Privacy Policy

Last Updated: Jan 18, 2022

1.Owner of SmartrMail

Smartr Commerce, Inc. dba SmartrMail (“us," “we," or "our") operates the website https://www.smartrmail.com (the “Site”), the related software and email sending services (collectively, (“SmartrMail”)). Our registered business address is 19 W. 24th St., Floor 3, New York, NY 10010. 

2. What is this Privacy Policy About? 

This privacy policy  informs you about our policies regarding the collection, use and disclosure of personal information that we receive from you when you use SmartrMail. It also explains what non-personal information we collect from you and how we use it.  We know that you are concerned about how your personal information is used and shared, and we take your privacy seriously. We are committed to giving you transparency of our privacy practices and control over your data. Please read this privacy policy before submitting any personal information to us.

3. What Doesn't This Privacy Policy Cover?

This policy does not apply to third-party websites (even if those websites are linked from SmartrMail) and practices of companies that we do not own or control. In addition, should SmartrMail contain links to outside sources, both those added by us and those submitted by others and while we attempt to provide links only to those sites that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of those sites. We encourage you to carefully review the privacy policies of any websites you visit and the third-party applications you use. This privacy policy only governs information collected through SmartrMail.

4. Our Role as Data Controller and Data Processor

We act in the capacity of a data controller and a data processor with regard to the personal information processed through SmartrMail in terms of the applicable data protection laws, including the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which personal information is handled by us, as explained in detail below:

  • Data controller. We are responsible for the collection of your personal information through SmartrMail and its use. We make decisions about the types of personal information that should be collected from you and purposes for which it should be used. Therefore, we act as a data controller with regard to the personal data collected directly through SmartrMail (e.g., when you register your user account, send us an inquiry or conclude a service contract). We comply with the data controller’s obligations set forth in the applicable laws.
  • Data processor. Weact in the capacity of a data processor in situations when you submit or generate data through SmartrMail for processing, such as your subscriber list, (the “Clients' Data”) and the Clients' Data contains other individuals’ personal information (e.g., your clients’ email addresses). We do not own, control, or make decisions about the Clients' Data. We process the Clients' Data only in accordance with the instructions issued by a respective data controller. To ensure that the Clients' Data is processed in accordance with the strictest data protection standards, we offer for conclusion a data processing agreement (the “DPA”). The DPA is incorporated by reference into our Terms of Use, therefore, you conclude the DPA automatically upon your acceptance of the Terms of Use

5. Sources of Personal Information

We obtain your personal Information from the following categories of sources:

  • Directly from you. For example, if you submit certain personal data directly to us when registering your user account or contacting us;
  • Directly or indirectly through your activity on SmartrMail. When you use SmartrMail, we automatically collect technical information about your use of SmartrMail; and
  • From third parties. We may receive information about you from third parties to whom you have previously provided your personal data (e.g., the e-commerce service that you use), if those third parties have a lawful basis for disclosing your personal data to us.

6. What Information Do We Collect?

Listed below are the instances in which we gather your personal and non-personal information and details on how the information is used.

6.1 Personal Information

We collect only a minimal amount of personal information that is necessary for the purposes for which it is asked and used. We neither rent nor sell your personal information to anyone. 

Registration

To register a user account that allows you to use the full functionality of SmartrMail, you must provide us with your name, email address and password of your choice. (Note: we do not have access to your password.) You must provide truthful information to comply with our terms as well as CAN SPAM laws. If you decide to signup through any third-party service like Shopify, Neto, BigCommerce, PrestaShop, or WooCommerce, we will receive the said data from those third parties. We use your personal information to register your user account, contact you, if necessary, provide you with the requested services, and maintain our business records. The legal bases on which we rely are ‘performing a contract with you’ and ‘pursuing our legitimate business interests’ (i.e., operate, analyse, grow, and administer SmartrMail). We store such data until you amend it or delete your user account. 

Inquiries

When you contact us by email, we collect your name, email address, and any information that you decide to include in your message. We use such data to respond to your inquiries. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to grow and promote our business) and ‘your consent’ (for optional personal data). We store such data until you stop communicating with us. 

