About Emailable. Emailable is an online service that allows users to determine the legitimacy and authenticity of email addresses.
Responsible entity (data controller). The entity that is responsible for the processing of personal data through Emailable is EMAILABLE LLC having a registered business address at 44 Bethpage Road, Suite 1, Hicksville, NY 11801, United States, and a business registration number EIN 85-4358960 (“we”, “us”, and “our”).
Applicable laws. We process personal data in accordance with applicable data protection laws, including, but not limited to the Florida Information Protection Act 2014 and the EU General Data Protection Regulation (the “GDPR”).
Our role as a data controller and a data processor. When handling personal data, we act as a data controller and a data processor in terms of the GDPR. Our role depends on the specific situation involving personal data:
- We act in the capacity of a data controller when we ask you to submit your personal data that is necessary to ensure your access and use of Emailable (e.g., when you register your user account, browse Emailable, or communicate with us). In such instances, we are a data controller because we determine the purposes and means of the processing of personal data. We comply with data controllers’ obligations set forth in the GDPR.
- If we are required by law to do so;
- If we would like to disclose or transfer your personal data to third parties that cannot guarantee an adequate level of protection; or
Types and Purposes of Personal Data
In this section, we set out:
- The types of personal data that we process;
- The purposes for which we process personal data; and
- The lawful bases on which we rely when processing personal data.
Personal data obtained directly by us
When you register your user account, we collect your:
When you update your user account, we collect your:
When you add your card, we collect your:
When you make a payment, we may collect your:
When you subscribe to a newsletter, we collect your email address
When you comment on a blog post, we collect any information that you decide to provide in your message.
When you sign up with Disqus to comment on a blog post, we may have access to your:
When you use your social media account to comment on a blog post, we collect any information that you make publicly available through the settings of your social media accounts.
When you subscribe to the blog, we collect your email address.
When you use Emailable, we collect your:
When you contact us through the live chat available on the Website, we collect any personal data that you decide to provide us in your messages.
When you contact us by email, we collect your:
Personal data submitted to us
When you submit email addresses for verification, we process the e-mail addresses submitted by you.
Payment processing. Financial transactions relating to Emailable are handled by our payment services providers, Stripe and PayPal (collectively, the “Payment Processors”). We will share transaction data with the Payment Processors only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. Please note that the Payment Processors may collect some personal data from you, which allows them to process your payments (e.g., your email address, address, credit card details, and bank account number). The Payment Processors handle all the steps in the payment process through their systems, including data collection and data processing. We do not store your payment details in our systems, unless it is necessary for accounting and administrative purposes. You can find information about the Payment Processors’ privacy policies and practices at https://stripe.com/gb/privacy and https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
Additional data. We may receive certain additional data when you participate in a focus group, contest, activity or event, request support, interact with our social media accounts, submit your feedback and reviews, or otherwise communicate with us. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us. We kindly request you to exercise your due diligence when making your personal data publicly available. We will use such personal data to reply to you, providing you with the requested services, or for pursuing our legitimate business interests (i.e., to analyze and improve our business).
Sensitive data. We do not intentionally collect special categories of personal data, such as opinions about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about sexual orientation.
Failure to provide personal data. If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of Emailable, make payments, receive the requested services, or get our response.
In this section, we explain what technical data we collect about your use of Emailable and for what purposes we use it.
Types of non-personal data. When you use Emailable, we may process technical non-personal data about your use of Emailable (the “Usage Data”). The Usage Data may include your geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of Emailable. The source of the usage data is our analytics tracking system.
Purposes of non-personal data. The Usage Data may be processed for the purposes of analyzing your use of Emailable and to avoid users misusing our services. More particularly, we use the Usage Data to:
- Analyze what kind of users visit and use Emailable;
- Identify the channels through which Emailable is accessed and used;
- Examine the relevance, popularity, and engagement rate of the content available on Emailable;
- Identify and fix errors;
- Investigate and help prevent security issues and abuse;
- Develop and provide additional features to Emailable; and
- Personalize Emailable for your specific needs.
