Updated April 22, 2020.
Why do we have this document?
This document has been written in order to establish how the data protection policies in SafetyMails are adopted, taking into account the following laws and regulations:
I. GDPR – Regulation (EU) 2016/679 (General Data Protection Regulation), which regulates the protection of personal information for companies within the European Union (and who offers products or services to the EU); The
II. Marco Civil da Internet (Marco Civil) – Law No. 12,965 of April 23, 2014, which describe how organizations should collect, manipulate, and store personal information;
III. Lei Geral de Proteção de Dados no Brasil (LGPD) – General Law on Data Protection in Brazil – Law 13709 of August 14, 2018, which provides for data protection and makes changes to the “Marco Civil da Internet law”; and the
IV. Can-spam – Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (Pub.L. 108-187), which regulates fundamental aspects of the fight against spam.
In accordance with the principle of transparency, we are dedicated to providing clear and complete information on the use, storage, processing and protection of your personal data;
With this Data Protection Policy, you are guaranteed:
I. compliance with laws, regulations and good practices of personal data privacy;
II. protection of the team, customers and partners;
III. principle of process transparency;
IV. guidelines for possible data breaches.
To make this document easier to understand, it is necessary to know some expressions that will be used:
“Data Controller” ou “User“: Person or company that has control over personal data that will be processed by SafetyMails services (GDPR Art. 4, item 7 / LGPD Art 5º, item VI). The Data Controller becomes a User when you create an account on the SafetyMails website;
“Data Processor“: SafetyMails is the personal data processor that works on behalf of the Data Controller to perform a set of automatic or non-automatic operations such as collecting information from records, structuring, storage, adaptation, alteration, consultation, transmission, among others (GDPR Art. 4, items 2 and 8 / LGPD Art 5, item VII). In this case, SafetyMails, only treats in the scope of its service purpose and nothing more.
“Personal Data“: according to the GDPR, treating any information related to a person, who can directly or indirectly identify it, such as name, location, online identifier, among others (GDPR Art. 4, item 1 / LGPD Art. 5, item I)
“Sensitive Personal Data“: The brazilian General Data Protection Law indicates this information as “data on racial or ethnic origin, religious belief, political opinion, union membership or religious, philosophical or political, health or sexual life, genetic or biometric data, when linked to a natural person “(LGPD Art. 5º, item II).
“Anonymised Data“: data relating to someone who does not directly identify you and who is therefore not subject to the law.
In terms of the scope of our services and its compliance with data protection and privacy regulations, SafetyMails Information Technology Director is responsible for the full implementation of this policy and acts as Data Protection Officer (DPO) for SafetyMails, taking into account articles 37, 38 and 39 of the GDPR.
Messages can be sent to the DPO by e-mail [email protected]
All members, directors and employees of SafetyMails are required to sign a Total (and absolute) Non-Disclosure Assignment, encompassing all data and information of the company, its partners, employees, prospects, customers and databases.
Access to Data Center databases and servers is prohibited from SafetyMails employees only by the DPO / CIO.
Service and sales teams are trained to understand the importance of data protection. They are also advised to always consult the DPO in case of any doubts to the confidentiality of information.
Data Processing and Storage
All connections to the SafetyMails system, as well as its website and other subdomains, are protected by encrypted SSL certificates from Comodo, Certifying Authority in accordance with AICPA / CIA WebTrust.
All information stored in SafetyMails is protected in the database of servers stored in the OVH’s Data Center, which benefits from the ISO / IEC 27001: 2013 certification, the international attestations SOC 1 type II (SSAE 16 and ISAE 3401) and SOC 2 type II, as well as PCI DSS Level 1 certification.
These measures are intended to protect Users and Personal data, in compliance with the provisions of the General Data Protection Act (LGPD / GDPR).
SafetyMails stores User information for 3 months, deleting these files automatically after this period. If you wish, the User may delete his own information before this period, at any time (“Right to erasure (according to LGPD/GDPR laws).
No information is stored on personal and transportable physical media, such as CDs, DVDs, Pendrives, Notebooks or similar.
Validação e Verificação de Endereços de E-mails
To perform your email address validation and verification services, SafetyMails requires its Users to share email addresses information on your system. Without them, it becomes impossible realize the process of the information in order to deliver results you wanted.
The User, using SafetyMails services, declares that he/she has consents to the storage of personal data and asserts that the handling of this information is intended to comply with the contract, preliminary contract procedures or when necessary to meet his/her legitimate interests and/or protection of credit (according to LGPD/GDPR laws), prevailing fundamental rights and freedoms of the holder of the personal data
SafetyMails only needs email addresses to perform the scope of its validation and email verification service. While the User may upload their information containing other fields of personal and/or sensitive information, they are not required to perform the processing. SafetyMails does not provide any information that is not related to the status and validity of the email addresses, and does not offer any service that adds personal data that personally identifies these addresses, such as names, addresses, social networks, among others.
Anonymised information, that is, those not subject to the law, as they do not identify or are not identifiable by a natural person (in other words, that do not violate the natural person’s privacy and do not violate GDPR and LGPD regulations), may be offered by SafetyMails.
Any use of SafetyMails through API integration (from other platforms) requires the explicit permission of the User to perform the process of validating and verifying emails.
The installation of the SafetyMails API for real-time email validation and verification (Safety Optin) is the exclusive responsibility of the User. The API is a consultative feature, informing only the status of an email directly consulted to the User, not storing data other than the email address typed in the customer form in the SafetyMails database (such as name, company, others).
E-mail Validation and Verification occurs in a process of analyzing layers of email address validation, taking into account market RFCs, such as RFC 822 and RFC 5321 (from “ARPA Internet text messages, 1982” ), but not only these, as well as MX record checks, aborted SMTP connections, and recent past consultations generated by SafetyMails itself (without providing any information that performs personally identifiable correlations.
The reuse of recent validation results is aimed at combating Spam practice and optimizing results delivery processes for SafetyMails Users. However, it is important to note that the results generated by SafetyMails in a register are individually related to each email address, not to a User and its email bases, not characterizing in any way, data sharing (Data Sharing).
The entire process of validating and verifying emails happens automatically on the servers of SafetyMails (located in Canada, France and Germany), and there is no human interaction in the process. Only in cases of express request by the User, SafetyMails may review the files provided to the SafetyMails system. This process is performed in a controlled environment and all files are deleted immediately after review.
SafetyMails guarantees that the processing of validation and verification of e-mails is done legally, in a fair and transparent way (according to LGPD/GDPR laws)
In case of data leakage
SafetyMails shall promptly inform the User of any data leak within 72 hours of occurrence, if feasible.
SafetyMails does not sell, rent or share e-mail addresses and other data that has been provided to SafetyMails for its services. (Read our Non-Disclosure Assignment).
SafetyMails will not do any kind of contact with uploaded e-mail addresses for validation to its system by the Users. For more information, read our Anti-spam Policy.
In certain circumstances, due to the force of law and the requirement of the authorities, and only in such cases, SafetyMails may breach confidentiality under the law. SafetyMails will take the precaution that in these cases you will be absolutely certain that the request was made by legal means.
To contact SafetyMails regarding Data Protection: