Privacy policy
1. General information
- This policy defines ways to protect the personal data of Users using Coresender at the electronic address (https://coresender.com), hereinafter referred to as the "Platform".
- The lack of acceptance of this Privacy Policy is tantamount to the inability to use the Platform.
- The Administrator of Users' data is the Service Provider.
- The Service Provider's contact email address: privacy@coresender.com.
- The Service Provider is the administrator of User’s personal data in relation to the data provided voluntarily in the Platform.
- The administrator collects user data as specified in the Regulations.
- Personal data collected by the Service Provider is processed under the rules laid down in the data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (the "GDPR").
- In order to use the Platform, it is necessary to set up an Account or Trial Account in the Platform. For this purpose, the User provides their name or company name, name and surname, and data enabling contact with the User, in particular the email address and telephone number.
- The Service Provider uses personal data for the following purposes:
– the conclusion and implementation of contracts by the Service Provider with Coresender Users (legal basis: article 6 section 1 letter b GDPR);
– for the purpose of sending commercial information (Newsletter) to the email address provided by you when registering in the Platform (legal basis: article 6 section 1 letter f GDPR). The User has the option to give a separate consent to the shipment of commercial information from Service Provider. This consent is not a prerequisite for the use of the Services. The User may grant or withdraw the consent in question at any time. Consent is given by actively selecting the check-box in the appropriate form. Consent is not part of other statements. Consent to the shipment of commercial information may be given by a person who has reached at least 16 years of age or by legal guardians of a minor. When User agrees, the Service Provider informs User that they can withdraw his consent at any time. In order to withdraw consent to send marketing messages, the appropriate box is in the check box by which User has given his consent or to send the corresponding application to the contact address of the Service Provider. Withdrawal of consent shall be carried out at least 5 days after the date of its withdrawal. At the same time, the Service Provider informs User that in exceptional cases messages containing commercial information may be sent without express consent if there is a relationship between the Service Provider and the User consisting of a mutual agreement, the emails are direct advertisement of similar proprietary products or Services, the Recipient of the email has been informed of the possibility of lodging an objection at any time (for obtaining and each use of an email address), without incurring costs other than the cost of transmission at the basic rates, the recipient of the email did not object;
– for purposes arising from legitimate interests pursued by the Service Provider, i.e. for analytical, statistical purposes and to ensure information security (legal basis: article 6 section 1 letter f of the GDPR);
– in order to contact Users (legal basis: article 6 section 1 letter b of the GDPR). - The platform performs the functions of obtaining and maintaining Users’ information as follows:
– by voluntarily entering the data entered in the forms, which are entered into the Service Provider's systems.
– by storing cookies in terminal devices, hereinafter referred to as "cookies". - The Platform collects the information provided voluntarily by User, including personal data if User provides it.
- The Platform and the web browser used by the Recipient may save information about the connection parameters (time, IP address).
- The Platform, in some cases, may save information to help link data to the form with the email address of the form User.
- The data provided in the form is processed for the purpose of the function of a particular form, e.g. to process service or commercial contact, service registration, etc. Each time the context and description of the form clearly tells you what it is for.
- The Service Provider is only the processor of User’s data. As part of the entrustment, the Service Provider will process personal data such as the email addresses of the User's contractors, the content of email messages, data contained in the subject of email messages sent by the User as part of the Service and communication logs. The purpose of processing the above data is the provision of Services. On the above data, the Service Provider will perform storage, viewing, and organizing operations within the meaning of art. 4 point 2 GDPR by providing Services. The Service Provider will process the above data for the duration of the Services. The Service Provider is not responsible for the correctness and legality of data processing entrusted to them by the User being their Administrator. The Service Provider is not responsible in particular for processing for unlawful purposes or without a legal basis, for processing more data than is required to meet the purposes of processing, the absence of a valid legal basis for their processing, including in particular the consent of the data subject, expressed correctly. The Administrator of personal data entrusted to the Service Provider should implement appropriate technical and organizational measures so that the processing takes place in accordance with the GDPR, taking into account the nature, scope, contexts and purposes of processing as well as the risk of violation of the rights or freedoms of natural persons of varying probability and severity.
2. Data Protection Officer
You can contact the Data Protection Officer, in all matters relating to the processing and exercise of the rights associated with it. Contact with the Data Protection Officer may occur by:
- email: privacy@coresender.com;
- in writing: Data Protection Officer, Global Email Solutions Ltd, 590 Kingston Road, London, SW20 8DN, United Kingdom.
3. Selected data protection methods used by the Service Provider
- Login and input of personal data are protected in the transmission layer (SSL certificate). This allows personal data and login information entered on the site to be encrypted on the User's computer and can only be read on the destination server.
- The Service Provider periodically changes its administrative passwords.
- To protect User’s data, the Service Provider regularly makes backup copies.