Payments

When you make a payment, you will be asked to provide your name and payment details like your credit card number, expiration date, security code, and billing address. Please note that we do not process payments - it is done by our third-party payment processor Stripe. We may have access to a limited amount of your personal data as disclosed to us by Stripe (e.g., your email address). Your payment data is used to process your payments and maintain our business records. The legal bases on which we rely are ‘performing a contract’ and ‘pursuing our legitimate business interests’ (i.e., administering our business). We store such data for the time period we are required by law to keep our accountancy records. 

IP address

When you use SmartrMail, we or our third-party analytics service providers (as explained below) collect your IP address (mostly, in an anonymised form). We use your IP address to analyse the technical aspects of your use of SmartrMail, prevent fraud and abuse of SmartrMail, ensure the security of SmartrMail, and tailor SmartrMail for your location. The legal basis on which we rely when processing your IP address is ‘pursuing our legitimate business interests’ (i.e., to analyse and protect SmartrMail) and ‘your consent’. We store such data until it is necessary for analysing and protecting SmartrMail or you withdraw your consent.

Newsletter

When you subscribe to our newsletter through the opt-in box available on the Site, we collect your email address. We use it to deliver our newsletter once per week. You can unsubscribe from it at any time by clicking the ‘unsubscribe’ link available in each email. The legal basis on which we rely is ‘your consent’. We keep your email address until you unsubscribe.

Comments

When you submit a comment under our blog posts, we collect your name, email address, website, and any other information that you decide to provide us in your comment. We use such information to feature your comment and enforce our terms. The legal bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to protect SmartrMail) and ‘your consent’. We keep such information as long as your comment is featured on the Site.

6.2 Non-Personal Information

Log files and analytics data

In order to analyse your use of SmartrMail, we automatically collect certain technical non-personal information about your use of SmartrMail. Such information does not allow us to identify you as an individual person in any manner. The non-personal data includes your activity on SmartrMail (e.g., what functionalities you use, how much time you spend on SmartrMail, how long it takes for SmartrMail to load and process your requests, and what errors occur). We only use this data in aggregate form, that is, as a statistical measure, and not in a manner that would identify you personally. This type of aggregate data enables us to calculate how often users use parts of SmartrMail so that we can make SmartrMail appealing to as many customers as possible, and improve those services. As part of this use of information, we may provide aggregate information to our partners about how our customers, collectively, use SmartrMail. We share this type of statistical data so that our partners also understand how often people use their services and SmartrMail, so that they, too, may provide you with an optimal online experience. Again, we will not, intentionally, disclose aggregate information to a partner in a manner that could identify you personally.

Your feedback

If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and any subsequent responses. Where reasonably possible, we remove all personal information that is not necessary for keeping such records. 

Aggregated and de-identified information

If we combine your non-personal information with certain elements of your personal information and such a combination allows us to identify you as a natural person, we will handle such aggregated data as personal information. If your personal information is de-identified in a way that it can no longer be associated with a natural person, it will not be considered personal information and we may use it for any business purpose.

6.3 Refusal to provide personal information

If you refuse to provide us with your personal information when we ask to, we may not be able to perform the requested operation and you may not be able to use the full functionality of SmartrMail or get our response. Please contact us immediately if you think that any personal information that we collect is excessive or not necessary for the intended purpose.

6.4 Sensitive information

We do not collect or have access to any special categories of sensitive information from you, unless you decide, at your own discretion, to provide such information to us. Sensitive data is information that relates to your health, genetics, biometrics, religious and political beliefs, racial origins, membership of a professional or trade association, sex life, or sexual orientation. If you decide, at your sole discretion, to include the said sensitive data into The Clients' Data, we will process such data for the purpose of fulfilling our contractual obligations. 

