Privacy Policy

PRIVACY POLICY

Last modified: September, 2020.

Your privacy is important for THE MAIL TRACK COMPANY, S.L. (hereinafter, “THE MAIL TRACK COMPANY“ or “we“) and an essence to our service. This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle that information

At THE MAIL TRACK COMPANY, we care about the confidentiality and privacy of your data and are fully committed to protecting it. This is something that will never change. MAIL TRACK is not in the business of selling or renting your information. We will not sell your personal data to third parties and shall only share it when necessary for the rendering of the MAIL TRACK COMPANY services as stated below.

Controller	THE MAIL TRACK COMPANY N.I.F. number B-66095670 Calle Córcega, número 301, ático 2ª, 08008 – Barcelona (Spain)
Site / Web Site	https://mailtrack.io/en/
Purposes	To provide you with our services To assist you in your petitions For improving the Site To process your CV To send you information regarding our Services
Legal basis	As appropriate, the fulfillment of the contractual relationship, the legitimate interest of THE MAIL TRACK COMPANY and data subject’s consent
Rights of the data subject	You can ask THE MAIL TRACK COMPANY to provide details about what personal data have we collect from you, and you can ask us to delete it or correct any inaccuracies. You can also ask us to restrict or limit processing, sharing, or transfer of your personal information, as well as to provide to you your personal information that we’ve collected so you can use it for your own purposes. However, we won’t delete data that we’re required by law to retain. You can direct those requests to privacy@mailtrack.io. You can also ask the Spanish data protection authority for its assistance at https://www.aepd.es/.
Additional information	For further information on our Site, you can review our Terms & Conditions.

Table of contents

1. Introduction
2. Processing of personal data of Users by The Mailtrack Company (as Controller)
3. Processing of personal data on behalf of Users by THE MAIL TRACK COMPANY (as Data Processor)
4. Use of Google's APIs
5. Security
6. Exclusion of the Mailtrack service
7. Frequently asked questions about privacy

1. Introduction

This Privacy Policy establishes the conditions for the processing of personal data of users (the “User” or “you”) of the MAIL TRACK COMPANY service (the “Service”) by THE MAIL TRACK COMPANY as well as the conditions for the processing of personal data by THE MAIL TRACK COMPANY on behalf of Users within the Service.

THE MAIL TRACK COMPANY shall process personal data in accordance with European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”), Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights (“LOPD”) and other applicable data protection laws.

2. Processing of personal data of Users by THE MAIL TRACK COMPANY (as Controller)

2.1. This Section explains the processing of personal data of Users by THE MAIL TRACK COMPANY as a controller, that is, when THE MAIL TRACK COMPANY decides about the purposes and means for the processing of the data. This only happens regarding the data of the User used by THE MAIL TRACK COMPANY to render the Service (having an account, invoicing…). This does not include the communications sent by the User through the Service and related data, which shall only be processed in accordance with Section 3 below.

THE MAIL TRACK COMPANY shall process as controller your personal data to provide you with the Service and to manage and improve the Service, including sending of communications regarding the Service or with information about the Service or THE MAIL TRACK COMPANY.

2.2. For the provision of the Services, THE MAIL TRACK COMPANY may process the following personal data of Users, such us

• name or email address,
• language preferences,
• current location for the proper price/currency displaying,
• email body, which will only be needed for technical operations necessary to provide the Service and as described below,
• payment data, and
• other personal data provided by the User in the context of the provision of the Service.

2.3. The personal data indicated above, may be used by THE MAIL TRACK COMPANY for the following purposes:

• to develop commercial actions and carry out the maintenance and management of the relationship with you;
• to manage and improve the Service;
• to respond to queries, suggestions or complaints made by you on the Service;
• to send you information requested;
• to comply with the law and legal processes;
• for recruitment, when filling in the “Empleo” section or to notify you in case there is an employment vacancy in THE MAIL TRACK COMPANY when subscribing to our “Create a job alert” section; and
• to reply to requests made by public authorities.

2.4. The legal basis for the processing of personal data of Users is the contractual relationship between the User and THE MAIL TRACK COMPANY for the Service and also the legitimate interest of THE MAIL TRACK COMPANY of informing registered Users about the Service and the company, unless they opt out to receive this information.

