Last modified: 19.05.2020
See Key changes
In this document, we will explain you the following issues:
- what data we process, how we process it and for which purposes;
- who have access to each type of your data;
- for how long we retain your data;
- what are our protection measures to keep your data secure;
- what are your rights in respect of the processing of your data under GDPR and CCPA;
Our contact details are provided at the bottom of this document so you may always contact us and ask for clarifications or request the exercise of your rights.
What is personal data?
Personal data (or data) is any information relating to you and that alone or in combination with other pieces of information gives an opportunity to a person that collects and processes such information to identify you as an individual. It can be your name, address, your location data, or information related to your physical, physiological, genetic, mental, economic, cultural or social identity. Personal data also includes such technical information as a Media Access Control address (MAC-addresses), International Mobile Equipment Identity (IMEI), Unique Device Identifier (UDID), the Identity for Advertisers (IDFA), Internet Protocol address (IP-address), browser and system information.
Processing of the personal data means any action with it, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means and so on.
What data we collect, how and for what purposes
Data you voluntary provide us
When registering an account on our Website, you will need to provide us with your email address, first and last name, and email client. You will also need to create a password. Without these data we will not be able to provide you with our main Services, so we will call it ‘necessary data’.
When you sign up through a third-party social media account such as Google, Facebook or LinkedIn account, you give us consent to extract from such an account your first and last name, your email address and your profile picture.
While registering an account or filling your account information afterwards, at your own choice you may submit to your profile data about your industry, company name and your position in company, mobile phone. We will use this data to enhance your experience as it is detailed below, but it is not strictly required for the Services provision. We will call these data ‘additional account information’.
As regards the additional account information, we may process it only if you voluntarily provide us with it. Where applicable, we will treat this clear and affirmative action as a request to provide you with some additional services (e.g. to customize your account) meaning the contractual basis will apply to such processing. In some cases, we may also process the relevant data on the basis of our legitimate interest for direct marketing purposes or to run analytics to improve our Services.
Processing and purposes:
We process personal data that is required for the account registration to provide you with our main Services, including creating and maintaining your account, ensuring that everything works smoothly within your preferred email client, communicating with you at your request and identifying you when you want to publish information in our blog or forum.
At your own discretion you may supplement your account information. We will process such data only to let you customize your account at your own choice.
Sometimes we may process your email and name on the basis of our legitimate interest to send you newsletters and other communication. We may do so to provide you with some useful information, notify you on any updates regarding our Website or Services and inform us about our or our partners’ offers. In no case we will overwhelm you with hundreds of letters, but, at any time, you can choose to stop receiving our emails. If you want to cease this type of communication, simply use the “Unsubscribe” button.
Please take into account that the “Unsubscribe” button is present in each of our emails, except the transactional emails notifying you of significant changes in your account, reminding you of the upcoming payments and providing you with the required payment details. Those transactional emails are an essential part of the services we provide. They are also necessary to prevent fraud and other illegal acts. The processing of personal data in this case is carried out on the contractual basis. Without the right to such processing, we won’t be able to protect your account and charge you with fees for our Services.
Company size and industry tell us more about our customers, their needs and interests. With the help of this information, we can improve and customize our Services to enhance your user experience. At your choice, we may use such data to run analytics and/or for marketing purposes. Keep in mind that these data are not necessarily required. Without such information, you will still be able to use our Services, but we will appreciate it if you share it with us as it helps us to grow.
We will store all your account data as long as you keep your account active. We will also store your account data within 30 days after the account deletion to be able to reactivate your account if you change your mind, and to be able to reach you in case of any dispute.
Data from email signatures
When creating email signatures, you may share with us your company name, department name, your position as well as your mobile phone, your photos, links to your social media accounts and other data at your own choice.
Processing and purposes:
We will process such data only to let you create email signatures and further embed them into your (or your colleagues’) emails.
We will store these data as long as you keep your account active and 30 days after its deletion unless you erase these data from the account earlier on your own.
We may collect some of your personal data automatically with the help of cookies and other similar technologies. We invite you to check our Cookies Policy for further details.
Please note that sometimes we may process your data for the period longer than indicated in the sections above. Such processing could be carried only for statistical purposes and subject to the appropriate safeguards in accordance with applicable data protection laws.