7. Processing the Clients' Data 

7.1 Your obligations with regard to the Clients’ Data

The nature of SmartrMail is to provide a newsletter service built off a subscriber list that you can either enter manually or automatically through various opt-in functions through your website, etc. Your subscriber list must be composed of email addresses of people who have expressly opted to receive communications from you, if it is required by the marketing laws applicable to y, or you have another legal basis for sending them commercial messages. Subscriber lists may not be sold, bought or otherwise be composed from a third party subscriber list.

Information that you enter into your newsletter is at your discretion and must comply with the terms of SmartrMail. While the newsletter templates are customizable, the email footer is standard to ensure that the newsletters comply with CAN SPAM laws. Specifically, the 'unsubscribe' link will always be static on the newsletter and you will not be able to remove it.

7.2 The Clients' Data Submitted by our users

To use our services, our clients may provide us with information about their individual clients. Our clients, as data controllers,  determine the scope of the information transferred to us and remain responsible for obtaining and disclosing the Clients' Data lawfully. The Clients' Data that we receive may vary by client. The Clients' Data typically includes client’s users’:

  • Names;
  • Email addresses;
  • Shipping addresses;
  • IP addresses; and
  • Cookie-related data.

7.3 The Clients' Data Collected Automatically

If our clients request us, we may automatically collect information on behalf of them. This may include:

  • dates and times of visits to our clients’ websites;
  • the pages visited on our clients’ websites;
  • information about how our clients’ websites are used (such as the content viewed, data and time of viewing, and how long it was viewed for); and
  • information regarding how individual users interact with our clients' emails (such as whether emails are opened or clicked and what device they are viewed on).

7.4 Purpose of the Clients’ Data

We process the Clients’ Data on behalf of our clients to provide products and services to our clients at their direction. We do not use this information for our own business purposes. We use personal information only as directed or authorized by our clients. The legal basis on which we rely is ‘performing a contract with our clients’. Typically, we are directed or authorized to use personal information collected on behalf of our clients to:

  • Send emails for our clients;
  • Personalize emails for our clients;
  • Target specific customers or customer types for our clients' email campaigns; and
  • Analyze and optimize our clients' emails (such as analyzing what emails have been opened and clicked, and what products have been purchased).

8. Security

The processing of your personal information is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of personal information. Our security measures include access control, secured networks, SSL protocol, strong passwords, anonymisation of personal data (when possible), and carefully selected data processors.

You need to prevent unauthorized access to your account and personal information by protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account.

We endeavor to safeguard your personal information to ensure that it is kept private. However, we cannot guarantee the security of user account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

9. Disclosure of Personal Information

9.1 Data processors

In addition to us, in some cases, your personal information may be accessible to third parties involved with the operation of SmartrMail (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed as our data processors.

The disclosure is limited to the situations when your personal information is required for the following purposes:

  • Ensuring the proper operation of SmartrMail;
  • Ensuring the delivery of the services ordered by you;
  • Providing you with the requested information;
  • Pursuing our legitimate business interests;
  • Enforcing our rights, preventing fraud, and security purposes;
  • Carrying out our contractual obligations; or 
  • If you provide your prior consent to such a disclosure. 

9.2 List of our data processors

We use a limited number of data processors. We choose them only if they agree to ensure an adequate level of protection of your personal information that is consistent with this privacy policy and the applicable data protection laws. The data processors that have access to your personal information are: 

  • Our hosting and cloud storage service provider Microsoft Azure located in the United States;
  • Our transactional email service provider Mailgun located in the United States;
  • Our technical support and live chat service provider Intercom located in the United States;
  • Our marketing service providers Facebook, Twitter, Google, and Sharpspring Ads located in the United States;
  • Our analytics service providers Chartmogul and Mixpanel;
  • Our payment service provider Stripe; 
  • Our data processing service provider Segment located in the United States; and
  • Our independent contractors. 

9.3 Selling personal information

We do not directly sell your personal information to third parties. However, some of your personal information, including online identifiers (e.g., cookie-generated data and IP addresses) may be used for advertising, marketing, and monetisation purposes (e.g., programmatic advertising, retargeting, third-party marketing, profiling, or cross-device tracking). To make sure that you have full transparency and control over your personal information, we provide you with a possibility to manage your personal information as described below.

10. Place of Processing and International Transfers

We process your personal information in our operating offices located in Australia and in any other places where the parties involved in the processing (our data processors are located).

Depending on your location, data transfers may involve transferring your personal information to a country other than your own. For example, if you reside in the European Economic Area (EEA), we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal information or we conclude a data processing agreement with the respective data processor that ensures such protection. We will not transfer your personal information internationally if no appropriate level of protection can be granted to it.

11. Retention Time

Your personal information shall be processed and stored for as long as required by the purpose it has been collected for.Therefore:

  • Personal information collected for purposes related to the performance of a contract between you and us shall be retained until such contract has been fully performed;
  • Personal information collected for the purposes of our legitimate interests shall be retained as long as needed to fulfill such purposes. You may find specific information regarding the legitimate interests pursued by us within the relevant sections of this privacy policy. 

We may be allowed to retain your personal information for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. Furthermore, we may be obliged to retain personal information for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, your personal data shall be securely deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

12. Cookies and Other Tracking Technologies

12.1 Cookies

Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your mobile and computer's browser (the “Browser”) to enable our systems to recognize your Browser and tell us how and when pages in our site are visited and by how many people. Also, SmartrMail cookies are used for login information and session management. The lawful bases on which we rely are ‘pursuing our legitimate business interests’ (i.e., to secure, analyse and promote our business) and ‘your consent’ (for non-essential cookies).  

When you visit SmartrMail for the first time, we may ask you to provide us with your consent to our use of all cookies via a cookie consent banner (for example, if you are based in the EU). If you do not provide your opt-in consent, we will not serve you our non-essential cookies. Please note that we may not be able to provide you with the best possible user experience on SmartrMail if not all cookies are enabled.

We use different types of cookies, including: 

  • Essential technical cookies that are strictly necessary to ensure the correct functioning of  SmartrMail and provide the services requested by you; 
  • Preference cookies that allow us to remember the settings chosen by you;
  • Marketing cookies that allow us to create, implement, and examine our marketing campaigns. Such cookies allow us to reach the right customers, analyse the productivity of our marketing campaigns, and offer you personalised advertisement; and
  • Statistics cookies that allow us to generate statistical reports about how you use SmartrMail.

Below, you can find a list of cookies that we use on SmartrMail, including their purpose and expiration time:

Essential technical cookies
Name Provider(location) Expiration Purpose
__cfduid cloudflare.com(US) 30 days The cookie is used to identify trusted web traffic.
CONSENT YouTube.com(US) 6041 days The cookie is used to detect users who have accepted marketing category in the cookie consent banner. 
debug smartrmail.com(US) Persistent The cookie is used to detect errors on the website. This information is sent to us in order to optimize your experience on the website.
li_gc  linkedin.com(US) 2 years The cookie is used to store your consent.
test_cookie doubleclick.net(US) 1 day The cookie is used to check whether your browser supports cookies.
Preference cookies
Name Provider(location) Expiration Purpose
lang  ads.linkedin.com(US) End of session The cookie remembers the user's selected language version of a website.
Statistics cookies
Name Provider(location) Expiration Purpose
_dc_gtm_UA smartrmail.com(US) 1 day The cookie is used by Google Tag Manager to control the loading of a Google Analytics script tag.
bounce adnxs.com(Germany) End of session The cookie determines if you leave the website straight away for internal statistics purposes.
cb prfct.co(US) End of session The cookie is used to collect your IP address, geographical location and website navigation - this information is used for internal statistics.
_ga smartrmail.com(US) 2 years The cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website. 
collect google-analytics.com(US) End of session The cookie is used to send data about your device and behaviour to GA. It tracks you across devices and marketing channels.
_gid smartrmail.com(US) 1 day The cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website. 
AnalyticsSyncHistory  linkedin.com(US)  29 days The cookie is used in connection with data-synchronization with third-party analysis service. 
personalization_id twitter.com(US) 2 years This cookie is set by Twitter - it allows you to share content onto your Twitter profile.
seg prfct.co(UK)adnxs.com(Germany) End of session The cookie registers statistical data on your behaviour on the website. It is used for analytics purposes.
Marketing cookies
Name Provider(location) Expiration Purpose
The list of our marketing cookies is available here.

