Download Polymail!

Get Polymail for iOS or Mac to get started!

🎉 Congrats, Your friend sent you $10! Send a message with Polymail to claim your gift!
Privacy Policy

Effective: March 26, 2020

INTRODUCTION

POLYMAIL, INC. (“Polymail,” “We,” or “Us”) and its affiliates operate the Polymail website and system, an all-in-one email platform for sales outreach, tracking, and automation, in a system that provides real-time insights on messages, outreach automation, and instant meeting scheduling. The Polymail system is designed to help sales teams reach, engage, and track prospects more effectively with email.

This Privacy Policy (“Policy”) applies to your access and use of https://polymail.io/ (the “Site”) and the software and services available on the Site or offered by us or our subsidiaries (the “Company Services” or the “Services”).  

We also have particular policies that will apply to Personal Data transferred from the European Economic Area to the United States.

We will make references to you throughout this Policy as “You,” or the “User.” This Policy expressly discloses: (i) the types of personal or non-Personal Data collected as a result of your use of the Site and the Services; (ii) how such data is used and stored; and (iii) your choices and options regarding sharing and use of your data.  

We take your privacy seriously. If you have any questions about this Policy or about privacy at Company, please contact us at privacy@polymail.io.

Who Do We Collect Data From?

We collect data from three groups of people:

Visitors:  People who visit our website and who may request information about our Services

Users: Users are customers that pay to use our Services

Contacts: a Contact is a person a User may contact through our Services from a distribution list or database maintained and operated by a User (“Data Contact List”).

This policy covers how Polymail handles Personal Data.  “Personal Data” means any information relating to an identified or identifiable natural person. It can be names, e-mail addresses, age, location, whether user is outside the United States, education, or even an IP address.

Privacy Principles

We understand email communications can be both informative and intrusive, so we take privacy very seriously.  That’s why we adhere to the US-EU and US-Swiss Privacy Shield Framework Principles:

  1. Notice – We tell you what information we collect, how we use it, how our Users use it and when and how we share it.
  2. Choice –We will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a third party (other than our third party processors), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
  3. Accountability for Onward Transfers.  We take steps to gain assurances from our processors that they will safeguard Personal Data consistent with this policy and take steps against to stop disclosure in violation of this policy.
  4. Security. We will take reasonable precautions to protect Personal Data in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
  5. Data Integrity & Purpose Limitation. We will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.
  6. Access. Upon request, we will grant individuals reasonable access to Personal Data that we hold about them, and we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.
  7. Resource, Enforcement And Liability.  We will conduct compliance audits of our relevant privacy practices to verify adherence to this Policy. Any employee that we determine is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.  We also have procedures for dispute resolution and binding arbitration in certain cases where a data subject believes that we have not complied with the law with respect to the application of our privacy policy.

How Do We Collect Personal Data?

We collect information in two ways

  • Information you give us.  In connection with your use of certain features of the Service, we may ask for Personal Data, like your name, email address, telephone number or credit card. If you elect to use our Salesforce integration service, we will have access to all of your Salesforce data (including leads, contacts, accounts, tasks, activity, user, and schema data).
  • Information we get from your use of the Service. We collect information about the features on the Service that you use and how you use them and if you receive communications, we receive information on what you do with the communications.

What Data Do We Collect?

For Contacts.

Contact Personal Data: Users transmit names, and email addresses into our system from their Data Contact Lists.  

Contact Tracking Information: Through our Service we can monitor Contact behavior regarding our emails such as who opened them, forwarded them, what links they click on and attachments they download.  We also assist User in calendaring events with Contacts who have chosen to consent to such meetings.

------

The function of tracking an email is performed by embedding a tracking pixel in the sent email and detecting when a network request has been made to load that pixel.

Click throughs can be tracked by proxying sent links through Polymail’s servers, such that our Service is able to detect when a sent link has been clicked.

Polymail Users may also choose to track when files attachments included in their sent emails have been downloaded. This is performed by uploading file attachments to Polymail’s servers and embedding a link to download that file in the User’s email. This allows our service to detect when a request has been made to download a sent file

---------

For Users. 

User Personal Data. We collect Personal Data from users of our Services such as: names, e-mail addresses, age, location, whether user is outside the United States, and IP address. We collect payment information and discounts/coupon information to pay for the Services. We also collect the content you provide for your communications such as graphics, text and links that you write, upload, store and send.

Your Contact Data Lists:

User Tracking Information:  We also collect information that on its own is not Personal Data, but when combined with your Personal Data, could become Personal Data.