Aggregated data. If your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.
Feedback. If you contact us, we may keep records of any questions, complaints or compliments made by you and the response. Where possible, we will de-identify your personal data. Please note that de-identified personal data is considered to be non-personal data.
Disclosure of non-personal data. We may disclose non-personal data and de-identified data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving Emailable, responding to lawful requests from public authorities or developing new products and services.
Disclosing Personal Data to Others
In this section, we explain in what situations we disclose your personal data to third parties and list the recipients of your personal data.
Purposes of disclosure. We may disclose your personal data to our suppliers or subcontractors (data processors), if it is necessary to ensure the proper functioning of Emailable and provide you with the requested services. The disclosure of your personal data is limited to the situations when such data is required for the following purposes:
- Ensuring the operation of Emailable;
- Ensuring the delivery of the services requested by you;
- Providing you with the requested information;
- Pursuing our legitimate business interests;
- Enforcing our rights, preventing fraud, and security purposes;
- Carrying out our contractual obligations;
- Law enforcement purposes; or
- If you provide your prior consent to such a disclosure.
List of data processors. We may share certain types of your personal and non-personal data with entities that provide certain technical support services to us, such as hosting, web analytics, payment processing, advertising, and email distribution services, or if you explicitly request us to disclose the personal data. The table below provides an overview of the third parties that may access your personal data.
Hosting service provider
Newsletter, technical support, and marketing service provider
Transactional email service provider
Payment processing service providers
Analytics service providers
Compliance with legal obligations. In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
International Transfers of Personal Data
In this section, we explain how we make international transfers of personal data and what measures we take to ensure an adequate level of protection.
We and some of our data processors listed in section “Disclosing Personal Data to Others” are located outside the European Economic Area (the “EEA”) and, if you reside in the EEA, we may need to transfer your personal data to jurisdictions outside the EEA. Likewise, if you reside in the US, we may need to transfer your personal data to other jurisdictions, including the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data (e.g., the country in which the recipient is located is white-listed by the European Commission) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the standard contractual clauses provided by the European Commission).
Retaining and Deleting Personal Data
This section sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations regarding storage of personal data.
Retention as required by law. Please note that, in some cases, we may be obliged by law to store personal data for a certain period of time (e.g., if we have to keep our accounting records for the time period prescribed by law). In such cases, we will store personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
In this section, we have summarized the rights that you have with regard to your personal data. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
The rights that you have. Your principal rights under the data protection law are:
- The right to access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to object to processing;
- The right to data portability;
- The right to complain to a supervisory authority; and
- The right to withdraw consent.
Right to access. You have the right to confirm as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
Right to rectification. You have the right to have any inaccurate personal data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed.
Right to erasure. In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.
Right to restrict processing. In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
Right to object processing. You have the right to object to our processing of your personal data on grounds relating to your particular situation, subject to exceptions provided by the applicable law. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
Right to data portability. To the extent that the legal basis for our processing of your personal data is (i) your consent or (ii) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
Right to withdraw consent. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
Right to launch a complaint. If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first at firstname.lastname@example.org and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 2 weeks). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
Exercising your rights. You may exercise any of your rights in relation to your personal data by contacting us at email@example.com. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we could locate you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.
Requests submitted to a data processor. We act in the capacity of a data processor with regard to email addresses submitted by users for verification purposes. Such users act as data controllers with regard to the email addresses submitted by them. Therefore, we do not accommodate requests related to access, rectification, and deletion of personal data and other rights the owners of those email addresses may have. The persons that would like to exercise their rights with regard to the e-mail addresses processed by us are requested to contact the respective data controller. In case we receive such requests directly from data subjects, we will not act and inform the respective user without undue delay so that the user could act accordingly.
Our security measures. We put our best efforts to keep your personal data safe and secure. We implement organizational and technical information security measures to protect your personal data from unauthorized access and disclosure, loss, and misuse. In order to ensure the security of your personal data, we kindly ask you to use Emailable through a secure network only. The security measures taken by us include:
- Secured networks;
- Strong passwords;
- Limited access to your personal data by our staff;
- Anonymization of personal data (when possible); and
- Choosing reliable certified data processors.
Handling security breaches. Although we put our best efforts to protect your personal data, given the nature of ICT and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a personal data breach occurs, we will immediately take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
Third-party links. Emailable may contain links to websites and services that are owned, operated and controlled by third-party service providers. We are not responsible for the privacy and security practices employed by such third parties. We encourage you to be aware when you leave Emailable and carefully read the privacy statements of each and every website or service that you access. We also advise you to carefully scan every link before clicking on it to ensure the link is not infected and free of any kind of virus or malware that can damage your operating system or device.
We do not allow anyone younger than 18 years old to use Emailable. Thus, we do not knowingly and directly collect personal data of persons below the age of 18. If you learn that anyone younger than 18 has unlawfully provided us with personal data and you are a parent or legal guardian of that person, please contact us and we will take immediate steps to delete such personal data. To protect children’s privacy, we encourage parents and legal guardians to monitor their children’s Internet usage and instruct their children not to submit any personal data through Emailable.
Marketing and informational notices
After you subscribe for a newsletter, register a user account, or place an order, we will, from time to time, send you marketing messages, such as newsletters, brochures, promotions and advertisements, informing you about new available services or new features of Emailable. We will send such marketing communication only if:
- You provide your express (“opt-in”) consent to receive such marketing messages (your voluntary subscription to our newsletter constitutes such consent); or
- We would like to inform you about the services similar to the services already used by you.
Opting-out. You can opt-out from receiving marketing messages at any time free-of-charge by clicking on the “unsubscribe” link contained in any of the messages sent to you or by contacting us directly.
Informational notices. From time to time, we may send you informational notices, such as service-related, technical or administrative emails, information about your orders, Emailable, your privacy and security, and other important matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.
What is personal information under the CCPA? Under the CCPA, the term ‘personal information’ refers to information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular consumer or household based in California. The term does not cover certain types of personal information (e.g., information subject to the Gramm-Leach-Bliley Act).
Types of personal information that we collect. In the past 12 months, we have collected and disclosed to third parties for our legitimate business purposes, the following categories of personal information relating to California residents (please refer to section “Types and Purposes of Personal Data” for more detailed information):
- Identifiers and any categories of personal information described in subdivision (e) of section 1798.80:
- Registration of your user account: your first name, last name, phone number and email address;
- Update of your user account: company name, address, VAT/EIN number, and billing address;
- Adding your card to your user account: full name, address, credit card number, expiration date, security code, and billing address;
- Payment processing: your PayPal details (if you pay by PayPal) or your name, credit card number, expiration date, security code, and billing address (if you pay by a credit card);
- Subscription for a newsletter: your email address;
- Subscription to our blog: your email address;
- Commenting on our blog posts: your name, email address, password, your social media details made available to us (if you comment by using your social media login), and any information that you decide to provide in your message;
- Email enquiries: your name, email address, and any information that you decide to include in your message;
- Live chat: any personal data that you decide to provide us (if any);
- Browsing Emailable: your IP address, device’s fingerprint and cookies; and
- Submitting an email address for verification: an email address.
- Characteristics of protected classifications under California or federal law: none.
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies: none.
- Biometric information: none.
- Internet or other electronic network activity information: cookie-related data and analytics data.
- Geolocation data: IP address only.
- Audio, electronic, visual, thermal, olfactory, or similar information: none.
- Professional or employment- related information: none.
- Education information: none.
- Inferences drawn from other personal information: none.