What are statistical purposes? Statistical purposes mean any collection and processing of personal data necessary for statistical surveys or to produce statistical results. The statistical purpose implies that such statistical results do not include personal data, but only aggregate data. The statistical results may further be used for various purposes, for example, to assess our business development, understand the market demands and improve our Services.
In most cases, we will anonymize your data before starting processing it for the statistical purposes. As a result, such data will no longer be considered personal and its use will be not governed by data protection laws.
Additionally, we may process your data:
- for the compliance with our legal obligations;
- to protect your vital interests or vital interests of another natural person;
- for the purposes of the legitimate interests pursued by Newoldstamp or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Website or to protect ourselves, our subcontractors, partners and affiliates against damages of any king).
If we decide to change the purposes of processing specified above, we will inform you on such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes (unless additional purpose of processing is compatible with those listed above).
Please note that we do not sell your data or make any decision based solely on automated processing that may produce legal effects or similar significant effects.
Access to personal data
You probably understand that our Website doesn’t work autonomously. In order to provide high-quality Services, we hire people, enter into agreements with independent contractors as well as cooperate with other service providers, companies and organizations. For those reasons, some of your personal data can be shared with the mentioned persons.
In all cases, we adhere to all the requirements of applicable data protection laws and do our best to ensure the security of data processing at all stages.
Our employees and contractors
Among our employees, there are only Customer Support, Sales and Marketing departments, as well as Development team who can access your data from our databases. They are exactly those persons who are responsible for achieving the declared purposes of data processing and that is why they need to have access to your data.
When we lack the internal capacity to deal with some tasks, we may engage both companies and individual entrepreneurs to help us to provide you with the Services. When we transfer data to the country not recognized by the European Commission as ensuring an adequate level of data protection, we will secure such transmission by including standard contractual clauses compliant with the EU data protection laws into our data processing agreements or by implementing other safeguards.
Third party services
Apart from our employees and sub-contractors, we engage the following third-party service providers:
Intercom (the Republic of Ireland) provides us with the services of Customer Messaging Platform and enables the feature of online chat on our Website.
SendGrid (the USA) is our email marketing service that helps us to deliver newsletters and other emails to our users. SendGrid is Privacy Shield certified.
Mixpanel (the USA) supports us with analytics of interactions between Website and our users. Mixpanel is an EU-US and Swiss-US Privacy Shield certified organization.
Pipedrive (the Republic of Estonia) is providing us with the Customer Relationship Management (CRM) services through the Pipedrive sales software.
Google Analytics (the USA) and Hotjar (Malta) are well-known online business analytics service providers that help us to understand how our users interact with our Website. Google LLC is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.
Google Ads (the USA), Facebook Ads (the USA), and Quora Ads (the USA) and LinkedIn Ads (the USA) are our external online advertisement services, which help us to promote our Services to customers. Google LLC, LinkedIn Corporation and Facebook Inc are certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. With Quora Inc. we have entered into the EU standard contractual clauses to safeguard your data.
Paddle (the USA) became our choice in sales. They run our billing processes, resolve relevant payment inquires and help us to make refunds. Please take into account that it is not Newoldstamp but only Paddle who collects your payment information. You can find more details about Paddle’s privacy commitments here.
If you are interested in more details about how these third-party services process personal data, please refer to their privacy policies available on their websites. However, we want to reassure you that due to their residency of headquarters or affiliates companies (USA and European Union) they all are subject to the best worldwide standards of data protection. We care about your data security and choose only reliable partners.
How we protect your data
We use Hypertext Transfer Protocol Secure (HTTPS) for keeping your data secured and your communication with the Website encrypted.
We store your data with DigitalOcean LLC and process it with the help of MySQL and +PostgreSQL relational database management systems which are widely known for their reliability.
DigitalOcean LLC is a US-based company providing hosting services. It is compliant with the EU-US and Swiss-US Privacy Shield Frameworks, and we have also entered into a Data Processing Agreement with them to ensure your data is stored securely.
In regard to protection from unauthorized access to personal data we have implemented firewall, VPN, passwords hashing and two-factor authentication.
For emergency cases we also regularly backup data to be able to restore it when it is needed.
We require all our employees and subcontractors to enter into non-disclosure agreements and data processing agreements (if applicable).