12.2 Declining cookies

Most Browsers have an option for turning off the cookie feature, which will prevent your Browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. Please consult the information provided by your browser. 

If you see a cookie consent banner, you have the option to decline non-essential cookies. 

12.3 Other tracking technologies

In conjunction with our cookies, we may use pixels, web beacons and tracking tokens. Web beacons are images (often transparent) that are part of webpages; tracking tokens are digital objects or pieces of code. They allow us to see whether you access certain content on SmartrMail or open our emails, monitor your traffic, and generate statistics about how you use SmartrMail and other services. This provides us with a possibility to produce specific profiles of your behaviour in combination with other web server logs and cookie-related data. Our use of such tracking technologies is subject to the cookie consent that you provide us with. If you do not provide your consent, withdraw it, or set your browser to refuse cookies, we will not use those tracking technologies or provide you with an opt-out option.

If any third party operated services are listed among the tools below, these may be used to track your browsing habits – in addition to the information specified herein and without our knowledge. Please refer to the privacy policy of the listed services for detailed information.

  • Disqus - Disqus is a content commenting service provided by Big Heads Labs Inc. Personal Data collected: Cookies, Usage Data and various types of Data as specified in the privacy policy of the service. Place of processing: United States – Privacy PolicyOpt Out.
  • AdRoll (Semantic Sugar, Inc.) - AdRoll is an advertising service provided by Semantic Sugar, Inc. Personal Data collected: Cookies and Usage Data. Place of processing: United States – Privacy PolicyOpt Out.
  • AdWords Remarketing (Google Inc.) - AdWords Remarketing is a remarketing and behavioral targeting service provided by Google Inc. that connects the activity of smartrmail.com with the Adwords advertising network and the Doubleclick Cookie. Personal Data collected: Cookies and Usage Data. Place of processing: United States – Privacy PolicyOpt Out.
  • Facebook Custom Audience and Remarketing (Facebook, Inc.) - Facebook Custom Audience and Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of smartrmail.com with the Facebook advertising network. Personal Data collected: Cookies and email address. Place of processing: United States – Privacy PolicyOpt Out. Privacy Shield participant.
  • Google Tag Manager (Google LLC) - Google Tag Manager is a tag management service provided by Google LLC. Personal Data collected: Cookies and Usage Data. Place of processing: United States – Privacy Policy.
  • Intercom (Intercom Inc.) - Intercom is a User database management service provided by Intercom Inc. Intercom can also be used as a medium for communications, either through email, or through messages within smartrmail.com. Personal Data collected: Cookies, email address, Usage Data and various types of Data as specified in the privacy policy of the service. Place of processing: United States – Privacy Policy.

13. Children

PROTECTING THE PRIVACY OF YOUNG CHILDREN IS ESPECIALLY IMPORTANT TO US. SMARTRMAILIS GEARED TOWARDS ADULTS. IN NO EVENT SHOULD SMARTRMAIL BE USED BY A CHILD. WEDO NOT KNOWINGLY COLLECT INFORMATION FROM CHILDREN UNDER THE AGE OF 18 NOR DO WE SHARE SUCH INFORMATION WITH THIRD PARTIES. IF WE BECOME AWARE THAT WE HAVE COLLECTED PERSONAL INFORMATION FROM A CHILD UNDER AGE 18 WITHOUT VERIFICATION OF PARENTAL CONSENT, WE WILL TAKE STEPS TO REMOVE THAT INFORMATION.

14. Business Transfers

In some cases, we may choose to buy or sell assets. In these types of transactions, personal information is typically one of the business assets that is transferred. Moreover, if we or substantially all of our assets were acquired, or in the unlikely event that we go out of business or enter bankruptcy, personal information would be one of the assets that is transferred or acquired by a third party. We will notify you about the changes of the data controller who is responsible for your personal information.  