The categories of sources from whom we collect your personal information. We obtain your personal data from the following categories of sources:
- Directly from you. For example, if you submit certain personal data directly to us when registering on Emailable, completing the necessary forms, or contacting us.
- Directly or indirectly through your activity on Emailable. When you use Emailable, we automatically collect technical information about your use of Emailable.
- From third parties. We may receive information about your from third parties (for example, social media platforms) to whom you have previously provided your personal data, if those third parties have a lawful basis for disclosing your personal data to us.
The categories of third parties to whom we disclose your personal information. If necessary for our legitimate business purposes, we disclose the relevant personal information to the following third parties (please refer to section “Disclosing Personal Data to Others” for more information):
- Our hosting service providers Amazon Web Services (https://aws.amazon.com) and OVH Cloud (https://www.ovh.com) located in the United States, Canada, France, and Germany;
- Our technical support, and marketing service provider Crisp (https://www.crisp.chat) located in France;
- Our newsletter service provider Campaign Monitor (https://www.campaignmonitor.com/) located in Australia.
- Our transactional email service provider Postmark (https://postmarkapp.com) located in the United States;
- Our payment service providers PayPal (https://www.paypal.com) and Stripe (https://stripe.com) located in the United States;
- Our analytics service providers Google Analytics (https://analytics.google.com) and MixPanel (https://mixpanel.com) located in the United States and Hotjar (https://www.hotjar.com) located in Malta; and
- Our independent contractors and consultants, as necessary for maintaining Emailable and supporting our business activities.
Use of personal information. In the past 12 months, we have used your personal information for the following purposes (please refer to section 2.1 for more information):
- Registering, verifying and maintaining your user account;
- Providing you with the requested services;
- Processing payments;
- Performing our contractual obligations;
- Maintaining and improving Emailable;
- Conducting research about Emailable and our business activities;
- Replying to your enquiries;
- Maintaining our business records;
- Conducting audits;
- Developing new services;
- Ensuring security of Emailable;
- Preventing fraud;
- Showing you relevant advertising; and
- Complying with the applicable laws.
Sale of personal information. In the past 12 months, we have not sold your personal information. The term ‘sold’ refers to the disclosure of your personal information to a third-party for monetary or other valuable consideration.
Your rights regarding your personal information. As a California resident, you have certain rights granted by the CCPA with regard to your personal information. Such rights are:
- To receive information about, within the last 12 months:
- The categories of personal information that we collected from you;
- The categories of sources from which we collected your personal information;
- The purposes for which we collected your personal information;
- The categories of third parties to which your personal information was disclosed and the personal information that was disclosed; and
- The specific pieces of personal information that we collected about you;
- To request us to delete your personal information that we hold about you, unless there is an exception under the CCPA; and
- Remain free from unlawful discrimination for exercising your rights.
Authorised agent. You can exercise your rights through an authorised agent. To do so, you will need to (i) provide us with a copy of your written permission for the authorised agent to act on your behalf; and (ii) verify your identity with us. Alternatively, you can (i) provide your authorised agent with a power of attorney under the California Probate Code sections 4000 to 4465 and (ii) submit a copy of the power of attorney to us.
Declining your requests. In some instances, we may not honour your request. Such instances include: (i) the failure to verify your identity; (ii) if you do not have authority to exercise the rights on behalf of another person; (iii) if there is an exception under the CCPA; or (iv) where the personal information that we hold about you is not subject to the CCPA.
Filing a formal complaint. If you are not satisfied with our response to your request, you have the right to file a formal complaint with the Attorney General’s Office (see https://oag.ca.gov/contact/consumer-complaint-against-business-or-company for more information).
Term, Termination, and Amendments
Please feel free to contact us if you have any questions about this Policy. Our contact details are specified below.
Email address: firstname.lastname@example.org
Postal address: EMAILABLE LLC, 44 Bethpage Road, Suite 1, Hicksville, NY 11801, United States