---------

  • Device Information. We collect device-specific information (such as your hardware model, operating system version, unique device identifiers and mobile network information including phone number).
  • Log information.  When you use our Application, we automatically collect and store certain information in server logs. This includes:
  • details of how you used our Application, such as your search queries.
  • Internet protocol address.
  • device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
  • cookies that may uniquely identify your browser or your account.
  • Location information.  In connection with your use of certain features on the Application, we may collect and process information about your actual location, IP address or other similar items.  We use various technologies to determine location, including IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices.
  • Information regarding contacts.  We or our third-party partners will obtain and store information about your contacts and other people that you e-mail or that e-mail you.  We will use this information to enhance the Service.  
  • Calendars.  For calendar features, we will receive and store a list of your calendars and calendar events for each of those calendars.
  • Sent Mail.  One of our features is e-mail tracking, which allows you to see the status of sent e-mails without any notification to (or need for click-through by) the recipient.  We need to collect and track information about your sent e-mail and your recipient's actions with respect to such e-mail in order for you to use this feature. Also, if you choose to make use of our recipient tracking, link-tracking, or attachment-tracking service, we will store the subject for the messages and we will host the attachment on our servers.
  • Shared Message Templates.  One of our features allows users on a Polymail Pro team to share their Message Templates with the other members of their team. Once shared, any member of such user's team may use or edit those Message Templates. Further, if a user leaves a Polymail Pro team (or ceases to use our Service for any reason), any Message Templates that have been shared will remain with that Polymail Pro team.
  • Local storage; cache.  We may collect and store information (including Personal Data) locally on your device. We also cache message content for up to 14 days since last access. Attachments are proxied through our servers for download and display, but not cached. Remote image content is proxied through our servers for enhanced privacy and security, and may be cached according to the origin's cache policy headers.
  • Indexing.  We may index your messages to provide better service to you. This index includes the date a message was received, folder, to, cc, bcc, from, subject, reply to, message ID headers, whether the message has attachments, attachment headers (including filename, size, content ID, content disposition, encoding and file type) and a blurb or snippet of the actual message.

----------

Beacons (also known as Web bugs, pixel tags, or clear GIF’s. When a User visits the Site’s homepage, we utilize an electronic file, called a web beacon, to count users that have visited the Site. Beacons are tiny graphics with a unique identifier that may be included on our Site Services for several purposes, including to deliver or communicate with Cookies, to track and measure the performance of the Services, to monitor how many visitors view our Site. Unlike Cookies, which are stored on the user's device, Web Beacons are typically embedded invisibly on web pages (or in an e-mail). Our use of web beacons is internal.

Cookies

We and our partners use various technologies to collect and store information when you use our Application, and this may include sending one or more cookies or anonymous identifiers to your device. When you visit our Site we use cookies, or similar technologies like single-pixel gifs and web beacons, to record log data.  We use both session-based and persistent cookies.  Session-based cookies last only while your browser is open and are automatically deleted when you close your browser.  Persistent cookies last until you or your browser delete them or until they expire.  They are unique and allow us to do site analytics and customization, among other similar things.  If you access our Site through your browser, you can manage your cookie settings.

We use information collected from cookies and other technologies to improve your user experience and the overall quality of our Service and for any other lawful purpose that we choose.

For more information, please check out our Cookie Policy

How Do We Use Your Data?

In general, we may use the information we collect from our Application and the Site to provide services to you, and to:

  • Provide, maintain, protect, and improve the Service;
  • Provide to you and communicate with you about your use of the Application or requests;
  • Protect our interests, or the interests of this parties; and
  • Perform any function we describe when you provide the information.

We use information collected from cookies and other technologies to improve your user experience and the overall quality of our Service and for any other lawful purpose that we choose.

We will ask for your consent before using information for a purpose other than those set out in this Policy. We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:

Law Enforcement and Internal Operations

Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Polymail or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or (iv) to protect the rights, property or safety of Polymail, its users or members of the general public.  We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law.  However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third-party request to compel disclosure of your information.

Business Transfer

Polymail may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.  Under such circumstances, Polymail will use commercially reasonable efforts to notify its users if their Personal Data is to be disclosed or transferred and/or becomes subject to a different privacy policy.

Third-Parties

We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc.  We necessarily have to share your Personal Data with such third-parties as may be required to perform their functions.  We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have EU-U.S. and Swiss-US Privacy Shield certification.

