Privacy Policy

In this privacy policy, we will explain how we handle your personal data, what options you have with regard to your personal data, how we comply with the EU-U.S Data Privacy Framework (DPF) Principles and the CCPA. Please read this Privacy Policy carefully.

Introduction

In this section, we provide you with general information about us, our data processing practices, and this privacy policy.

Applicability of the Privacy Policy: This privacy policy (the “Privacy Policy”) governs the processing of personal data submitted by individual users and business entities (the “user”, “you” and “your”) through the website https://emailable.com (the “Website”) and the related services (collectively, “Emailable”). This Privacy Policy does not apply to any third-party websites, products and services.

About Emailable: Emailable is an online service that allows users to determine the legitimacy and authenticity of email addresses.

Responsible entity (data controller): The entity that is responsible for the processing of personal data through Emailable is EMAILABLE LLC having a registered business address at 223 Wall St, Huntington, NY 11743, United States, and a business registration number EIN 85-4358960 (“we”, “us”, and “our”).

Applicable laws: We process personal data in accordance with applicable data protection laws, including, but not limited to the Florida Information Protection Act 2014 and the EU General Data Protection Regulation (the “GDPR”). We also adhere to the EU-U.S Data Privacy Framework (DPF) Principles as explained in the section “EU-US and Swiss-US EU-U.S Data Privacy Framework (DPF) Policy”.

Our role as a data controller and a data processor: When handling personal data, we act as a data controller and a data processor in terms of the GDPR. Our role depends on the specific situation involving personal data:

• We act in the capacity of a data controller when we ask you to submit your personal data that is necessary to ensure your access and use of Emailable (e.g., when you register your user account, browse Emailable, or communicate with us). In such instances, we are a data controller because we determine the purposes and means of the processing of personal data. We comply with data controllers’ obligations set forth in the GDPR.

• We act in the capacity of a data processor in situations when you submit email addresses through Emailable for verification purposes. We do not own, control, or make decisions about the submitted email addresses and such email addresses are processed only in accordance with your instructions. In such instances, the user providing email addresses acts as a data controller in terms of the GDPR. When we act in the capacity of a data processor, we comply with data processors’ obligations set forth in the GDPR. In order to ensure that personal data is processed in accordance with the strictest data protection standards, we offer a data processing agreement which is incorporated by reference into our terms of use and available for consultation at https://emailable.com/data-processing-agreement.

Cookies: We use cookies on Emailable. For more information on the types and purposes of cookies used by us, please refer to our cookie policy available at https://emailable.com/cookie-policy.

Your consent to the Privacy Policy: Your use of Emailable is subject to this Privacy Policy. We encourage you to regularly review this Privacy Policy, especially before submitting any personal data through Emailable. We rely on lawful bases for the processing of your personal data that do not require us to obtain your consent to this Privacy Policy. However, in some exceptional cases, we may seek to obtain your consent for particular purposes, for example:

• If we are required by law to do so;
• If we intend to collect other types of personal data that are not mentioned in this Privacy Policy and we cannot rely on other lawful bases;
• If we intend to use your personal data for the purposes that are not indicated in this Privacy Policy;
• If we would like to disclose or transfer your personal data to third parties that cannot guarantee an adequate level of protection; or
• If we significantly amend this Privacy Policy.

Types and Purposes of Personal Data

In this section, we set out:

• The types of personal data that we process;
• The purposes for which we process personal data; and
• The lawful bases on which we rely when processing personal data.

We comply with data minimization principles and process only a minimal amount of personal data that is necessary to ensure your proper use of Emailable. We process personal data only for specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we use personal data only for the purposes of enabling you to use the full functionality of Emailable, processing your orders, performing our contractual obligations, maintaining and improving the Checker, conducting research about our business activities, administrative purposes, and replying to your enquiries. The types and purposes of personal data that we process and the lawful bases on which we rely are provided in the table below.

Payment processing: Financial transactions relating to Emailable are handled by our payment services providers, Stripe and PayPal (collectively, the “Payment Processors”). We will share transaction data with the Payment Processors only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. Please note that the Payment Processors may collect some personal data from you, which allows them to process your payments (e.g., your email address, address, credit card details, and bank account number). The Payment Processors handle all the steps in the payment process through their systems, including data collection and data processing. We do not store your payment details in our systems, unless it is necessary for accounting and administrative purposes. You can find information about the Payment Processors’ privacy policies and practices at https://stripe.com/gb/privacy and https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Additional data: We may receive certain additional data when you participate in a focus group, contest, activity or event, request support, interact with our social media accounts, submit your feedback and reviews, or otherwise communicate with us. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us. We kindly request you to exercise your due diligence when making your personal data publicly available. We will use such personal data to reply to you, providing you with the requested services, or for pursuing our legitimate business interests (i.e., to analyze and improve our business).

