UPDATED DECEMBER 20th, 2022
- Personal data – Information related to an identified or identifiable natural person.
- Sensitive Personal Data (aka special categories of personal data) – Personal data concerning racial or ethnic origin, religious conviction, political opinion, membership of a trade union or of a religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data when linked to a natural person.
- Anonymized Data – Data relating to an individual who cannot be identified, considering the use of reasonable and available technical means at the time of its processing.
- Controller – Natural or legal person, whether governed by public or private law, who is responsible for decisions concerning the processing of personal data.
- Processor – Natural or legal person, whether governed by public or private law, who processes personal data on behalf of the Controller.
- DPO (Data Protection Officer) – Person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the Data Protection Authority.
- International Data Transfer – Transfer of personal data to a foreign country or international body of which the country is a member.
- Data Subject – natural person who has provided personal data to SafetyMails or whose data has been provided by a controller;
2. Data Protection
With the adoption of this data protection policy, the following are guaranteed:
- compliance with personal data privacy laws, regulations, best practices;
- protection of natural persons’ data and respect for privacy;
- the protection of SAFETYMAILS’ staff, customers and partners;
- the principle of process transparency and the inviolability of intimacy, honor and image;
- guidelines in the event of a personal data breach;
2.1 About the data
- only email addresses are necessary for SAFETYMAILS to perform the scope of its email validation and verification service. Although the CLIENT can upload his/her information in its entirety, containing other fields of personal information, it is unequivocally clear that they are not necessary for the performance of the processing;
- SAFETYMAILS does not provide any type of information that is not related to the status and validity of e-mail addresses and does not offer any service that adds personal data that personally identifies these addresses, such as names, addresses, social networks, among others;
- information that is not subject to law, that does not identify or is not capable of identifying a natural person may be offered by SAFETYMAILS;
- any use of SAFETYMAILS through an API integration (from other platforms) requires the express permission of the CLIENT in order to carry out the process of validation and verification of e-mails;
- the entire process of validation and verification of e-mails takes place automatically on SAFETYMAILS’ servers, with no human interaction in the process;
- only in cases of express request of the CLIENT, SAFETYMAILS may, in exceptional circumstances, manually review files provided to the SAFETYMAILS system. This process is performed in a controlled environment and all files are deleted immediately after revision..
- SAFETYMAILS ensures that the processing of e-mail validation and verification is done legally, fairly and transparently
All activity at SafetyMails shall observe good faith in data processing, and the following principles:
- To have a legitimate, specific, explicit purpose that has been informed to the data subject;
- Adequate the data processing to the purposes informed to the data subject;
- Retain personal data only as long as necessary;
- Collect only the data necessary to meet the purposes of the processing, restricting ourselves to minimal and proportional information;
- Allowing data subjects to access their data free of charge and in an easy manner;
- Guarantee the accuracy, clarity, relevance and updating of the data processed;
- Give clear and precise information to data subjects on aspects of the processing of their personal data, by means that are easily accessible;
- To protect the personal data being processed with measures capable of maintaining the integrity, availability and confidentiality of the data being processed from accidental or malicious interference;
- Prevent damage to data subjects that may be caused by the processing of their personal data;
- Ensure that the processing performed does not result in discriminatory, illicit, or abusive acts, reviewing the processing operations whenever necessary to assess whether there is the possibility of discrimination;
- Seek the proper application of these principles in all of our processing activities;
- Take effective measures to demonstrate compliance with data protection regulations throughout SafetyMails, allowing effective accountability for the processing of personal data.
2.3 Legal Basis for Personal Data Processing
SafetyMails may process personal data, provided that the processing is subject, without exception, to one of the following:
- when the data subject provides explicit consent
- when necessary for compliance with legal or regulatory obligations
- when necessary for the performance of a contract or preliminary proceedings related to a contract to which the data subject is a party
- when necessary for legitimate interests of SafetyMails or third parties, except in cases where fundamental rights and freedoms of the data subject prevail
- for credit protection
To find out more about which specific cases we rely on this legal basis, or to obtain more information about the tests we perform to make sure we can use it, please contact our Personal Data Protection Officer through the contact channel provided in this document;
2.4 How the Data Subject can exercise his or her rights
Data subjects have various rights in relation to their personal data. It is the obligation of SafetyMails to enable such data subjects to exercise their rights in a free and simplified manner
In cases where the Data Subject intends to exercise his rights, it will be necessary to prove that he is, in fact, the holder of the personal data that is the object of the request. Therefore:
- we may request documents or other information that may assist in your correct identification, in order to protect our rights and the rights of third parties;
Simply make your request to the Personal Data Protection Officer at [email protected]
2.5 Security Measures in the Handling of Personal Data
- SAFETYMAILS employs technical and organizational measures to protect personal data from unauthorized access and from situations of destruction, loss, misplacement or alteration of such data;
- the measures take into consideration the nature of the data, the context and purpose of the processing, the risks that a breach could create to the rights and freedoms of the user, and the standards currently employed in the market by companies similar to ours;
- all connections to the SAFETYMAILS control panel, as well as its website and other subdomains, are protected by SSL encrypted certificates from Comodo, Certificate Authority compliant with AICPA/CIA WebTrust;
- all information stored at SAFETYMAILS is protected in server databases stored in OVH Datacenter, which benefits from ISO/IEC 27001:2013 certification, international attestations SOC 1 type II (SSAE 16 and ISAE 3401) and SOC 2 type II and also PCI DSS Level 1 certification;
- SAFETYMAILS data processing services are performed in the following countries: Canada, United States and Portugal, countries that provide adequate level of protection. The CLIENT gives full awareness of this information and consent to data processing;
- SAFETYMAILS stores the processed information of the CLIENT for 3 months, deleting it automatically after this period.
- If desired, the User may delete their own information prior to this period at any time (as per LGPD/GDPR);
- No information is stored in transportable and personal physical media, such as CDs, DVDs, Pendrives, Notebooks or similar;
- all partners, directors and employees of SAFETYMAILS are required to sign a Confidentiality Agreement, encompassing all data and information of the company, its partners, employees, prospects, customers and databases;
- access to databases and datacenter servers is forbidden to SAFETYMAILS employees, and is only allowed to the DPO/CIO.
- The customer service and sales teams are trained to understand the importance of data protection. They are also instructed to always consult the DPO in case of any doubts about the confidentiality of any information.
2.6 In Cases of Data Leakage
- Although SAFETYMAILS does everything in its power to prevent security incidents, it is possible that problems of data leakage may occur;
- if any type of security incident occurs that could generate risk or relevant damage to any of our users, we will notify those affected and the National Data Protection Authority of the occurrence, in accordance with the provisions of the Law.
- SAFETYMAILS is committed to inform the CLIENT of any data leakage within 72 hours of the occurrence, if feasible.
- in case of exclusive fault of the CLIENT, which occurs, for example, but not only, when he/she transfers his/her data to third parties, SAFETYMAILS disclaims any responsibility.
3. Data Protection Officer
In terms of the scope of our services and their compliance with data protection and privacy regulations, the Chief Information Technology Officer at SAFETYMAILS is responsible for the full implementation of this policy and acts as the Data Protection Officer (DPO) for SAFETYMAILS.
Messages and requests can be sent to the DPO through the following channels:
Email: [email protected]
Avenida Nilo Peçanha, n50, Sala 1808
Centro, Rio de Janeiro/RJ – Brazil
To: SAFETYMAILS DPO