2.5. Personal data of the Users will be processed by THE MAIL TRACK COMPANY throughout the term of the contractual relationship and subsequently for the legal term during which applicable regulations require such personal data be he held thereafter.

2.6. In general, the User’s personal data will be stored in the European Union. However, THE MAIL TRACK COMPANY may share the personal data with third parties, some of which may be located outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein), only for the provision of the Service and at all times subject to the guarantees and requirements provided by applicable data protection laws.

In the event that THE MAIL TRACK COMPANY transfers the User’s personal data to another country and where the country or territory in question does not maintain adequate data protection standards, THE MAIL TRACK COMPANY will make sure that personal data is stored and transferred in a way which is secure. Therefore, THE MAIL TRACK COMPANY will only transfer personal data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

• by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws; or
• transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
• where it is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
• where the User has consented to the data transfer.

To ensure that personal personal data receives an adequate level of protection, THE MAIL TRACK COMPANY will put in place appropriate contractual wording with the third parties we share the User's personal data with to ensure that its personal data is treated by those third parties in a way that is consistent with and which respects the law on data protection.

However, where personal data is stored in a third country, it may be accessible to law enforcement agencies in accordance with domestic laws.

2.7. The User may at all times exercise his rights to access, rectification, erasure and restriction of processing and data portability as provided in the GDPR and applicable regulations by contacting THE MAIL TRACK COMPANY at Calle Córcega, nº 301, Ático 2, 08008, Barcelona (Spain); or, by sending an email to privacy@mailtrack.io. The User may also lodge a complaint before the Spanish Data Protection Authority at www.aepd.es.

If at any time the User wishes to stop receiving communications regarding THE MAILTRACK COMPANY or with commercial information about the Service, the User may request so by sending an email to privacy@mailtrack.io

3. Processing of personal data on behalf of Users by THE MAIL TRACK COMPANY (as Data Processor)

3.1. This Section explains the processing of personal data by THE MAIL TRACK COMPANY on behalf of Users, as a data processor, that is, when the purposes and means for the processing of the data are decided by the User and THE MAIL TRACK COMPANY only access the data for the rendering of the Service and on behalf of the User.

The Service may imply the access and processing by THE MAIL TRACK COMPANY of personal data controlled by the User and generated within the Service in relation to each electronic mail sent by the User through the Service (“Accessed Data”). In such cases, THE MAIL TRACK COMPANY shall be deemed as the data processor and shall process such personal data only on behalf of the User and not for its own purposes.

The Accessed Data shall comprise:

• Information required to identify the electronic mails sent through the Service:
  • information of the recipients;
  • subject of the email;
  • email body, only as necessary to provide the Service and as described below; and
  • date and time in which the email was sent.

• Information provided by the Service:
  • receipt confirmation;
  • open confirmation;
  • email body, only as necessary to provide the Service and as described below;
  • timestamp of each email opening;
  • history of the times (number, date and time) the recipient has opened the received email;
  • browser and operating system used by the recipient who opened the email;
  • number of links included in the email;
  • text and URL of such links;
  • number of clicks made on each of them by the recipient;
  • timestamp of each click on the link; and
  • browser and operating system used by the person who has clicked on the link.

Accessed Data is the only information to which THE MAIL TRACK COMPANY shall access to provide the Service. Authorizations for Gmail and the connection to your Google account as detailed in the Service Terms and Conditions are needed technically for the rendering of the Service by THE MAIL TRACK COMPANY and to provide the email tracking service, but do not imply the access by THE MAIL TRACK COMPANY to any data or information of the User other than the Accessed Data. For your better understanding, this is the detail of the use of the above permissions by THE MAIL TRACK COMPANY:

• Basic permissions: view your email metadata such as labels and headers. The Service needs this permission to identify your emails and correctly assign the open status (double check marks).
• Insert email into your inbox: this permission is necessary to add email alerts in your Gmail inbox when your emails are opened.
• View and manage your basic email settings: The Service needs to know your settings (e.gl alias, design style) to work properly.
• Manage mailbox labels: the double-check marks in mobile devices are added as labels. The Service needs this permission to add labels (check-marks) to your emails and update them when your emails are opened.
• Read, send, delete and manage your email: Campaigns service makes a copy of your email for each recipient and uses “send Gmail API permission” to send and individually track a copy of this email. The Service needs to delete the tracking pixel from your sent emails, so when you open your own emails you do not produce a self-open. No one at THE MAIL TRACK COMPANY will read your emails, THE MAIL TRACK COMPANY will never send emails on your behalf and will never share the content of your emails.
• Read and change your data in a number of websites (All usergooglecontent.com sites, All mailtrack.io sites, mail.google.com, mailtrack.io). The Service modifies Gmail and Google Inbox websites in order to display the double check marks as well as the Mailtrack website.

As detailed in the above permissions, some of them are never used by THE MAIL TRACK COMPANY, but the permission system from Google does not have enough granularity to select only the ones that THE MAIL TRACK COMPANY really needs.

THE MAIL TRACK COMPANY guarantees that:

• Only automated software uses the above permissions
• No one at THE MAIL TRACK COMPANY reads your emails
• THE MAIL TRACK COMPANY will never send emails on your behalf
• THE MAIL TRACK COMPANY will never share the content of your emails with third parties
• THE MAIL TRACK COMPANY will never share your browsing data with third parties
• THE MAIL TRACK COMPANY doesn’t store the body of your emails.

The processing of the above personal data is only carried out for the provision of the Service within the terms and duration stated in the Service Terms and Conditions.

3.2. Accordingly, THE MAIL TRACK COMPANY shall:

(i) not process the Accessed Data for a purpose other than the provision of the Service requested by the User and shall not transfer such data, not even for their storage, to unauthorized parties;

(ii) process the Accessed Data only on documented instructions from the User; and if THE MAIL TRACK COMPANY is aware that or of the opinion that any instruction given by the User breaches the data protection regulations, THE MAIL TRACK COMPANY shall immediately inform the User;

(iii) notify the User promptly if it becomes aware of any data breach and shall provide full details of the relevant breach;

(iv) ensure that persons authorized to process the Accessed Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(v) taking into account the nature of the processing, assist the User by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Users’ obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;

(vi) take all measures required pursuant to Article 32 of the GDPR (Security of Processing);

(vii) assist the User in complying with its obligations pursuant to Articles 32 to 36 of GDPR taking into account the nature of processing and the information available to THE MAIL TRACK COMPANY, including but not limited to, assisting the User with:

(viii) at the choice of the User, delete or return all the Accessed Data to the User after the end of the provision of Service, unless the storing of the data is required by applicable law; and

(ix) make available to the User all information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User.

3.3 THE MAIL TRACK COMPANY shall not subcontract third parties for the processing operations which may imply access to the Accessed Data without the authorization of the User.

In this respect, the following sub-processors are deemed as authorized by the User:

• Amazon Web Services, Inc. as provider of the hosting of the Service, through servers located in Ireland.
• Google services: Google Apps, Google APIs, Google Analytics, Webmaster Tools and Google Forms
• HelpScout, for the provision of the customer service
• LogEntries for server logs storage

3.4. THE MAIL TRACK COMPANY shall guarantee the confidentiality of the Accessed Data, evn after the termination of the Service.

3.5. The User is the data controller of the processing of the Accessed Data within the meaning in GDPR. The User is the only one deciding the purposes and means for the processing of Accessed Data, so THE MAIL TRACK COMPANY does not use Accessed Data for its own purposes and only uses them for the rendering of the Service and on behalf of the User. To such extent, the User shall have to comply with applicable obligations under data protection regulations, including relying on an appropriate legal basis for the processing of personal data of the recipients of the emails sent through the Service. The User, and not THE MAIL TRACK COMPANY, shall be solely responsible for the compliance with such obligations.

3.6. The User acknowledges and agrees that the use of the Service and the processing of the Accessed Data as a result of the same is its own free and exclusive decision and has verified that the conditions of the Service and the processing of the Accessed Data are in line with its interests.

