Privacy Policy

Last modified: September, 2022.

Your privacy is important to THE MAIL TRACK COMPANY, S.L., (hereinafter “Mailtrack” or “us”) and essential to our service.This Privacy Policy explains what personal data we collect from you, why, what we do with your personal data, and how we use it.

At Mailtrack, we care about the confidentiality and privacy of your personal data and undertake to protect them.This is something that will never change. Mailtrack does not sell or rent your information, and we will only share your personal data with third parties when necessary to provide you with our service, as indicated below.

Responsible for the processing	THE MAIL TRACK COMPANY N.I.F. number B-66095670 C/ Corcega 301, Attic 2ª, 08008 – Barcelona (Spain)
Website/Website	https://mailtrack.io/en/ https://maildoc.io/en/ and all subdomains or sections operated by Mailtrack.
Purposes	Provide you with our services Respond to your requests Improve the Website Send you information about our services
Legal Basis	For the performance of obligations under a contractual relationship Legitimate interest Consent of the data subject
Rights of the person concerned	You may request us to provide you with information about the personal data we collect from you, as well as request us to delete or correct any inaccuracies. You may also ask us to restrict or limit the processing or transfer of your personal data, as well as to provide you with your personal data so that you can use it for your own purposes. Notwithstanding the above, Mailtrack will not delete your personal data when necessary for the fulfilment of a legal obligation.You can send your request to privacy@mailtrack.io. You can also seek the assistance of the Spanish Data Protection Agency at https://www.aepd.es/.
Additional information	For more information about our Site, you can review our Terms and Conditions.

Introduction
Processing of Users’ Personal Data by Mailtrack (as Data Controller)
Processing of personal data of Recipients on behalf of the Users by MailTrack (as Processor Manager)
Use of Google and Facebook’s APIs
Security
Exclusion from Mailtrack service
Frequently asked questions about privacy

1. Introduction

This Privacy Policy establishes the conditions for the processing of personal data when you use our services (“User”) by Mailtrack, as well as the conditions for the processing of personal data by Mailtrackon behalf of the Users (“Recipient”).

Mailtrack will process personal data in accordance with European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (“GDPR”), Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (“LOPD”) and other applicable data protection laws.

We recommend that before using our services, you read this Privacy Policy carefully.

2. Processing of Users’ Personal Data by Mailtrack (as Data Controller)

2.1. This Section explains the processing of Users’ personal data by Mailtrack as controller, i.e. when Mailtrack decides on the purposes and means to carry out the processing of personal data.This only occurs with respect to the User’s data used by Mailtrack for the purpose of providing the Service (maintenance of your account, billing...).This does not include communications sent by the User through the Service and related data, which will only be processed in accordance with the Third Section.

Mailtrack will process your personal data in your capacity as controller to provide you with the Service, as well as to manage and improve it, including sending communications regarding the Service or with information about the Service.

2.2. For the provision of the Service, Mailtrack may process the following personal data of Users, such as:

name;
e-mail address;
language preferences;
current location for correct price/currency display;
payment data;
other personal data provided by the User in the context of the provision of the Service.
documents to be stored on the Mailtrack platform only if the User uses the "Document Tracking" service

2.3. The personal data indicated above may be used by Mailtrack for the following purposes:

develop commercial actions and carry out the maintenance and management of their contractual relationship;
manage and improve the Service;
respond to your requests, suggestions or complaints made by you concerning the Service;
send him the information he has requested from us;
comply with the rules applicable in each case; and,
to respond to requests or requests from public authorities.
provision of the “Document Tracking” Service.

2.4. The legal basis for the processing of Users’ personal data is the contractual relationship between the User and Mailtrack for the provision of the Service, as well as Mailtrack’s legitimate interest in informing registered Users about the Service, unless the Users inform Mailtrack who do not wish to receive commercial communications.

2.5. Duration of processing: The personal data of the Users will be processed by Mailtrack during the contractual relationship and, subsequently, during the legal period required by the applicable regulations depending on the case.

