Privacy Policy

PRIVACY POLICY

Last modified: May, 2018.

Your privacy is important for MAILTRACK and an essence to our service. This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle that information

At MAIL TRACK, we care about the confidentiality and privacy of your data and are fully committed to protecting it. This is something that will never change. MAIL TRACK is not in the business of selling or renting your information. MAIL TRACK shall not sell your personal data to third parties and shall only share it when necessary for the rendering of the MAIL TRACK service as stated below.

Table of contents

  1. Introduction
  2. Processing of personal data of Users by The Mailtrack Company (as Controller)
  3. Processing of personal data on behalf of Users by THE MAIL TRACK COMPANY (as Data Processor)
  4. Security
  5. Exclusion of the Mailtrack service
  6. Frequently asked questions about privacy

1. Introduction

This Privacy Policy establishes the conditions for the processing of personal data of users (the “User” or “you”) of the MAIL TRACK service (the “Service”) by THE MAIL TRACK COMPANY, S.L. (“THE MAIL TRACK COMPANY” or “we”) as well as the conditions for the processing of personal data by THE MAIL TRACK COMPANY on behalf of Users within the Service.

THE MAIL TRACK COMPANY shall process personal data in accordance with European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and applicable data protection laws.

2. Processing of personal data of Users by THE MAIL TRACK COMPANY (as Controller)

2.1. This Section explains the processing of personal data of Users by THE MAIL TRACK COMPANY as a controller, that is, when THE MAIL TRACK COMPANY decides about the purposes and means for the processing of the data. This only happens regarding the data of the User used by THE MAIL TRACK COMPANY to render the Service (having an account, invoicing…). This does not include the communications sent by the User through the Service and related-data, which shall only be processed in accordance with Section 3 below.

THE MAIL TRACK COMPANY shall process as controller your personal data to provide you with the Service and to manage and improve the Service, including sending of communications regarding the Service or with information about the Service or THE MAIL TRACK COMPANY.

2.2. Personal data of Users processed by THE MAIL TRACK COMPANY for the above purposes may include contact information, such as name or email address, language preferences, current location for the proper price/currency displaying, payment data, and other personal data provided by the User in the context of the provision of the Service.

2.3. The legal basis for the processing of personal data of Users is the contractual relationship between the Users and THE MAIL TRACK COMPANY for the Service and also the legitimate interest of THE MAIL TRACK COMPANY of informing registered Users about the Service and the company, unless they opt out to receive this information .

2.4. Personal data of the Users will be processed by THE MAIL TRACK COMPANY throughout the term of the contractual relationship for the Service and subsequently for the period during which applicable regulations require such personal data be he held thereafter.

2.5. THE MAIL TRACK COMPANY may share the personal data with third parties, some of which may be located outside of the European Economic Area, only for the provision of the Service and at all times subject to the guarantees and requirements provided by applicable data protection laws.

2.6. The User may at all times exercise his rights to access, rectification, erasure and restriction of processing and data portability as provided in the GPDR and applicable regulations by contacting THE MAIL TRACK COMPANY at Calle Córcega, nº 301, Ático 2, 08008, Barcelona (Spain); or, by sending an email to privacy@mailtrack.io. The User may also lodge a complaint before the Spanish Data Protection Authority at www.agpd.es.

If at any time the User wishes to stop receiving communications regarding THE MAILTRACK COMPANY or with commercial information about the Service, the User may request so by sending an email to privacy@mailtrack.io

3. Processing of personal data on behalf of Users by THE MAIL TRACK COMPANY (as Data Processor)

3.1. This Section explains the processing of personal data by THE MAIL TRACK COMPANY on behalf of Users, as a data processor, that is, when the purposes and means for the processing of the data are decided by the User and THE MAIL TRACK COMPANY only access the data for the rendering of the Service and on behalf of the User.

The Service may imply the access and processing by THE MAIL TRACK COMPANY of personal data controlled by the User and generated within the Service in relation to each electronic mail sent by the User through the Service (“Accessed Data”). In such cases, THE MAIL TRACK COMPANY shall be deemed as the data processor and shall process such personal data only on behalf of the User and not for its own purposes.

The Accessed Data shall comprise:

  • Information required to identify the electronic mails sent through the Service:
    • information of the recipients;
    • subject of the email; and
    • date and time in which the email was sent; and
  • Information provided by the Service:
    • receipt confirmation;
    • open confirmation;
    • timestamp of each email opening;
    • history of the times (number, date and time) the recipient has opened the received email;
    • browser and operating system used by the recipient who opened the email;
    • number of links included in the email;
    • text and URL of such links;
    • number of clicks made on each of them by the recipient;
    • timestamp of each click on the link; and
    • browser and operating system used by the person who has clicked on the link.

