- What information do we collect?
- How do we use the information we collect?
- Whether and how the information is shared
- Your rights as a data subject
- Data Retention
- Transfers of information across boundaries
- Contact us
1. What Information do we collect?
1.1 Information that you provide to us:
- When you install or access the Application and set up your account, you provide us with your email account addresses (for the accounts you wish to manage through the Application), your display name of each of your email accounts (Optional) – this could be your actual name, or a nickname you choose, Your Photo (Optional) – if you choose to upload it as your account avatar. You may choose to upload another photo, but you need to make sure you have the appropriate rights to use this photo.
- When you contact us to seek our customer support, we may obtain and maintain any information you choose to provide, including your name, your email addresses, as well as information about your mobile device such as its device type OS type and any information concerning your use of the Application.
- Sync Services – you may use the optional Sync Services to allow synchronization of data such as your Application settings, contacts, remarks and tasks which are securely stored on our Cloud. We may ask you to provide your phone number to send SMS text message verification.
- When you create a group, we save on our Cloud the group name, avatar, notes and email addresses of the group members.
- When you use the Smart Filter feature, you provide us with the email addresses you interact with. You can disable Smart Filter at any time from the Application settings.
- You can report emails whether misclassified, safe or malicious, to our Cloud for analysis, sharing, debugging and classification. You can share a link to an email by uploading it to a Cloud sharing service.
- Instant Push Services (Optional) for iOS and OAuth supported email accounts – if you are using imap and exchange email accounts on iOS, or OAuth supported email accounts and configure your settings to allow push notifications (BlueMail Cloud sends push notifications to your mobile device when you have a new email), we will we keep either the OAuth token or encrypted credentials. When using the Instant Push Services for those accounts, we receive the email headers including to, from, subject and a small portion of the body. The information will be deleted immediately after sending the Push notification.
- Advanced Features for iOS only (Optional) – If you enable VIP Notifications feature for iOS, our Push Services will need access to the VIP email addresses which accordingly will be stored on Cloud. When using the Send Later feature for iOS – the outgoing email (its content, header, emails of recipients) is temporarily stored encrypted on our Cloud. We will then attempt to send the email at the requested time and will delete the email once it is sent successfully.
Are you obligated to provide us with this private data?
You are not obligated to provide us with any of the above information.
However, we will not be able to provide you with the Application and Services or part of them, as applicable, if you do not agree, or withdraw your consent, or request to object (all as detailed under section 5 with respect to your rights) to our processing of these data items.
1.2 Information that we collect from third parties:
Analytics for Web and Mobile
We use web and mobile analytics software to measure traffic and usage patterns and to help us better understand the functionality of the Application on your device or general information regarding how users use the Application. When using our Website, the web analytic tools collect information sent by your browser, including the pages you visit and other information that assists us in improving the Website. The Application on your device may collect information such as what kind of device you are using, how often you use the Application, the way you use the Application (what functions are used for example) performance data (technical issues concerning crashes, operation metrics, memory consumption and that type of information), and which store the Application was downloaded from and send this information Cloud. We use this information only to administer, improve, monitor and analyze the use of the Application.
When you provision or access BlueMail on a mobile device (like a smart-phones or tablet), we may access, create, monitor or remotely store identifiers such as Instance ID or GUID which uniquely identify our app. Only BlueMail can access these identifiers. We do not use any hardware identifiers such as Unique Device Identifier (UDID), SSAID (Android ID) and IMEI and we have no way to identify the specific hardware you use.
These identifiers persist on your device and our Cloud to help you log in faster and enhance your navigation through the Application. Some features of the Application may not function properly if these identifiers are impaired or disabled.
We frequently and securely check the Application version with our Cloud to recommend an upgrade. We also securely check for licenses and premium features to allow or prohibit functionalities.
2. How do we use the information we collect?
- We use all of the above information to operate, maintain, and provide to you with Application features and functionality.
- We use the email address to establish the accounts you wish to use within the Application, and let you manage your email account through the Application.
- We use your display name to display the different account names as you assigned them.
- We use your information to send you emails with regards to your operation of the Application (e.g., account verification, notify you of changes/updates to features, credentials change, technical and security notices), as well as to send you marketing communications (please see more details regarding this under chapter 4, “Communications”).
- We may use the above information to respond to your requests and messages, including with respect to your rights as data subject, as well as to initiate contact with you on issues related to the Services or support and maintenance issues.
- We may use the information you provide to allow certain functions to perform as intended. For instance, for the Smart Filter – to compare your email contacts with spam email lists we have on our Cloud; for the Sync service to be able to perform the requested synchronizations; for the send later feature to be able to save and send the email at a later time you defined, etc.
- To prevent, detect and fight fraud or other illegal or unauthorized activities.
- We use anonymized, aggregate data, in order to gain insight on how you and other users use the Services and try and improve our Service, as well as to plan our marketing and advertisements.
Our Legal Bases for Processing
The following are the legal bases under which we process your information in the manners specified above:
- Performance of a contract to which BlueMail and you, the data subject, are parties. Many of the uses described above are actions that involve processing of your information in order to meet our undertakings to you and respond to your requests and indications within the Services.
- Legitimate interests: We may use your information where we have legitimate interests to do so. For instance, we analyze users’ behavior on our services to continuously improve our offerings, and we process information for administrative, fraud detection and other legal purposes.
- Consent – some of the information you provide is based on your agreement and will to provide it. In addition, we may ask you from time to time, through the Service interface, to provide your consent for specific uses.
