Data Protection Policy

Updated October 16, 2018

This Data Protection Policy is an extension of the SafetyMails Terms of Use and refers to data provided by SafetyMails customers in its platform of validation and verification of email addresses.

Why do we have this document?

This document has been written in order to establish how the data protection policies in SafetyMails are adopted, taking into account the following laws and regulations:

I.    GDPR - Regulation (EU) 2016/679 (General Data Protection Regulation), which regulates the protection of personal information for companies within the European Union (and who offers products or services to the EU); The

II.    Brazilian Civil Rights Framework for the Internet(Civil Code) - Law No. 12,965 of April 23, 2014, which describe how organizations should collect, manipulate, and store personal information;

III.    General Law on Data Protection in Brazil (LGPD) - Law 13709 of August 14, 2018, which provides for data protection and makes changes to the Brazilian Civil Rights Framework for the Internetin Brazil; and the

IV.    Can-spam - Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (Pub.L. 108-187), which regulates fundamental aspects of the fight against spam.

In accordance with the principle of transparency, we are dedicated to providing "clear and complete information on the use, storage, processing and protection of your personal data" (Civil Code, Chapter 1, Art. 7, item VIII).

With this Data Protection Policy, you are guaranteed :

I.    compliance with laws, regulations and good practices of personal data privacy;

II.    protection of the team, customers and partners;

III.    principle of process transparency;

IV.    guidelines for possible data breaches.

To make this document easier to understand, it is necessary to know its author:

" Data Controller (Controller)" or "User
": Person or company that has control over personal data that will be processed by SafetyMails services (GDPR Art. 4, item 7 / LGPD Art 5º, item VI). The Data Controller becomes a User when you create an account on the SafetyMails website.

" Data Processor (operator) ": SafetyMails is the personal data processor that works on behalf of the Data Controller to perform a set of automatic or non-automatic operations such as collecting information from records, structuring, storage, adaptation, alteration, consultation, transmission, among others (GDPR Art. 4, items 2 and 8 / LGPD Art 5, item VII). In this case, SafetyMails, only treats in the scope of its service purpose and nothing more.

" Personal Data ": according to the GDPR, treating any information related to a person, who can directly or indirectly identify it, such as name, location, online identifier, among others (GDPR Art. 4, item 1 / LGPD Art. 5, item I)

" Sensitive Personal Data ": The General Data Protection Law indicates this information as "data on racial or ethnic origin, religious belief, political opinion, union membership or religious, philosophical or political, health or sexual life, genetic or biometric data, when linked to a natural person "(LGPD Art. 5º, item II).

" Anonymised data ": data relating to someone who does not directly identify you and who is therefore not subject to the law.

Responsibilities

In terms of the scope of our services and its compliance with data protection and privacy regulations, SafetyMails Information Technology Director is responsible for the full implementation of this policy and acts as Data Protection Officer (DPO) for SafetyMails, taking into account articles 37, 38 and 39 of the GDPR.

Messages can be sent to the DPO by e-mail dataprotectionofficer@safetymails.com.

All members, directors and employees of SafetyMails are required to sign a Total (and absolute) Non-Disclosure Assignment, encompassing all data and information of the company, its partners, employees, prospects, customers and databases.

Access to Data Center databases and servers is prohibited from SafetyMails employees only by the DPO / CIO.

Service and sales teams are trained to understand the importance of data protection. They are also advised to always consult the DPO in case of any doubts to the confidentiality of information

Data Processing and Storage

All connections to the SafetyMails control panel, as well as your website and other subdomains, are protected byencrypted SSL certificates from Comodo , Certifying Authority in accordance with AICPA / CIA WebTrust.

All information stored in SafetyMails is protected in the database of servers stored in the Data Center of the OVH, which benefits from the ISO / IEC 27001: 2013 certification, the international attestations SOC 1 type II (SSAE 16 and ISAE 3401) and SOC 2 type II, as well as PCI DSS Level 1 certification.