Third Party Service Providers

The following third-party processors collect personal data on our behalf and transmit it to us.

We use Intercom in connection with our to store and track usage statistics, support conversations and contact information such as name and email in connection with those support live chat conversations. Intercom is used for customer support purposes.  In particular, we provide a limited amount of your information (such as sign-up date and some Personal Data like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s).  As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience.  Processing takes place in the United States.  Intercom is self-certified under the US-EU Privacy Shield and we have entered into a Data Processing Addendum with them. For more information on the privacy practices of Intercom, please visit their privacy policy.  Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms .

Stripe.  We utilize Stripe as a payment gateway for payments. Data Processing takes place in the United States and Stripe is self-certified under the EU-U.S. and Swiss-US Privacy Shield. Users should review Stripe’s Security Policy before initiating transactions on the Site.

In addition, the following Third Parties collect Personal Data from sources other than the data subject in order to obtain the names, titles and employers for sales leads for direct marketing opportunities for us and/or asking for consent.

Clearbit: Claim your Information or mail to Data Protection Officer

90 Sheridan St.,

San Francisco, California, 94103

LinkedIn: Data Protection Officer

ZoomInfo: Email DPO at remove@zoominfo.com

How is My Data Protected?

We take the security of your Personal Data very seriously and have implemented policies and procedures, including technical measures, that are designed to help safeguard it. While we strive to use best practices to protect your Personal Data, the Internet and computer technology are not 100% secure and we cannot absolutely ensure the security of any Personal Data that you provide to us.

In line with this philosophy, we try to get as little information from you as possible. While we know your e-mail addresses and accounts, we do not know or collect the passwords for those accounts and you should continue to keep those passwords separate from your Polymail password. We use OAuth (wherever possible) which gives us access to your data without letting us know your password.

--------

Other than in rare instances and as described in the Privacy Policy, we do not store your e-mail or your Contact email addresses on our servers (they remain on the e-mail accounts that you link to your Polymail account). We have copies of your drafts on our servers, but they are immediately deleted once you successfully send the e-mail or delete the draft.  If you would like more information about how we access and interact with your e-mail accounts, please contact us at the e-mail listed below.

We have implemented reasonable administrative, technical and physical security measures to protect your Personal Data against unauthorized access, destruction or alteration. For example:

  • Data encryption through SSL.
  • Authentication for all data access.
  • Password manager for third-party vendor accounts.
  • Notification of designated officials at third parties (for example, a third party Security Administrator) when subject agreements are modified or terminated.
  • Non-disclosure and confidentiality obligations, restricting or controlling access to and use of sensitive data are contractually established with third party vendors.
  • Password protection on your account.
  • Data is kept on secure, encrypted servers, located in the US.
  • We do not use public communication channels.
  • Restricting staff access to Personal Data to authorized personnel, generally members of our sales team, support, and engineering with two factor authentications.
  • Access authorizations revoked in a timely manner with employees that change job functions or leave Polymail.
  • Tokenized payment processes so that we do not store your credit card information.
  • Regular staff privacy and security training

We use authentication for all data access, including a password manager that generates and stores unique passwords for every third-party vendor. We do not use any public communication channels.

Access to Data is limited to authorized personnel only. Sensitive Data information is restricted. Access to sensitive data is accountable to specific individuals, so that we may maintain better control over access and accountability for misuse. Additionally, as regards billing and payment Data, no credit card or payment information is handled in the sales process. Only individuals who are required to handle Stripe data have Stripe access. Access to sensitive data is promptly revokes from any employee who changes job functions or leaves Polymail. Where third parties are given access to data (see “Tracking Data” section), responsible officials (such as, for example, the third party’s Security Administrator) are notified when the agreement is modified or terminated.

However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.

For more information, see our security whitepaper here.

Payments Encryption: Polymail utilizes only PCI-DSS compliant third-party payment processors to ensure the security of your Personal Data via Stripe.

-------------

Your Choices and Data Subject Rights

Exercising Contact Data Subject Rights.

Users have a great deal of control over what information they collect from the Service. They can choose content, who to send emails to and what information monitor from Contact behavior regarding our emails including who opened them, forwarded them, what links they click on and attachments they download.  As such, the User is the Controller of the information.  If you are a Contact and you wish to remove yourself from the lists of the User, you can follow the unsubscribe links at the bottom of each email.  For all other data subject rights for California, United Kingdom European Economic Area and Swiss residents, please contact the User directly at the contact information that is required to be in every communication a User sends.  We also provide the following options for California, United Kingdom European Economic Area and Swiss resident Users:

Right to Review and Rectify Your Personal Data

Users can access basic account information from the Polymail app, from within Settings. You can update most of your Personal Data by logging on to your account, including User name, email address(es), company (or team) name, and billing information. Users are required to login using an email and password combination to access their Polymail account and any associated information. When changes are made in the use of personally identifiable information, such as changes to Polymail’s Privacy Policy or Terms of Service, Users are notified by email.