15. Legal Obligation to Provide Information

We may release personal information when we believe in good faith that release is necessary to comply with the applicable law; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of SmartrMail, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and risk reduction.

16. Your Rights

16.1 List of your rights

You may exercise certain rights regarding your personal information processed by us. In particular, you have the right to do the following:

  • Withdraw your consent at any time.
  • You have the right to withdraw consent where you have previously given your consent to the processing of your personal information.
  • Object to processing.
  • You have the right to object to the processing of your personal information if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access to personal information.
  • You have the right to learn if your personal information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of personal information undergoing processing.
  • Verify and seek rectification.
  • You have the right to verify the accuracy of your personal information and ask for it to be updated or corrected.
  • Restrict the processing.
  • You have the right, under certain circumstances, to restrict the processing of your personal information.
  • Have your personal information deleted or otherwise removed.
  • You have the right, under certain circumstances, to obtain the erasure of your personal information from SmartrMail.
  • Receive your personal data and have it transferred to another controller.
  • You have the right to receive your personal data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your personal data is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.
  • Lodge a complaint.
  • You have the right to bring a claim before their competent data protection authority.

16.2 Details about the right to object to processing

Where your personal information is processed for a public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection.

You must know that, however, should your personal information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification.

16.3 How to exercise these rights

Any requests to exercise your rights can be directed to us through the contact details provided at the end of this privacy policy. These requests can be exercised free of charge and will be addressed by us as early as possible and always within one month. We do not discriminate against you if you decide to exercise your rights. It means that we will not (i) deny any goods and services, (ii) charge you different prices, (iii) deny any discounts or benefits, (iv) impose penalties, or (v) provide you with lower quality services.

16.4 Requests with regard to the Clients' Data

If we receive a request for exercising data subject’s rights from a person whose personal data is included in the Client’s Data, we will forward such a request to the respective data controller. We do not have the capacity to honour such requests. 

17. How "Do Not Track" requests are handled

SmartrMail does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

18. CCPA Disclosure

18.1 If you are based in the state of California (US), you are protected as a consumer by the California Consumer Privacy Act of 2018 (CCPA) with respect to your personal data. In addition to the disclosures made in this privacy policy, we are hereby providing you with additional disclosures about our data processing practices and your consumer rights, as required by the CCPA.

18.2 What is personal information under the CCPA? Under the CCPA, the term ‘personal information’ refers to information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular consumer or household based in California. The term does not cover certain types of personal information (e.g., information subject to the Gramm-Leach-Bliley Act). 

18.3 Types of personal information that we collect. In the past 12 months, we have collected and disclosed to third parties for our legitimate business purposes, the following categories of personal information relating to California residents (please refer to section 6 for more detailed information):

  1. Identifiers and any categories of personal information described in subdivision (e) of section 1798.80: 
  • Registration of your user account: your name, email address, and password;
  • Payment processing: your name, credit card number, expiration date, security code, billing address, and email address;
  • Inquiries: your name, email address, and any information that you decide to include in your message; and
  • Browsing the Site: your IP address and cookie-related data.
  1. Characteristics of protected classifications under California or federal law: none. 
  2. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies: if processed through the Clients’ Data.
  3. Biometric information: none.
  4. Internet or other electronic network activity information: cookie-related data and analytics data.
  5. Geolocation data: IP address only.
  6. Audio, electronic, visual, thermal, olfactory, or similar information: none.
  7. Professional or employment- related information: none.
  8. Education information: none.
  9. Inferences drawn from other personal information: none.

18.4 The categories of sources from whom we collect your personal information. We obtain your personal information from the following categories of sources:

  • Directly from you. For example, if you submit certain personal information directly to us when registering your account, completing the necessary forms, or contacting us.
  • Directly or indirectly through your activity on SmartrMail. When you use SmartrMail, we automatically collect technical information about your use of it.
  • From third parties. We may receive information about you from third parties to whom you have previously provided your personal information,  if those third parties have a lawful basis for disclosing your personal information to us.