Accessed Data is the only information to which THE MAIL TRACK COMPANY shall access to provide the Service. Authorizations for Gmail and the connection to your Google account as detailed in the Service Terms and Conditions are needed technically for the rendering of the Service by THE MAIL TRACK COMPANY and to provide the email tracking service, but do not imply the access by THE MAIL TRACK COMPANY to any data or information of the User other than the Accessed Data. For your better understanding, this is the detail of the use of the above permissions by THE MAIL TRACK COMPANY:

  • Basic permissions: view your email metadata such as labels and headers, but not the email body. The Service needs this permission to identify your emails and correctly assign the open status (double check marks).
  • Insert email into your inbox: this permission is necessary to add email alerts in your Gmail inbox when your emails are opened.
  • View and manage your basic email settings: The Service needs to know your settings (e.gl alias, design style) to work properly.
  • Manage mailbox labels: the double-check marks in mobile devices are added as labels. The Service needs this permission to add labels (check-marks) to your emails and update them when your emails are opened.
  • Read, send, delete and manage your email: The Service needs to delete the tracking pixel from your sent emails, so when you open your own emails you do not produce a self-open. The Service does not use the “ read” nor the “send” permissions, but unfortunately those permissions can not be removed separately. No one at THE MAIL TRACK COMPANY will read your emails, THE MAIL TRACK COMPANY will never send emails on your behalf and will never share the content of your emails.
  • Read and change your data in a number of websites (All usergooglecontent.com sites, All mailtrack.io sites, Inbox.google.com, mail.google.com, mailtrack.io). The Service modifies Gmail and Google Inbox websites in order to display the double check marks as well as the Mailtrack website.

As detailed in the above permissions, some of them are never used by THE MAIL TRACK COMPANY, but the permission system from Google does not have enough granularity to select only the ones that THE MAIL TRACK COMPANY really needs.

THE MAIL TRACK COMPANY guarantees that:

  • Only automated software uses the above permissions
  • No one at THE MAIL TRACK COMPANY reads your emails
  • THE MAIL TRACK COMPANY will never send emails on your behalf
  • THE MAIL TRACK COMPANY will never share the content of your emails with third parties
  • THE MAIL TRACK COMPANY will never share your browsing data with third parties
  • THE MAIL TRACK COMPANY doesn’t store the body of your emails.

The processing of the above personal data is only carried out for the provision of the Service within the terms and duration stated in the Service Terms and Conditions .

3.2. Accordingly, THE MAIL TRACK COMPANY shall:

(i) not process the Accessed Data for a purpose other than the provision of the Service requested by the User and shall not transfer such data, not even for their storage, to unauthorized parties;

(ii) process the Accessed Data only on documented instructions from the User; and if THE MAIL TRACK COMPANY is aware that or of the opinion that any instruction given by the User breaches the data protection regulations, THE MAIL TRACK COMPANY shall immediately inform the User;

(iii) notify the User promptly if it becomes aware of any data breach and shall provide full details of the relevant breach;

(iv) ensure that persons authorized to process the Accessed Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(v) taking into account the nature of the processing, assist the User by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Users’ obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;

(vi) take all measures required pursuant to Article 32 of the GDPR (Security of Processing);

(vii) assist the User in complying with its obligations pursuant to Articles 32 to 36 of GDPR taking into account the nature of processing and the information available to THE MAIL TRACK COMPANY, including but not limited to, assisting the User with:

(viii) at the choice of the User, delete or return all the Accessed Data to the User after the end of the provision of Service, unless the storing of the data is required by applicable law; and

(ix) make available to the User all information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User.

3.3 THE MAIL TRACK COMPANY shall not subcontract third parties for the processing operations which may imply access to the Accessed Data without the authorization of the User.

In this respect, the following sub-processors are deemed as authorized by the User:

  • Amazon Web Services, Inc. as provider of the hosting of the Service, through servers located in Ireland.
  • Google services: Google Apps, Google Analytics, Webmaster Tools and Google Forms
  • HelpScout, for the provision of the customer service
  • LogEntries for server logs storage

3.4. THE MAIL TRACK COMPANY shall guarantee the confidentiality of the Accessed Data, even after the termination of the Service.