If additional assistance is required to change or delete inaccuracies within your Personal Data or would like to know what information about you was collected, please contact us at privacy@polymail.io. We reserve the right to charge for copies of data requested.

Right to Remove or Withdraw Consent

You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data.  If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings.  You can delete your Personal Data by logging into your account and deleting your account.  However, since your Personal Data is required for us to provide the Services to you, deleting it will also terminate your access to the services.  Deleting your Personal Data does not mean that all of it will be removed.  We take steps to delete Personal Data that is no longer necessary in relation to provide the Services by deleting it within 90 days of you terminating your account or if the account remains unused for more than one (1) year.  We may be required by law, to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Services.  We may de-identify and anonymize some data for purposes of retaining it.

Data Portability

If you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.

Right to Redress

If you are located in the European Economic Area (EEA) or United Kingdom and you believe we have violated any data protection laws please contact us immediately at privacy@polymail.io.  We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy within forty-five (45) days of receiving a complaint. For complaints that cannot be resolved between us and the complainant, we have agreed to participate in the dispute resolution procedures pursuant to the Privacy Shield Principles, which includes dispute resolution through means such as FTC enforcement, alternative dispute resolution process and binding arbitration.

We have further committed to refer unresolved privacy complaints under the EU- Privacy Shield Principles JAMS, Inc., a non-profit alternative dispute resolution provider located in the United States. Click on the link to file an EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield Claim with JAMS.

Please be advised that individuals may have the option to seek binding arbitration to resolve disputes regarding our privacy and data protection practices. An individual who decides to invoke this arbitration option must take the following steps prior to initiating an arbitration claim: (1) raise the claimed violation directly with the organization and afford the organization an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Principles (2) make use of the independent recourse mechanism under the Principles, which is at no cost to the individual; and (3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce, at no cost to the individual.  

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).  Should an individual be unable to resolve a complaint with us, they may contact the FTC at the following address:

Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
www.ftc.gov

European Economic Area subjects may also have the right to file complaints with the Data Protection Authorities located in the jurisdiction they are located in.

Processing Contact data for Customers

Our Services may involve the processing of Personal Data on behalf of our customers.  When we do so, we are acting as processors for the controllers of such data.  As such, we take steps to ensure that Personal Data that is subject to GDPR is processed in accordance with controller instructions and GDPR; such as entering into a Data Processing Addendum incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such End User Personal Data.  If you wish to exercise your data subject rights to review, rectify, delete or port your End User Personal Data, please contact the controller to make such request.  If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.

Transnational Transfer of Data

If you are providing your Personal Data to us directly to use our Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.

US-EU and US-Swiss Privacy Shield Certification

The United States Department of Commerce has worked with the European Commission to develop the EU-U.S. and Swiss-U.S. Privacy Shield Framework (“Privacy Shield”) to allow U.S. companies to meet the European Union (“EU”) law requirements that Personal Data transferred from the EU to the United States be adequately protected. Polymail complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Consistent with its pledge to protect personal privacy Polymail has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy (“Policy”) and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov.

-----------------

Scope

This Policy applies to all Personal Data received by us in the United States from the EU and/or other applicable countries, recorded in any form (including electronic, paper or verbal).

Definitions

The following definitions shall apply throughout this Policy:

·     "Agent" means any third party that uses Personal Data provided to us to perform tasks on behalf of and under the instructions of us.

·     "Personal Data” means Information or a set of information that identifies or could reasonably be ascribed to or be used by or on behalf of us to identify an individual or household. Personal Data does not include information that is encoded, anonymous, aggregated or publicly available information that has not been combined with non-public Personal Data.

·     "Sensitive Personal Data" means Personal Data that reveals racial, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership or information that specifies the health or sex life of the individual. In addition, we will treat any information as Sensitive Personal Data which received from a third party where that third party treats and identifies the information as sensitive.