18.5 The categories of third parties to whom we disclose your personal information. If necessary for our legitimate business purposes, we disclose the relevant personal information to the following third parties (please refer to section 9 for more information):

  • Our hosting and cloud storage service provider Microsoft Azure located in the United States;
  • Our transactional email service provider Mailgun located in the United States;
  • Our technical support and live chat service provider Intercom located in the United States;
  • Our marketing service providers Facebook, Twitter, Google, and Sharpspring Ads located in the United States;
  • Our analytics service providers Chartmogul and Mixpanel;
  • Our payment service provider Stripe; 
  • Our data processing service provider Segment located in the United States; and
  • Our independent contractors.

18.6 Use of personal information. In the past 12 months, we have used your personal information for the following purposes (please refer to section 6 for more information):

  • Registering, verifying and maintaining your user account;
  • Providing you with the requested services;
  • Performing our contractual obligations; 
  • Maintaining and improving SmartrMail; 
  • Conducting research about SmartrMail and our business activities;
  • Replying to your enquiries;
  • Maintaining our business records;  
  • Conducting audits;
  • Developing new services;
  • Ensuring security of SmartrMail;
  • Preventing fraud;
  • Showing you relevant advertising; and
  • Complying with the applicable laws.

18.7 Sale of personal information. In the past 12 months, we have not sold your personal information. The term ‘sold’ refers to the disclosure of your personal information to a third-party for monetary or other valuable consideration.

18.8 Your rights regarding your personal information. As a California resident, you have certain rights granted by the CCPA with regard to your personal information. Such rights are:

I. To receive information about, within the last 12 months:  

  • The categories of personal information that we collected from you;
  • The categories of sources from which we collected your personal information;
  • The purposes for which we collected your personal information; 
  • The categories of third parties to which your personal information was disclosed and the personal information that was disclosed; and
  • The specific pieces of personal information that we collected about you;

II. To request us to delete your personal information that we hold about you, unless there is an exception under the CCPA; and

III. Remain free from unlawful discrimination for exercising your rights.

18.9 Making requests under the CCPA. If you have not found sufficient information in this privacy policy, you can submit your requests for exercising your rights to us by email or post (our contact details are available at the end of this privacy policy). We will reply to you as soon as possible but no later than 30 days. Please note that we may need to verify your identity by requesting you to submit certain identifying details.

18.10 Authorised agent. You can exercise your rights through an authorised agent. To do so, you will need to (i) provide us with a copy of your written permission for the authorised agent to act on your behalf; and (ii) verify your identity with us. Alternatively, you can (i) provide your authorised agent with a power of attorney and (ii) submit a copy of the power of attorney to us. 

18.11 Declining your requests. In some instances that are permitted by the CCPA, we may not honour your request. Such instances include: (i) the failure to verify your identity; (ii) if you do not have authority to exercise the rights on behalf of another person; (iii) if there is an exception under the CCPA; or (iv) where the personal information that we hold about you is not subject to the CCPA.

18.12 Filing a formal complaint. If you are not satisfied with our response to your request, you have the right to file a formal complaint with the Attorney General’s Office (see https://oag.ca.gov/contact/consumer-complaint-against-business-or-company for more information). 

19. Changes to this Privacy Policy

We may amend this privacy policy from time to time. Use of information we collect now is subject to the privacy policy in effect at the time such information is used. If we make material changes in the way we use personal information, we will notify you by posting an announcement on SmartrMail and sending you an email. If you have unsubscribed from all email communications from SmartrMail, we will not email you changes to the privacy policy. You will still, however, be subject to the privacy policy changes.

20. Contact

If you have any questions or concerns regarding privacy using SmartrMail, please send a detailed message to [email protected]. Our mailing address is SmartrMail Pty Ltd, 52 Cambridge Street, Collingwood, Victoria, Australia 3053. Smart