Personal data obtained from third parties: When using Emailable, you can choose to permit or restrict services, functionalities, and integrations provided by third parties, including, but not limited to, third-party payment gateways, social media service providers, and comment service provider Disqus (collectively, the “Third-Party Services”). Once enabled, the providers of the Third-Party Services may share certain information with us, subject to the privacy policy of the Third-Party Services. You are strongly encouraged to check carefully the privacy settings and notices of the Third-Party Services to understand what information may be disclosed to us.

Sensitive data: We do not intentionally collect special categories of personal data, such as opinions about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about sexual orientation.

Failure to provide personal data: If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of Emailable, make payments, receive the requested services, or get our response.

Non-Personal Data

In this section, we explain what technical data we collect about your use of Emailable and for what purposes we use it.

Types of non-personal data: When you use Emailable, we may process technical non-personal data about your use of Emailable (the “Usage Data”). The Usage Data may include your geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of Emailable. The source of the usage data is our analytics tracking system.

Purposes of non-personal data: The Usage Data may be processed for the purposes of analyzing your use of Emailable and to avoid users misusing our services. More particularly, we use the Usage Data to:

• Analyze what kind of users visit and use Emailable;
• Identify the channels through which Emailable is accessed and used;
• Examine the relevance, popularity, and engagement rate of the content available on Emailable;
• Identify and fix errors;
• Investigate and help prevent security issues and abuse;
• Develop and provide additional features to Emailable; and
• Personalize Emailable for your specific needs.

Aggregated data: If your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.

Feedback: If you contact us, we may keep records of any questions, complaints or compliments made by you and the response. Where possible, we will de-identify your personal data. Please note that de-identified personal data is considered to be non-personal data.

Disclosure of non-personal data: We may disclose non-personal data and de-identified data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving Emailable, responding to lawful requests from public authorities or developing new products and services.

Retention of non-personal data: We may retain non-personal data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping non-personal data for the period that is necessary to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

Disclosing Personal Data to Others

In this section, we explain in what situations we disclose your personal data to third parties and list the recipients of your personal data.

Purposes of disclosure: We may disclose your personal data to our suppliers or subcontractors (data processors), if it is necessary to ensure the proper functioning of Emailable and provide you with the requested services. The disclosure of your personal data is limited to the situations when such data is required for the following purposes:

• Ensuring the operation of Emailable;
• Ensuring the delivery of the services requested by you;
• Providing you with the requested information;
• Pursuing our legitimate business interests;
• Enforcing our rights, preventing fraud, and security purposes;
• Carrying out our contractual obligations;
• Law enforcement purposes; or
• If you provide your prior consent to such a disclosure.

Our group of companies and successors: We may disclose your personal data to any member of our group of companies (which means our subsidiaries, our ultimate holding company, and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the lawful bases, set out in this Privacy Policy. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in-line with this Privacy Policy.

List of data processors: We may share certain types of your personal and non-personal data with entities that provide certain technical support services to us, such as hosting, web analytics, payment processing, advertising, and email distribution services, or if you explicitly request us to disclose the personal data. The table below provides an overview of the third parties that may access your personal data.

Compliance with legal obligations: In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

International Transfers of Personal Data

In this section, we explain how we make international transfers of personal data and what measures we take to ensure an adequate level of protection.

We and some of our data processors listed in section “Disclosing Personal Data to Others” are located outside the European Economic Area (the “EEA”) and, if you reside in the EEA, we may need to transfer your personal data to jurisdictions outside the EEA. Likewise, if you reside in the US, we may need to transfer your personal data to other jurisdictions, including the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data (e.g., the country in which the recipient is located is white-listed by the European Commission or the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the standard contractual clauses provided by the European Commission).

The Data Privacy Framework (DPF) program

In this section, you can find information on our compliance with the principles of the EU-U.S Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) with regard to personal data transferred between the US, the EU, the UK (including Gibraltar) and Switzerland.