Privacy Principles

The privacy principles in this Policy are based on the Privacy Shield Principles and the EU General Data Protection Directive 95/46/EC, on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

1.     Notice

When we collect Personal Data directly from individuals in the EU and/or other applicable countries, we will inform them about the purposes for which we collect and use their Personal Data, the types of third parties (other than Agents), if any, to which we disclose that information, and the choices and means, if any, that we offer individuals for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to us, or as soon as practicable thereafter, and in any event before we use the information for a purpose other than that for which it was originally collected. If we receive Personal Data from our affiliates or other entities in the EU and other countries with which we do business, we will use such information in accordance with the notices such entities provided and the choices made by the individuals to whom such Personal Data relates.

2.     Choice

We will offer individuals the opportunity to choose (opt-out) whether their Personal Data is (a) to be disclosed to a third party (other than an Agent), or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

For Sensitive Personal Data, we will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to (a) the disclosure of the information to a third party, or (b) the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. We will provide individuals with reasonable methods to exercise their choices. We may disclose Personal Data to third parties in the following instances:

Website Consultants and Service Providers. We may disclose Personal Data to third party consultants and service providers (such as providers of hosting services, support, maintenance and remedial and repair services) to the extent that they require access to our databases, or the information contained in our databases, to service us and our customers under the conditions set out in the Privacy Shield Principles.

Enforcement of Rights / Security. We reserve the right to release Personal Data (i) when we are under legal compulsion to do so (e.g. we have received a subpoena) or we otherwise believe that the law requires us to do so, (ii) when we believe it is necessary to protect and/or enforce the rights, property interests, or safety of us, our customers or others, or (iii) as we deem necessary to resolve disputes, troubleshoot problems, prevent fraud and/or enforce the Privacy Shield Principles.

Reorganization or Sale. In the event that our company is merged with or becomes part of another organization, or in the event that our company is sold or it sells all or substantially all of its assets or is otherwise reorganized, the information you provide may be one of the transferred assets to the acquiring or reorganized entity.

As Otherwise Allowed by Law. We may transfer Personal Data to third parties where we are expressly authorized by applicable law and the Privacy Shield Principles to do so.  We also may be required to disclose an individual's Personal Data in response to a lawful request by public authorities, including meeting national security or law enforcement requirements.

3.     Accountability For Onward Transfers

We will obtain assurances from our Agents that they will safeguard Personal Data consistently with this policy. If we have knowledge that an Agent is using or disclosing Personal Data in a manner contrary to this policy, we will take reasonable steps to prevent or stop the use or disclosure.

4.     Security

We will take reasonable precautions to protect Personal Data in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.

5.     Data Integrity & Purpose Limitation

We will use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current.

6.     Access

Upon request, we will grant individuals reasonable access to Personal Data that we hold about them, and we will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete.

7.     Resource, Enforcement And Liability

We will conduct compliance audits of our relevant privacy practices to verify adherence to this Policy. Any employee that we determine is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.

------------------------

EU-US and EU-Swiss Privacy Shield Dispute Resolution and Enforcement

Any questions or concerns regarding the use or disclosure of Personal Data should be directed to us at the address given below. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy within forty-five (45) days of receiving a complaint. For complaints that cannot be resolved between us and the complainant, we have agreed to participate in the dispute resolution procedures pursuant to the Privacy Shield Principles.

We are subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).  Should an individual be unable to resolve a complaint with us, they may contact the FTC at the following address:

Federal Trade Commission
Attn: Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
www.ftc.gov

We have further committed to refer unresolved privacy complaints under the EU- Privacy Shield Principles JAMS, Inc., a non-profit alternative dispute resolution provider located in the United States. Click on the link to file an EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield Claim with JAMS.

Contact Information

Questions or comments regarding this Policy should be submitted to us by mail or e-mail as follows:

Polymail, Inc.
4223 Glencoe Ave, Suite C105
Marina Del Rey, CA  90292
privacy@polymail.io

Changes to Personal Data Protection Policy

This Policy may be amended from time to time, consistent with the requirements of the EU General Data Protection Directive and/or Privacy Shield Principles. We will provide appropriate public notice about such amendments.

Third Party Websites

We may link to other websites.  When you click on one of these links, you are ‘clicking’ to another website. Polymail does not control the data collection or privacy practices of such third-party sites.  We encourage you to read the privacy policies of any third-party sites, as their collection, use and storage practices, and policies may differ from ours. 

Minors Under 16 Years of Age

Polymail does not knowingly collect or store any Personal Data from or about children under the age of 16.