3.5. The User is the data controller of the processing of the Accessed Data within the meaning in GDPR. The User is the only one deciding the purposes and means for the processing of Accessed Data, so THE MAIL TRACK COMPANY does not use Accessed Data for its own purposes and only uses them for the rendering of the Service and on behalf of the User. To such extent, the User shall have to comply with applicable obligations under data protection regulations, including relying on an appropriate legal basis for the processing of personal data of the recipients of the emails sent through the Service. The User, and not THE MAIL TRACK COMPANY, shall be solely responsible for the compliance with such obligations.

3.6. The User acknowledges and agrees that the use of the Service and the processing of the Accessed Data as a result of the same is its own free and exclusive decision and has verified that the conditions of the Service and the processing of the Accessed Data are in line with its interests.

4. Security

THE MAIL TRACK COMPANY shall process all personal data in the strictest confidentiality and implement the appropriate technical and organisational measures as required by applicable regulations.

We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology.

5. Exclusion of the Mailtrack service

5.1. The recipient of an email sent by the User of the Service may be excluded of the monitoring conducted by the User if the recipient selects the checkbox “Opt-out” available on the “ User Privacy" section.

5.2. Due to technical limitations, the only way to exclude the recipient of the Service from the Service implies the installing of a cookie from the website mailtrack.io. Therefore, in case the recipient proceeds to delete cookies from his browser, the recipient will be included once again in the Service.

5.3. The aforementioned cookie will only work on the browser used by the recipient to select the exclusion. Therefore, in the event of using a different browser, the recipient will have to carry out the exclusion process on such browser.

6. Frequently asked questions about privacy

6.1. How can I remove THE MAIL TRACK COMPANY access to my Google account and emails?

You can stop THE MAIL TRACK COMPANY access to your Google account here . In such a case, you will not enjoy the Service any more.

6.2. Does THE MAIL TRACK COMPANY sell or rent my personal data or the content of my emails?

No, THE MAIL TRACK COMPANY does not sell or rent your personal data.

6.3. Do you need a data privacy agreement?

This Privacy Policy constitutes a binding data processing agreement (DPA) in case you need it.

6.4. Where is my information stored?

Information submitted to THE MAIL TRACK COMPANY will be transferred to, processed, and stored in Amazon.com services facilities in Ireland.

6.5. How can I delete my personal data from the Service?

You can remove your Personal Data from the Service at any time by logging into your account, accessing the Account page, and then deleting your account.

6.6. How safe is my credit card information?

Your credit card information is safe. THE MAIL TRACK COMPANY does not have access to your credit card information at any point during the transaction, so we do not store your credit card information. We process every payment via Stripe or Paypal, certified Level 1 third party payment processing services.

6.7 Does THE MAIL TRACK COMPANY store the body of my emails?

No, the MAIL TRACK COMPANY doesn’t store the body of your emails.

6.8 Why does THE MAIL TRACK COMPANY need permissions to access your Gmail / Google Account and how those permissions are used?

This is the detail of the use of the permissions by THE MAIL TRACK COMPANY:

  • Basic permissions: view your email metadata such as labels and headers, but not the email body. The Service needs this permission to identify your emails and correctly assign the open status (double check marks).
  • Insert email into your inbox: this permission is necessary to add email alerts in your Gmail inbox when your emails are opened.
  • View and manage your basic email settings: The Service needs to know your settings (e.gl alias, design style) to work properly.
  • Manage mailbox labels: the double-check marks in mobile devices are added as labels. The Service needs this permission to add labels (check-marks) to your emails and update them when your emails are opened.
  • Read, send, delete and manage your email: The Service needs to delete the tracking pixel from your sent emails, so when you open your own emails you do not produce a self-open. The Service does not use the “ read” nor the “send” permissions, but unfortunately those permissions can not be removed separately. No one at THE MAIL TRACK COMPANY will read your emails, THE MAIL TRACK COMPANY will never send emails on your behalf and will never share the content of your emails.
  • Read and change your data in a number of websites (All usergooglecontent.com sites, All mailtrack.io sites, Inbox.google.com, mail.google.com, mailtrack.io). The Service modifies Gmail and Google Inbox websites in order to display the double check marks as well as the Mailtrack website.

As detailed in the above permissions, some of them are never used by THE MAIL TRACK COMPANY, but the permission system from Google does not have enough granularity to select only the ones that THE MAIL TRACK COMPANY really needs.

6.9 Privacy code of conduct

THE MAIL TRACK COMPANY guarantees that:

  • Only automated software uses the above permissions
  • No one at THE MAIL TRACK COMPANY reads your emails
  • THE MAIL TRACK COMPANY will never send emails on your behalf
  • THE MAIL TRACK COMPANY will never share the content of your emails with third parties
  • THE MAIL TRACK COMPANY will never share your browsing data with third parties