Our commitment: Our transfers of personal data between the US, the EU, UK, and Switzerland are conducted in strict compliance with the Data Privacy Framework (DPF) set forth by the US Department of Commerce regarding the collection, use, protection, and retention of personal data from users located in the Member States of the European Union, the United Kingdom (UK, including Gibraltar) and Switzerland (“EU-U.S Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF)”). We have self-certified that we adhere to the Data Privacy Framework (DPF) Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability.

More information about the EU-U.S Data Privacy Framework (DPF): For more information on the EU-U.S Data Privacy (DPF) Framework, please visit https://www.dataprivacyframework.gov/. You can easily check our EU-U.S Data Privacy (EU-U.S. DPF) status by visiting the website of the US Department of Commerce available at https://www.dataprivacyframework.gov/list.

Data Privacy Framework (DPF) Principles: We comply with the Data Privacy Framework (DPF) Principles (the “Principles”) as described below. If there is any conflict between this Privacy Policy and the DPF Principles, the DPF Principles shall prevail.

1. Notice: In this Privacy Policy, we notify individuals whose personal data is obtained from the EU, the UK or Switzerland about our data protection practices, including (i) the types of personal data that we collect, (ii) the purposes for which we collect and use personal data, (iii) the types of third parties to which we disclose personal data and the purposes for which we do so, (iv) an opportunity to access personal data, (v) the choices and means that we offer for limiting our use and disclosure of personal data, (vi) how our obligations under the Data Privacy Frameworks (DPF) are enforced, and (vii) how you can contact us with any inquiries or complaints.

2. Emailable complies with the Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Emailable has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the UK in reliance on the EU-U.S. DPF and the EU Extension to the EU-U.S. DPF, respectively. Emailable has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

3. Choice: You have an opportunity to choose (opt out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. You can do so by contacting us at hello@emailable.com. Please note that, in certain situations (e.g., when a disclosure is made to a third party that is acting as an agent to perform task(s) on our behalf or under our instructions and we have entered into a contract with such party), it may not be possible to opt-out without impairing the services provided by us.

4. Accountability for onward transfer: When we act in the capacity of a data controller and transfer your personal data to a third party acting as our agent, we comply with the Principles of “notice” and “choice” described above. We also enter into a contract with the third-party controller that ensures that such data may only be processed for limited and specified purposes consistent with the consent provided by a data subject and that the recipient will provide the same level of protection as the Principles and, if this obligation is no longer met, a notification will be provided to us. The contract shall also provide that, when such a determination is made, the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate. When we transfer personal data to a third party acting as an agent (our data processor), we will ensure that the agent: (i) shall use personal data only for limited and specified purposes; (ii) is obligated to provide at least the same level of protection as it is required by the Principles; (iii) takes reasonable and appropriate steps to ensure that it effectively processes the personal data transferred in a manner consistent with our obligations under the Principles; (iv) is required to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; and (v) upon our notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing of personal data. We will also provide a summary or a representative copy of the relevant privacy provisions of the contract, upon request of a public authority.

   In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Emailable’s accountability for personal data that it receives in the United States under the Data Privacy Framework (DPF) Principles and subsequently transfers to a third party is described in the Data Privacy Framework (DPF) Principles.

   In particular, Emailable remains responsible and liable under the (DPF) Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless Emailable proves that it is not responsible for the event giving rise to the damage.

5. Security: We take reasonable and appropriate measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction. When ensuring such security, we take into due account the risks involved in the processing and the nature of the personal data. Our security measures are listed in the section “Security Measures”.
6. Data integrity and purpose limitation: We collect only a minimal amount of personal data that is relevant for the purposes of processing. We do not process personal data in a way that is incompatible with the purposes for which such personal data was collected or subsequently authorized by an individual. Moreover, we put reasonable efforts to ensure that personal data is reliable for its intended use, accurate, complete, and current. We adhere to the Principles for as long as we retain personal data.
7. Access: You have the right to access the personal data that we hold about you. Moreover, you are able to correct, amend, or delete that data where it is inaccurate, or has been processed in violation of the Principles. Your rights are described in detail in section “Your Rights”. Please note that this right cannot be exercised if the burden or expense of providing access to your personal data would be disproportionate to the risks to your privacy or where the rights of persons other than you would be violated. You can exercise your rights by contacting us at hello@emailable.com.

8. Recourse, enforcement, and liability: For the purposes of DPF compliance, Emailable is subject to the investigatory and enforcement authority of the US Federal Trade Commission (https://www.ftc.gov). In compliance with the DPF Principles, Emailable commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact Emailable by email at hello@emailable.com. If you have any inquiries or complaints regarding this Privacy Policy or the Principles, you should first contact us at hello@emailable.com and explain your concern. We will respond to your claim without undue delay (no later than 2 weeks).

   In compliance with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) Principles, Emailable commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact hello@emailable.com.

   Emailable has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

   If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

Retaining and Deleting Personal Data

This section sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations regarding storage of personal data.

Retention period: We will keep your personal data on our systems only: (i) as long as such personal data is required for the purposes described in this Privacy Policy; (ii) if we are obliged by law to store such data for a certain period of time; or (iii) until you request us to delete personal data - whichever comes first. After the personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately securely delete such personal data from our systems.

Retention as required by law: Please note that, in some cases, we may be obliged by law to store personal data for a certain period of time (e.g., if we have to keep our accounting records for the time period prescribed by law). In such cases, we will store personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.

Your Rights

In this section, we have summarized the rights that you have with regard to your personal data. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

The rights that you have: Your principal rights under the data protection law are:

• The right to access;
• The right to rectification;
• The right to erasure;
• The right to restrict processing;
• The right to object to processing;
• The right to data portability;
• The right to complain to a supervisory authority; and
• The right to withdraw consent.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Right to access: You have the right to confirm as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

Right to rectification: You have the right to have any inaccurate personal data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed.

Right to erasure: In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

Right to restrict processing: In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

Right to object processing: You have the right to object to our processing of your personal data on grounds relating to your particular situation, subject to exceptions provided by the applicable law. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

Right to data portability: To the extent that the legal basis for our processing of your personal data is (i) your consent or (ii) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

Right to withdraw consent: To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Right to launch a complaint: If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first at hello@emailable.com and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 2 weeks). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

Exercising your rights: You may exercise any of your rights in relation to your personal data by contacting us at hello@emailable.com. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we could locate you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks.

Requests submitted to a data processor: We act in the capacity of a data processor with regard to email addresses submitted by users for verification purposes. Such users act as data controllers with regard to the email addresses submitted by them. Therefore, we do not accommodate requests related to access, rectification, and deletion of personal data and other rights the owners of those email addresses may have. The persons that would like to exercise their rights with regard to the email addresses processed by us are requested to contact the respective data controller. In case we receive such requests directly from data subjects, we will not act and inform the respective user without undue delay so that the user could act accordingly.

Security Measures

Our security measures: We put our best efforts to keep your personal data safe and secure. We implement organizational and technical information security measures to protect your personal data from unauthorized access and disclosure, loss, and misuse. In order to ensure the security of your personal data, we kindly ask you to use Emailable through a secure network only. The security measures taken by us include:

• Secured networks;
• Encryptions,
• Strong passwords;
• Limited access to your personal data by our staff;
• Anonymization of personal data (when possible); and
• Choosing reliable certified data processors.

Handling security breaches: Although we put our best efforts to protect your personal data, given the nature of ICT and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a personal data breach occurs, we will immediately take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

Third-party links: Emailable may contain links to websites and services that are owned, operated and controlled by third-party service providers. We are not responsible for the privacy and security practices employed by such third parties. We encourage you to be aware when you leave Emailable and carefully read the privacy statements of each and every website or service that you access. We also advise you to carefully scan every link before clicking on it to ensure the link is not infected and free of any kind of virus or malware that can damage your operating system or device.

Children

We do not allow anyone younger than 18 years old to use Emailable. Thus, we do not knowingly and directly collect personal data of persons below the age of 18. If you learn that anyone younger than 18 has unlawfully provided us with personal data and you are a parent or legal guardian of that person, please contact us and we will take immediate steps to delete such personal data. To protect children’s privacy, we encourage parents and legal guardians to monitor their children’s Internet usage and instruct their children not to submit any personal data through Emailable.

Marketing and informational notices

After you subscribe for a newsletter, register a user account, or place an order, we will, from time to time, send you marketing messages, such as newsletters, brochures, promotions and advertisements, informing you about new available services or new features of Emailable. We will send such marketing communication only if:

• You provide your express (“opt-in”) consent to receive such marketing messages (your voluntary subscription to our newsletter constitutes such consent); or
• We would like to inform you about the services similar to the services already used by you.

Opting-out: You can opt-out from receiving marketing messages at any time free-of-charge by clicking on the “unsubscribe” link contained in any of the messages sent to you or by contacting us directly.