If you believe a child under the age of 16 has under any circumstances provided us with Personal Data and data, a parent or legal guardian can email us at privacy@polymail.io to request that their children’s information be deleted from our records.

Do Not Track

Do Not Track” or DNT is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking.  At present, our Site does not respond to or alter its practices when a DNT signal is received.

Changes to Privacy Policy

Polymail reserves the right to amend this Privacy Policy at any time. If Polymail makes material changes to its Privacy Policy, we will notify you by (1) changing the Effective Date on our Privacy Policy and provide additional notification either (1) via email or other means as we may deem commercially reasonable.

Questions?

If you ever have any questions about our online Privacy Policy, please contact us.  We respect your rights and privacy, and will be happy to answer any questions or concerns you might have. You may direct any such questions to us via email at privacy@polymail.io.

NOTICE FOR NEVADA RESIDENTS

Under Nevada law, certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration to a person for that person to license or sell such information to additional persons. “Personally identifiable information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.

We do not engage in such activity; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by email to: privacy@polymail.io.  Please note we will take reasonable steps to verify your identity and the authenticity of the request. Once verified, we will maintain your request in the event our practices change.

CALIFORNIA PRIVACY NOTICE

This section solely applies to California residents.

The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Data  (or “Personal Information” as defined in CCPA).  CCPA offers certain rights and protections to California residents.

  • You have the right to request that about their collection and use of your Personal Data over the past 12 months
  • You can request that we to delete Personal Data collected from them (with some limited exceptions).
  • Some of our Users may “sell” Personal Data of their Contacts. If the User is a business and “sells” Personal Data, you have a right to opt-out of that sale.  
  • Businesses, including Polymail, cannot discriminate against consumers for exercising a CCPA right, but may offer financial incentives to their consumers to do so in certain circumstances.

Polymail is a “service provider” under CCPA

  • Processing and collection of any consumer Personal Data is done on behalf of and at the direction of our Users.
  • Please direct any requests for access or deletion of your Personal Data under the CCPA to the Member with whom you have a direct relationship.
  • However, to the extent required by CCPA and its implementing regulations, if you choose to exercise your applicable CCPA rights, we will respond to and comply with requests sent to privacy@polymail.io subject to verification of identity.  

We do not believe that we “sell” our User or Visitor Personal Data, but to the extent we sell consumer data not otherwise bound by our obligations as a Service Provider to Users, You have the right to exercise your opt-out right at any time by emailing us at privacy@polymail.io. Alternatively, you may contact us using the toll free phone number or ‘contact us’ link located on the homepage for the products or services you receive from us. If you are using an authorized agent, please note that you will be required to verify your identity and provide written confirmation that you have authorized the agent to make a request on your behalf.

CATEGORIES OF PERSONAL DATA

We have provided this list to clarify what information is being collected, and for what purposes they are being collected and to whom this information is being provided:

  • PERSONAL IDENTIFIERS: such as first name, last name, address, phone numbers, vendors, company’s info and other business profiles info provided such as links & social media
  • SOURCE: User-provided, directly through input or use of services
  • PURPOSE: Allowing 3rd party Services and Partners to provide services, improvement on Polymail’s service, personalizing content, marketing and advertising, communication to user
  • SHARED WITH: 3rd Party Partners, Service Professionals, contractors, and admin support

  • COMMERCIAL INFORMATION: Transaction Data
  • SOURCE: User-provided, directly through input or use of services.
  • PURPOSE: Providing services, fixing and improving services, personalizing content, marketing and advertising, administering surveys, sweepstakes, promotions, or contests, support and troubleshooting, communication, analyzing service use, preventing and responding to fraud, unauthorized access/use of service, or breaches or potential breaches of terms and policies
  • SHARED WITH: 3rd Party Partners, Service Professionals, contractors, and admin support

  • Internet and Service Usage Information:
  • SOURCE: Your input (User and Contact Data)
  • PURPOSE Customer service, fraud prevention, improvement of the Site and Services, providing the Services to the User.
  • SHARED WITH: User, Law Enforcement, Service Professionals, contractors, and admin support

YOUR CALIFORNIA PRIVACY RIGHTS

California residents who have an established business relationship with Polymail may make a written request to Polymail about whether Polymail has disclosed any Personal Data to any third-parties for the third-parties' direct marketing purposes during the prior calendar year.  To make such a request, please send an email or write us:

Attention: Privacy

Polymail

Address: 4223 Glencoe Ave, Suite C105, Marina Del Rey, CA  90292

Email: privacy@polymail.io