- An important element of data protection is the regular update of any software used by the Service Provider for the processing of personal data, which in particular means regular updates of programming components.
4. User’s rights and additional information on how to use User’s data
- In some situations, the Service Provider has the right to transfer User’s personal data to other Recipients if necessary to perform the contract concluded with User or to perform the obligations of the Service Provider, e.g. to perform the contract concluded with providers of IT services, hosts, internet payment service providers, couriers, postal operators and other data processors on behalf of the Service Provider under a contract to entrust the processing of personal data, as well as accountants, lawyers, administrations, state services and courts.
- User’s personal data is processed by the Service Provider no longer than is necessary to perform related activities as defined by separate regulations (e.g. accounting).
- The processing of User’s personal data is carried out on a voluntary basis, but depending on the circumstances of the refusal to share the data or request for its deletion, it may prevent the Full Use of the Platform.
- User has the right to request from the Service Provider:
– access to personal information regarding;
– their rectification;
– their removal;
– restriction of their processing;
– data portability;
– the right to object if the processing is based on art. 6 section 1 letter f GDPR, in relation to the processing of personal data for the purpose of exercising legitimate interests pursued by the Service provider, including profiling, while the right of objection cannot be exercised if there are valid legitimate grounds for processing, overriding interests, rights and freedoms over User, in particular, determining, pursuing or defending claims;
– the right to withdraw consent at any time, if the processing takes place on the basis of art. 6 section 1 letter a GDPR or art. 9 section 2 letter a GDPR – without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal. - The actions of the Service Provider are subject to complaint to the supervisory authority.
- Activities may be taken against User by automated decision-making, including profiling, in order to provide services under the contract concluded and for the purpose of direct marketing by the Service Provider.
- Personal data may be transferred outside the European Economic Area as part of the Service Provider's use of the services of entities providing solutions and IT systems, which entities may store personal data on servers located outside this area or as part of the Service Provider's provision of Services to the extent necessary for their execution.
- The basis for the transfer referred to in section 7, may be a decision of the European Commission stating the appropriate level of protection or the use of appropriate legal safeguards, which are in particular standard contractual clauses for the protection of personal data, approved by the European Commission. In particular, in the case of transferring personal data to the United States, the appropriate level of protection for such data, including through the use of appropriate safeguards, is ensured by the EU-US Privacy Shield established by the European Commission implementing decision as a set of guaranteeing principles.
- In the event that the European Commission fails to issue a decision stating an adequate level of protection or if adequate legal safeguards are not provided, personal data may be transferred to a third country on the basis of one of the conditions listed in art. 49 section 1 GDPR, in particular on the basis of explicit consent. Users have the right to obtain a copy of personal data transferred to a third country.
5. Service Provider’s Logs
Information about user behaviour in the Platform may be logged in. This data is used to administer the Platform.
6. Relevant marketing techniques
- The Service Provider uses remarketing techniques to match advertising messages to the User's behavior on the website, which may give the illusion that User’s personal data is being used to track it but in practice there is no transfer of any personal data from the Service Provider to advertising operators. The technological condition for such activities is enabled the operation of cookies.
- The Service Provider applies a solution that automates the operation of the Platform in relation to users, e.g. that can send an email to the User after visiting a specific subpage, provided that they have agreed to receive commercial correspondence from the Service Provider.
7. Information about cookies
- The platform uses cookies.
- Cookies ("cookies") are information, in particular text files stored in the End Device of the Platform User and are intended to use the Platform's websites. Cookies typically contain the name of the website from which they come, the time of storage on the end device and a unique number.
- The entity placing cookies on the terminal device of the User and having access to them is the Service Provider.
- Cookies are used for the following purposes:
1. maintaining the Platform User session (after logging in) so that the User does not have to re-enter the login and password on each Platform subpage;
2. achieve the objectives set out above in the "Relevant Marketing Techniques" section; - The Platform uses two main types of cookies: "session" and "persistent". "Session" cookies are temporary files that are stored in the User's End Device until User logs out, leaves the website or disables the software (web browser). "Persistent" cookies are stored on the User's End Device for the time specified in the parameters of cookies or until they are deleted by the User.
- Web browsing software (web browser) typically allows cookies to be stored on your End Device by default. Users can change the settings in this regard. The web browser allows User to delete cookies. It is also possible to automatically block cookies. Detailed information on the subject can be found in the help section or documentation of a web browser.
- Restrictions on the use of cookies may affect some of the functionalities available on the Platform's websites. Cookies placed on the End Device of the User can also be used by entities cooperating with the Service Provider, in particular by companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
8. Managing cookies – how to express and withdraw consent in practice?
If User does not wish to receive cookies, User may change their browser settings. The Service Provider reserves that disabling the handling of cookies necessary for authentication, security, and maintaining User’s preferences may make it difficult and, in extreme cases, may prevent the use of the websites.