These measures are intended to protect Users and Personal data, in compliance with the provisions of the General Data Protection Act (LGPD), Chapter VII (Security and good practices), Section I (Security of Data Secrecy), Article 46.

Data Center services are performed in the following countries: Canada, France and Germany. SafetyMails Users acknowledge this information and consent to data processing by accepting the Terms of Use.

SafetyMails stores User information for 3 months, deleting these files automatically after this period. If you wish, the User may delete his own information before this period, at any time (“Right to erasure (‘right to be forgotten’)”, GDPR Art. 17).

No information is stored on personal and transportable physical media, such as CDs, DVDs, Pendrives, Notebooks or similar.

Email Addresses Validation and Verification

To perform your email address validation and verification services, SafetyMails requires your Users to share email address information on your system. Without them, it becomes impossible realize the process of the information in order to deliver results you wanted.

The User, using SafetyMails services, declares that he/she has consents to the storage of personal data and asserts that the handling of this information is intended to comply with the contract, preliminary contract procedures or when necessary to meet his/her legitimate interests and/or protection of credit (LGPD, Chapter II, Section I, Art. 7, Items I, V IX and X), prevailing fundamental rights and freedoms of the holder of the personal data.

SafetyMails only needs email addresses to perform the scope of its validation and email verification service. While the User may upload their information containing other fields of personal and/or sensitive information, they are not required to perform the processing. SafetyMails does not provide any information that is not related to the status and validity of the email addresses, and does not offer any service that adds personal data that personally identifies these addresses, such as names, addresses, social networks, among others.

Anonymised information, that is, those not subject to the law, as they do not identify or are not identifiable by a natural person (in other words, that do not violate the natural person's privacy and do not violate GDPR and LGPD regulations), may be offered by SafetyMails.

Any use of SafetyMails through API integration (from other platforms) requires the explicit permission of the User to perform the process of validating and verifying emails.

The installation of the SafetyMails API for real-time email validation and verification (Safety Optin) is the exclusive responsibility of the User. The API is a consultative feature, informing only the status of an email directly consulted to the User, not storing data other than the email address typed in the customer form in the SafetyMails database (such as name, company, others).

E-mail Validation and Verification occurs in a process of analyzing layers of email address validation, taking into account market RFCs, such as RFC 822 and RFC 5321 (from "ARPA Internet text messages, 1982" ), but not only these, as well as MX record checks, aborted SMTP connections, and recent past consultations generated by SafetyMails itself (without providing any information that performs personally identifiable correlations).

The reuse of recent validation results is aimed at combating Spam practice and optimizing results delivery processes for SafetyMails Users. However, it is important to note that the results generated by SafetyMails in a register are individually related to each email address, not to a User and its email bases, not characterizing in any way, data sharing (Data Sharing).

The entire process of validating and verifying emails happens automatically on the servers of SafetyMails (located in Canada, France and Germany), and there is no human interaction in the process. Only in cases of express request by the User, SafetyMails may review the files provided to the SafetyMails system. This process is performed in a controlled environment and all files are deleted immediately after review.

SafetyMails guarantees that the processing of validation and verification of e-mails is done legally, in a fair and transparent way (GDPR Art. 5, item 1a)

In case of data leakage

SafetyMails shall promptly inform the User of any data leak within 72 hours of occurrence, if feasible. (GDPR Article 33, item 1 / (LGPD, Chapter VII, Section I, Art. 48)

Data Sharing

SafetyMails does not sell, rent or share e-mail addresses and other data that has been provided to SafetyMails for its services. (Read our Non-Disclosure Assignment)

A SafetyMails não realizará qualquer tipo de contato com os endereços de e-mails fornecidos à SafetyMails por seus Usuários a fim de promover seus produtos. Para maiores informações, leia nossa Política Antispam.

In certain circumstances, due to the force of law and the requirement of the authorities, and only in such cases, SafetyMails may breach confidentiality under the law. SafetyMails will take the precaution that in these cases you will be absolutely certain that the request was made by legal means.

To contact SafetyMails regarding Data Protection:

contact@safetymails.com

dataprotectionofficer@safetymails.com