to GA. It tracks you across devices and marketing channels.|
|_gid||smartrmail.com(US)||1 day||The cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website.|
|AnalyticsSyncHistory||linkedin.com(US)||29 days||The cookie is used in connection with data-synchronization with third-party analysis service.|
|personalization_id||twitter.com(US)||2 years||This cookie is set by Twitter - it allows you to share content onto your Twitter profile.|
|seg||prfct.co(UK)adnxs.com(Germany)||End of session||The cookie registers statistical data on your behaviour on the website. It is used for analytics purposes.|
|The list of our marketing cookies is available here.|
12.2 Declining cookies
Most Browsers have an option for turning off the cookie feature, which will prevent your Browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. Please consult the information provided by your browser.
If you see a cookie consent banner, you have the option to decline non-essential cookies.
12.3 Other tracking technologies
PROTECTING THE PRIVACY OF YOUNG CHILDREN IS ESPECIALLY IMPORTANT TO US. SMARTRMAILIS GEARED TOWARDS ADULTS. IN NO EVENT SHOULD SMARTRMAIL BE USED BY A CHILD. WEDO NOT KNOWINGLY COLLECT INFORMATION FROM CHILDREN UNDER THE AGE OF 18 NOR DO WE SHARE SUCH INFORMATION WITH THIRD PARTIES. IF WE BECOME AWARE THAT WE HAVE COLLECTED PERSONAL INFORMATION FROM A CHILD UNDER AGE 18 WITHOUT VERIFICATION OF PARENTAL CONSENT, WE WILL TAKE STEPS TO REMOVE THAT INFORMATION.
14. Business Transfers
In some cases, we may choose to buy or sell assets. In these types of transactions, personal information is typically one of the business assets that is transferred. Moreover, if we or substantially all of our assets were acquired, or in the unlikely event that we go out of business or enter bankruptcy, personal information would be one of the assets that is transferred or acquired by a third party. We will notify you about the changes of the data controller who is responsible for your personal information.
15. Legal Obligation to Provide Information
We may release personal information when we believe in good faith that release is necessary to comply with the applicable law; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of SmartrMail, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and risk reduction.
16. Your Rights
16.1 List of your rights
You may exercise certain rights regarding your personal information processed by us. In particular, you have the right to do the following:
16.2 Details about the right to object to processing
Where your personal information is processed for a public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection.
You must know that, however, should your personal information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification.
16.3 How to exercise these rights
16.4 Requests with regard to the Clients' Data
If we receive a request for exercising data subject’s rights from a person whose personal data is included in the Client’s Data, we will forward such a request to the respective data controller. We do not have the capacity to honour such requests.
17. How "Do Not Track" requests are handled
SmartrMail does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
18. CCPA Disclosure
18.2 What is personal information under the CCPA? Under the CCPA, the term ‘personal information’ refers to information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular consumer or household based in California. The term does not cover certain types of personal information (e.g., information subject to the Gramm-Leach-Bliley Act).
18.3 Types of personal information that we collect. In the past 12 months, we have collected and disclosed to third parties for our legitimate business purposes, the following categories of personal information relating to California residents (please refer to section 6 for more detailed information):
18.4 The categories of sources from whom we collect your personal information. We obtain your personal information from the following categories of sources:
18.5 The categories of third parties to whom we disclose your personal information. If necessary for our legitimate business purposes, we disclose the relevant personal information to the following third parties (please refer to section 9 for more information):
18.6 Use of personal information. In the past 12 months, we have used your personal information for the following purposes (please refer to section 6 for more information):
18.7 Sale of personal information. In the past 12 months, we have not sold your personal information. The term ‘sold’ refers to the disclosure of your personal information to a third-party for monetary or other valuable consideration.
18.8 Your rights regarding your personal information. As a California resident, you have certain rights granted by the CCPA with regard to your personal information. Such rights are:
I. To receive information about, within the last 12 months:
II. To request us to delete your personal information that we hold about you, unless there is an exception under the CCPA; and
III. Remain free from unlawful discrimination for exercising your rights.
18.10 Authorised agent. You can exercise your rights through an authorised agent. To do so, you will need to (i) provide us with a copy of your written permission for the authorised agent to act on your behalf; and (ii) verify your identity with us. Alternatively, you can (i) provide your authorised agent with a power of attorney and (ii) submit a copy of the power of attorney to us.
18.11 Declining your requests. In some instances that are permitted by the CCPA, we may not honour your request. Such instances include: (i) the failure to verify your identity; (ii) if you do not have authority to exercise the rights on behalf of another person; (iii) if there is an exception under the CCPA; or (iv) where the personal information that we hold about you is not subject to the CCPA.
18.12 Filing a formal complaint. If you are not satisfied with our response to your request, you have the right to file a formal complaint with the Attorney General’s Office (see https://oag.ca.gov/contact/consumer-complaint-against-business-or-company for more information).
If you have any questions or concerns regarding privacy using SmartrMail, please send a detailed message to [email protected]. Our mailing address is SmartrMail Pty Ltd, 52 Cambridge Street, Collingwood, Victoria, Australia 3053. Smart