3. Whether and How Your Information is Shared?
We will never share, rent or sell your information to third parties outside BlueMail and its group companies (including subsidiaries and affiliates) without your consent, or except as noted below:
- Service Providers: We engage third-party business partners to help us provide you with the Services, for instance, Amazon AWS (Cloud hosting and related services) and Google Analytics for usage analytics and statistics. Those business partners will be given limited access to your information according to our specific instructions as necessary to provide Services to you.
- Compliance with the Law: We may disclose your information if we believe it is necessary in order to comply with the law, such as to comply with a subpoena, regulation or legal request, respond to a government request, to address fraud or security issues, to protect the safety of any person, to enforce our agreements with you; to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing or to protect our own rights or property. If you are located in the EU, we may only do so based on legal requirements specified above of EU authorities. This includes sharing such information with our legal counsels.
- Anonymized Information: Should we need to share data with third parties (such as investors or partners), we will strip it of all personally identifiable information.
- Business Transfers: If BlueMail is involved in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be transferred as part of that transaction to a successor in interest and to the applicable legal authorities as well as legal counsels and other professional counsels involved such as accountants, and other officers of the government or of the applicable judiciary instance.
Links to Third Party Websites
This section does not relate to information that we directly convey to third parties.
If you are located in the EU, the following shall apply only if you marked your consent to receive such communications.
If you are located in the US or elsewhere in the world, the following shall apply for as long as you have not opted-out of this activity:
We may use the information we collect or receive to communicate with you directly. For example, you may receive emails from us containing company updates, promotions, marketing, or special offers. We do this to be sure our communications and our products get better over time. If you’d rather not receive these emails, you may opt-out of receiving them by following the unsubscribe link located at the bottom of each communication or by emailing us at firstname.lastname@example.org. Even after you opt-out from receiving communications messages from us, you will continue to receive administrative messages from us regarding our services (such as requirement to upgrade the Application).
5. Your rights as a data subject
- You may access and update your information by visiting your account settings within the Application or by emailing us at the email address listed below.
- You can use the panel tool here to view or remove information stored on our Cloud about your email account.
- In case our processing is based on your consent, you have the right to withdraw your consent at any time, by contacting us via email.
- You have the right to object to the processing of your personal data for direct marketing purposes at any time.
- You have the right to object to our processing of your personal data if processing is based on our legitimate interests.
- You have the right of portability with respect to your personal data, in case it is processed by automatic means, and if processing is based on your consent.
- You have the right to request that we erase all of your personal data that we keep, without undue delay, unless processing is necessary as further detailed under “Data Retention”
- In certain countries, you have a right to lodge a complaint with the appropriate supervisory authority in charge of data protection, in case you think that we are breaching any of your right relating to your personal data. If you are located in the EEA, The complaint may be lodged at the country which is your place of residence, your place of work or place of the alleged infringement.
If you have questions on how to exercise your rights, please contact email@example.com. We will respond to your access request without undue delay, or within 30 days at the latest (as the law may require)
6. Data Retention
We will retain your information for as long as we need it for legitimate business purposes (as laid out in chapter (“How we use your information”) and as permitted by applicable law. Once no longer used as stated herein, it will be either deleted or completely de-identified in a manner that does not allow re-identification thereof.
We will also retain and use your information in the following instances:
- If there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved.
- The information must be kept for our legitimate business interests, such as fraud prevention and enhancing users’ safety and security. For example, information may need to be kept to prevent a user who was banned for unsafe behavior or security incidents from opening a new account.
Specifically, the following information items are retained for the following time periods:
|Optional Functionality||Data Item||Retention period|
|Instant Push Services for iOS and OAuth supported accounts (optional)||Email header (to, from, title, portion of the body)||Deleted immediately upon push completion|
|Settings Backup (optional)||Your phone number||As long as required to perform the Services|
|Synch contacts/tasks (optional)||Your contact information, calendar items||As long as required to perform the Services|
|Report an email (optional)||Reported email||As long as required to perform the Services|
|Send Later for iOS (optional)||Email to be sent later||Deleted immediately following the email is sent successfully|
Security is extremely important to us. We use industry leading security practices to preserve the integrity of all your data. For example, when you transmit sensitive information and when you send and receive emails, BlueMail encrypts the transmission of that information using secure socket layer technology (SSL). However, no method of electronic transmission or storage is 100% secure, so we cannot guarantee absolute security. BlueMail is not responsible for the functionality or security measures of any third party. If you have questions about this feel free to contact us at firstname.lastname@example.org.
8. Transfer of PII across boundaries
Our legal basis for performing such transfer across boundaries are:
- Model Clauses. With some of our processors, we use standard contract clauses, that are binding standards of processing of personal data committed to contractually by third parties processing information for us and on our behalf, approved by the European Commission.
- In the absence of Model Clauses, Your consent. By using the Service, you agree and understand that your information may be transferred from the EEA or other countries in which you may be using the Services, to other countries outside your own location (including outside the EEA), and specifically to the USA. You agree to such transfer, and you understand that data processed in the USA is subject to different data protection laws, which may sometimes grant lesser degree of protection that the privacy laws and regulations applicable within the EEA for example.
Our Services are not directed to persons under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to remove such information and terminate the child’s account. If you learn that your child has provided us with personal information without your consent, please contact us at email@example.com.
11. Contact Us
Last Modified: May 17th, 2018