4. Use of Google’s APIs

THE MAIL TRACK COMPANY use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

5. Security

THE MAIL TRACK COMPANY shall process all personal data in the strictest confidentiality and implement the appropriate technical and organisational measures as required by applicable regulations.

We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology.

6. Exclusion of the MAIL TRACK service

6.1. The recipient of an email sent by the User of the Service may be excluded of the monitoring conducted by the User if the recipient selects the checkbox “Opt-out” available on the “User Privacy" section.

6.2. Due to technical limitations, the only way to exclude the recipient of the Service from the Service implies the installing of a cookie from the website mailtrack.io. Therefore, in case the recipient proceeds to delete cookies from his browser, the recipient will be included once again in the Service.

6.3. The aforementioned cookie will only work on the browser used by the recipient to select the exclusion. Therefore, in the event of using a different browser, the recipient will have to carry out the exclusion process on such browser.

7. Frequently asked questions about privacy

7.1. How can I remove THE MAIL TRACK COMPANY access to my Google account and emails?

You can stop THE MAIL TRACK COMPANY access to your Google account here . In such a case, you will not enjoy the Service anymore.

7.2. Does THE MAIL TRACK COMPANY sell or rent my personal data or the content of my emails?

No, THE MAIL TRACK COMPANY does not sell or rent your personal data.

7.3. Do you need a data privacy agreement?

This Privacy Policy constitutes a binding data processing agreement (DPA) in case you need it.

7.4. Where is my information stored?

Information submitted to THE MAIL TRACK COMPANY will be transferred to, processed, and stored in Amazon.com services facilities in Ireland.

7.5. How can I delete my personal data from the Service?

You can remove your Personal Data from the Service at any time by logging into your account, accessing the Account page, and then deleting your account.

7.6. How safe is my credit card information?

Your credit card information is safe. THE MAIL TRACK COMPANY does not have access to your credit card information at any point during the transaction, so we do not store your credit card information. We process every payment via Stripe or Paypal, certified Level 1 third party payment processing services.

7.7 Does THE MAIL TRACK COMPANY store the body of my emails?

No, the MAIL TRACK COMPANY doesn’t store the body of your emails.

7.8 Why does THE MAIL TRACK COMPANY need permissions to access your Gmail / Google Account and how those permissions are used?

This is the detail of the use of the permissions by THE MAIL TRACK COMPANY:

• Basic permissions: view your email metadata such as labels and headers. The Service needs this permission to identify your emails and correctly assign the open status (double check marks).
• Insert email into your inbox: this permission is necessary to add email alerts in your Gmail inbox when your emails are opened.
• View and manage your basic email settings: The Service needs to know your settings (e.gl alias, design style) to work properly.
• Manage mailbox labels: the double-check marks in mobile devices are added as labels. The Service needs this permission to add labels (check-marks) to your emails and update them when your emails are opened.
• Read, send, delete and manage your email: Campaigns service makes a copy of your email for each recipient and uses “send Gmail API permission” to send and individually track a copy of this email. The Service needs to delete the tracking pixel from your sent emails, so when you open your own emails you do not produce a self-open. No one at THE MAIL TRACK COMPANY will read your emails, THE MAIL TRACK COMPANY will never send emails on your behalf and will never share the content of your emails.
• Read and change your data in a number of websites (All usergooglecontent.com sites, All mailtrack.io sites, mail.google.com, mailtrack.io). The Service modifies Gmail and Google Inbox websites in order to display the double check marks as well as the Mailtrack website.

As detailed in the above permissions, some of them are never used by THE MAIL TRACK COMPANY, but the permission system from Google does not have enough granularity to select only the ones that THE MAIL TRACK COMPANY really needs.

7.9 Privacy code of conduct

THE MAIL TRACK COMPANY guarantees that:

• only automated software uses the above permissions
• no one at THE MAIL TRACK COMPANY reads your emails
• THE MAIL TRACK COMPANY will never send emails on your behalf
• THE MAIL TRACK COMPANY will never share the content of your emails with third parties
• THE MAIL TRACK COMPANY will never share your browsing data with third parties