We also will inform users and the respective agencies of personal data breaches should there be high risks of violation of your rights as data subjects. We would also do our best to minimize any such risks.
Your rights under GDPR
If you are an EU resident, you have the following rights regarding your personal data Newoldstamp collects and processes:
Right to access to your personal and right to data portability
Right to rectify your personal data
You can request all the inaccurate personal data concerning you being corrected. You may also request to complete your personal data if you consider that something is missed.
Right to be forgotten
You can request us to erase personal data from our records and records of our third-party services if its processing is no longer necessary to achieve purposes for which it was collected. You may also request so if there are no legal grounds for the processing. In most cases, we will erase it unless otherwise required by legislation.
Right to restrict the processing of your personal data
In some cases, prescribed by law you will also be able to restrict the processing of your data. For example, if you contest the accuracy of your personal data being processed or if we are not interested in our processing of your personal data any longer, but you want us to do this for other reasons, for example, to bring some claim against somebody – then, instead of the erasure of information, its processing will be just restricted.
Right to withdraw your consent
You can withdraw your consent for the processing of your personal data at any time by simply contacting us, without affecting the lawfulness of processing based on the consent before its withdrawal. After receiving such a withdrawal request from you, we will process it in a timely manner and will no longer process your personal data unless otherwise set by law.
Right to object to the processing
In some cases, prescribed by the applicable laws you can object to processing of your personal data.
You can object to the processing of your personal data when the processing is related to the performance of our task carried in the public interest or in the exercise of official authority vested in us; or if we process your data to pursue our or third party’s legitimate interests, and you believe that such interests are overridden by your interests or fundamental rights and freedoms.
If you make a request objecting to processing, we will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing.
Right to complain
If you have doubts as to our reply or reaction, or absence of such, you have the right to lodge a complaint with a supervisory authority, empowered to resolve such complaints in your country.
How to exercise your rights as to your personal data under GDPR?
Any requests to exercise your rights can be directed to Newoldstamp via the contact details provided below. These requests are free of charge.
Please note that we may ask you to verify your identity before responding to such requests.
Newoldstamp will provide information on action taken on your request related to your rights specified above within one month of receipt of the request for the longest. That period may be extended to two months if Newoldstamp is overwhelmed by the number of requests or the request at issue is complicated and requires a lot of action. We will inform you of any such extension within one month of receipt of the request, together with the reasons of such delay.
Your rights under the CCPA
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- to request us to disclose to you the following information:
- the categories and specific pieces of personal data we have collected about you;
- the categories of sources from which the personal data is collected;
- the business or commercial purpose for collecting or selling personal data;
- the categories of third parties with whom we share personal data;
- the categories of personal data that we disclosed about you for a business purpose.
- to request us to delete any your personal data;
- to not be discriminated when exercising any of the rights under the CCPA.
As regards the deletion request, we will normally exercise your right to be forgotten but we may retain the data if it is needed to:
- complete the transaction, fulfill the terms of a written warranty, provide services requested by you, or otherwise perform a contract with you;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- debug to identify and repair errors that impair existing intended functionality of the Website;
- exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the data deletion is likely to render impossible or seriously impair the achievement of such research, and if you provided informed consent for such processing;
- to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Newoldstamp;
- comply with a legal obligation.
How to exercise your rights as to your personal data under the CCPA?
Please keep in mind that if you request us to provide the above-mentioned information about processing of personal data, we are obliged to provide such information only for 12 months preceding the date of your request.
Ordinarily, we will ask you to prove your personality and your California residency when you submit your request.
To exercise your rights, just send us a request at our email address specified in Contact Details below. We will respond to you within 45 days after establishing your personality. Where it is reasonably necessary, we may extend the time for response to additional 45 days. In such cases, we will notify you of the extension.
The privacy of children is one of our concerns. Here at Newoldstamp we can provide services only in case you are aged 16 or older. If you are under 16, you will need to get your parent’s/guardian’s permission before submission of any personal data to us. If you are underage, and there is no data as to your parent’s/guardian’s permission to use our Website, please do not provide us with your consent for data processing.
If you have any questions, do not hesitate to contact us:
Philadelphia Pike, 4955, Claymont DE, Delaware 2039, US