2.6. The processors of Mailtrack, that is, our service providers, may have access to your personal data when necessary and for the purpose of managing the provision of the Service. To ensure that personal data receive an adequate level of protection, Mailtrack will enter into agreements with third parties with whom it shares personal data, to ensure that your personal data is processed by those third parties in a consistent and respectful manner with data protection regulations.

2.7. In general, the User’s personal data shall be stored in the European Economic Area (i.e. the Member States of the European Union, Norway, Iceland and Liechtenstein or ‘EEA’). However, Mailtrack may share personal data with service providers located outside the EEA, in which case it will ensure that the personal data is stored and transferred securely.These transfers would be made, depending on the case, on one of the following bases:

by means of a data transfer agreement incorporating existing standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to processors and processors in jurisdictions that do not have adequate data protection legislation; or
transfer your data to a country where the European Commission has found its adequacy with respect to the data protection levels of that country through its legislation; or
where necessary for the conclusion or execution of a contract between the undertaking, you and a third party and the transfer is in your interest for the purposes of that contract (e.g. if we need to transfer your data to a service provider based outside the EEA); or
when the User has consented to the transfer of data.

However, it is important to bear in mind that when personal data is stored in a third country, it is possible for the authorities of those countries to access their personal data in compliance with the domestic regulations of that country.

2.8. The User may exercise at any time his or her rights of access, rectification, cancellation and opposition of data processing and portability as provided for in the GDPR and the LOPD, by contacting Mailtrack at the following address: Calle Corcega, nº 301, Attic 2ª, 08008, Barcelona (Spain) or, by sending an email to privacy@mailtrack.io.

The User may also seek the assistance of the Spanish Data Protection Agency at www.agpd.es.

If at any time the User wishes to stop receiving commercial communications from Mailtrack, he or she may request it by sending an email to privacy@mailtrack.io.

3. Processing of personal data of Recipients on behalf of the Users by Mailtrack (as Data Processor)

3.1. This section details the processing of personal data by Mailtrack on behalf and following the Users’ instructions as processor, that is, when the purposes and means for the processing of personal data are decided by the User and Mailtrack only accesses the data at the User’s request and to provide the Service. Mailtrack does not act as responsible for the processing of the Recipient’s data.

3.2. The provision of the Service in favour of the User may imply the access and processing by Mailtrack of personal data of the Recipient, for the purposes established by the User. Mailtrack will have access to the following data:

Information needed to identify emails sent through the Service::
- address;
- purpose of e-mail;
- content of the message, only when necessary to provide the Service and as described below;
- date and time at which the e-mail was sent; and,
- document name attached (Document Tracking Service).

Information provided by the Service:
- confirmation of receipt;
- confirmation of opening;
- content of the message, only when necessary to provide the Service and as described below;
- time mark of each e-mail opening;
- history of the hours (number, date and time) to which the recipient has opened the received e-mail;
- browser and operating system used by the recipient who opened the email;
- number of links included in the e-mail;
- text and URL of such links;
- number of clicks made on each of them by the recipient;
- timemark of each click on the email;
- download and open the attachment (Document Tracking Service); and,
- browser and operating system used by the person who has clicked on the email.

The personal data stated is the only information Mailtrack will have access to provide the Service. The authorisations for Gmail and the connection to your Google account detailed in the Terms and Conditions of Service are technically necessary for the provision of the Service by Mailtrack and to provide the Service (e-mail tracking service (Campaigns) or attachment opening service (Document Tracking), but do not imply Mailtrack’s access to any data or information from the Recipient.For your best understanding, this is the breakdown of Mailtrack’s use of the above permissions:

Basic permits: access to your email metadata, such as tags and headings.The Service needs this permission to identify your emails and correctly assign the opening status of the mail (double check mark).
Insert the email into your inbox: this permission is necessary to add email alerts to your Gmail inbox when your emails are opened.
Review and manage your basic email settings: the Service needs to know its configuration (e.g. aliases, design style) to work properly.
Manage the labels of mailboxes: double-check marks on mobile devices are added as labels. The Service needs this permission to add tags (check marks) to your emails and update them when they open.
Read, send, delete and manage your email: The Campaign service makes a copy of your email for each recipient and uses “send permission from the Gmail API” to individually send and track a copy of this email. The Service needs to remove the tracking pixel from your emails sent, so when you open your own emails you don't produce a self-opened email. No one in email will read your emails, email will never send emails on your behalf and will never share the content of your emails.
Review and update your data on various websites (all usergooglecontent.com sites, all mailtrack.io sites, Inbox.google.com, mail.google.com, mailtrack.io): the Service modifies the Gmail and Google Inbox websites in order to display double check marks as well as Mailtrack’s website.

As detailed in the above permissions, some of them are never used by Mailtrack, but Google’s permission system does not have enough granularity to select only those that email really needs.

Mailtrack guarantees that:

only automated software uses the above permissions;
no one on Mailtrack reads their emails;
Mailtrack will never send emails on your behalf;
Mailtrack will never share the content of your emails with third parties;
Mailtrack will never share your browsing data with third parties;
Mailtrack does not store the content of the message.

The processing of the aforementioned personal data is carried out only for the provision of the Service within the terms and duration indicated in the Terms of Service and always, under the User’s instructions.

3.3. As a result Mailtrack:

(i) will not process the personal data of the Recipient for purposes other than the provision of the Service requested by the User and will not transfer such data, even for storage, to unauthorised third parties;

(ii) will process your personal data as Recipient following documented instructions from the User. When Mailtrack is aware that the instructions given by the User violate the data protection regulations, Mailtrack shall immediately inform the User;

(iii) notify the User without delay if he or she is aware of any data breach and shall provide all details of the relevant infringement;

(iv) ensure that persons authorised within Mailtrack to process personal data of recipients have undertaken to respect confidentiality or are subject to a legal obligation of appropriate confidentiality;

(v) taking into account the nature of the processing, it shall assist the User through appropriate technical and organisational measures, as far as possible, in fulfilling the Users’ obligation to respond to requests for the exercise of the rights of the data subject set out in Chapter III of the GDPR;

(vi) take all necessary measures in accordance with Article 32 GDPR (processing safety);

(vii) assist the User in fulfilling his obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to Mailtrack, including, among other things:

at the User’s choice, Mailtrack will delete or return all personal data of the Recipient to the User after the end of the Service, unless the applicable regulations require the storage of the data; and,
may at the User’s disposal all the information necessary to demonstrate compliance with the obligations set out in Article 28 of the GDPR, and will allow and contribute to the audits, including inspections, carried out by the User or by another auditor authorised by the User.

3.4. Mailtrack will not subcontract third parties for processing operations that may involve access to the Recipient’s personal data without the User’s authorisation.

In this respect, the following sub-in charge of the processing shall be considered authorised by the User:

Amazon Web Services, Inc. as a provider of hosting the Service, through servers located in Ireland.
Google Services: Google Apps, Google APIs, Google Analytics, Webmaster Tools and Google Forms.
HelpScout, for the provision of customer service.
Logentries for storage of server logs.

3.5. Mailtrack will guarantee the confidentiality of the personal data of the Recipients, even after the termination of the Service.

3.6. The User is responsible for the processing of the personal data of the Recipients in the context of the GDPR. The User will be the only one who will define the purposes and means of processing them, so MailTrack, without in any case it can be understood that Mailtrack processes the personal data of Recipients for their own purposes, when they only use them for the provision of the Service and acting on behalf of the User. Consequently, the User must comply with the applicable obligations under the data protection regulations, including the obligation to obtain the consent of the data subjects to give third parties access to third parties of their personal data to third parties.The User, and not Mailtrack, shall be solely responsible for fulfilling these obligations.

3.7. If you are a Recipient and wish to exercise any right that assists you in accordance with the GDPR to have Mailtrack stop processing your personal data in your capacity as processor, you must contact the relevant User who is using the Mailtrack Service and consult your privacy policy. In the event that you contact us to exercise any right that assists you in matters of data protection, we will not be able to assist you in the exercise of the corresponding right, but we undertake to inform the appropriate User.

4. Use of Google and Facebook’s APIs

The use of Mailtrack of the information received through the Google API implies the User’s adherence to the Google API Services User Data Policy.

Also, Mailtrack uses Facebook API. The user can consult the Facebook Data Protection Policy and basic aspects about the use of the API in the following link.

5. Security

Mailtrack will process all personal data in strict confidentiality and implement appropriate technical and organisational measures as required by applicable regulations.

We use industry standard encryption to protect your data in transit.This is commonly known as transport layer security technology (“TLS”) or secure connection layer technology (“SSL”).

6. Exclusion from Mailtrack Service

6.1. The Recipient of an email sent by the Service User may be excluded from the tracking performed by the User if the recipient selects the “Opt-out” check box available in the “User Privacy” section.

6.2. Due to technical limitations, the only way to exclude the recipient from the Service involves the installation of a cookie from the mailtrack.io website. Therefore, in the event that the recipient proceeds to remove cookies from your browser, the recipient will once again be included in the Service.

6.3. The above cookie will only work on the browser used by the recipient to select the exclusion.Therefore, in case of using a different browser, the recipient will have to carry out the opt-out process in that browser.

7. Frequently asked questions about privacy

7.1. How can I remove Mailtrack access to my Google account and emails?

You can stop Mailtrack’s access to your Google account here. In that case, you will no longer enjoy the Service.

7.2. Does Mailtrack sell or rent my personal data or the contents of my emails?

No, Mailtrack does not sell or transfer your personal data.

7.3. Does the User need a data privacy agreement?

This Privacy Policy constitutes a binding agreement with respect to the processing of data (data processing aagreement).

7.4. Where is my information stored?

Information sent to Mailtrack will be transferred, used and stored at Amazon.com’s services facilities in Ireland.

7.5. How can I delete my personal data from the Service?

If you are a User, you may delete your personal data from the Service at any time by logging in to your account, by accessing the Account page and then by deleting your account. At this time the data from your account will be deleted in addition to the documents that have uploaded to Mailtrack with the Document Tracking system and as a result, Recipients will no longer be able to access them.

Please note, however, that we may not sometimes delete your legal personal data when a legal obligation requires Mailtrack to keep it for a certain period of time.

7.6. Is my credit card information stored securely?

Mailtrack does not have access to your credit card information at any time during the transaction, so we do not store your credit card information.We treat all payments through Stripe or Paypal, certified third-party payment processing services Level 1.

7.7. Does Mailtrack store the content of my email message?

No, MailTrack does not store the content of the message. Although for the provision of the Service consisting of "Document Tracking" documents uploaded by Users to the Mailtrack Platform will be stored on Mailtrack servers until the User unsubscribes from the Services.

7.8. Why does Mailtrack need permissions to access your Gmail/Google account and how are those permissions used?

Here is the detail of Mailtrack’s use of permissions:

Basic permits: access to your email metadata, such as tags and headings.The Service needs this permission to identify your emails and correctly assign the opening status of the mail (double check mark).
Insert the email into your inbox: this permission is necessary to add email alerts to your Gmail inbox when your emails are opened.
Review and manage your basic email settings:the Service needs to know its configuration (e.g. aliases, design style) to work properly.
Manage the labels of mailboxes: double-checkmarks on mobile devices are added as labels. The Service needs this permission to add tags (check marks) to your emails and update them when they open.
Read, send, delete and manage your email: The campaign servicemakes a copy of your email for each recipient and uses “send permission from the Gmail API” to individually send and track a copy of this email. The Service needs to remove the tracking pixel from your emails sent, so when you open your own emails you don't produce a self-opened email. No one in email will read your emails, email will never send emails on your behalf and will never share the content of your emails.
Review and update your data on various websites (all usergooglecontent.com sites, all mailtrack.io sites, Inbox.google.com, mail.google.com, mailtrack.io): the Service modifies the Gmail and Google Inbox websites in order to display double check marks as well as Mailtrack’s website.