Informational notices: From time to time, we may send you informational notices, such as service-related, technical or administrative emails, information about your orders, Emailable, your privacy and security, and other important matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.

CCPA Disclosure

If you are based in the state of California (US), you are protected as a consumer by the California Consumer Privacy Act of 2018 (CCPA) with respect to your personal data (the CCPA uses the term ‘personal information’ which is equivalent to the term ‘personal data’ used in this Privacy Policy). In addition to the disclosures made in this Privacy Policy, we are hereby providing you with additional disclosures about our data processing practices and your consumer rights, as required by the CCPA and regulations of the California Attorney General (including §999.308).

What is personal information under the CCPA? Under the CCPA, the term ‘personal information’ refers to information that identifies, relates to, or could reasonably be linked directly or indirectly with a particular consumer or household based in California. The term does not cover certain types of personal information (e.g., information subject to the Gramm-Leach-Bliley Act).

Types of personal information that we collect: In the past 12 months, we have collected and disclosed to third parties for our legitimate business purposes, the following categories of personal information relating to California residents (please refer to section “Types and Purposes of Personal Data” for more detailed information):

1. Identifiers and any categories of personal information described in subdivision (e) of section 1798.80:
   • Registration of your user account: your first name, last name, phone number and email address;
   • Update of your user account: company name, address, VAT/EIN number, and billing address;
   • Adding your card to your user account: full name, address, credit card number, expiration date, security code, and billing address;
   • Payment processing: your PayPal details (if you pay by PayPal) or your name, credit card number, expiration date, security code, and billing address (if you pay by a credit card);
   • Subscription for a newsletter: your email address;
   • Subscription to our blog: your email address;
   • Commenting on our blog posts: your name, email address, password, your social media details made available to us (if you comment by using your social media login), and any information that you decide to provide in your message;
   • Email enquiries: your name, email address, and any information that you decide to include in your message;
   • Live chat: any personal data that you decide to provide us (if any);
   • Browsing Emailable: your IP address, device’s fingerprint and cookies; and
   • Submitting an email address for verification: an email address.
2. Characteristics of protected classifications under California or federal law: none.
3. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies: none.
4. Biometric information: none.
5. Internet or other electronic network activity information: cookie-related data and analytics data.
6. Geolocation data: IP address only.
7. Audio, electronic, visual, thermal, olfactory, or similar information: none.
8. Professional or employment- related information: none.
9. Education information: none.
10. Inferences drawn from other personal information: none.

The categories of sources from whom we collect your personal information: We obtain your personal data from the following categories of sources:

• Directly from you: For example, if you submit certain personal data directly to us when registering on Emailable, completing the necessary forms, or contacting us.
• Directly or indirectly through your activity on Emailable: When you use Emailable, we automatically collect technical information about your use of Emailable.
• From third parties: We may receive information about your from third parties (for example, social media platforms) to whom you have previously provided your personal data, if those third parties have a lawful basis for disclosing your personal data to us.

The categories of third parties to whom we disclose your personal information: If necessary for our legitimate business purposes, we disclose the relevant personal information to the following third parties (please refer to section “Disclosing Personal Data to Others” for more information):

• Our hosting service providers Amazon Web Services (https://aws.amazon.com) located in the United States;
• Our technical support, and marketing service provider Crisp (https://www.crisp.chat) located in France;
• Our newsletter service provider Campaign Monitor (https://www.campaignmonitor.com/) located in Australia.
• Our transactional email service provider Postmark (https://postmarkapp.com) located in the United States;
• Our payment service providers PayPal (https://www.paypal.com) and Stripe (https://stripe.com) located in the United States;
• Our analytics service providers Google Analytics (https://analytics.google.com); and
• Our independent contractors and consultants, as necessary for maintaining Emailable and supporting our business activities.

Use of personal information: In the past 12 months, we have used your personal information for the following purposes (please refer to section 2.1 for more information):

• Registering, verifying and maintaining your user account;
• Providing you with the requested services;
• Processing payments;
• Performing our contractual obligations;
• Maintaining and improving Emailable;
• Conducting research about Emailable and our business activities;
• Replying to your enquiries;
• Maintaining our business records;
• Conducting audits;
• Developing new services;
• Ensuring security of Emailable;
• Preventing fraud;
• Showing you relevant advertising; and
• Complying with the applicable laws.

Sale of personal information: In the past 12 months, we have not sold your personal information. The term ‘sold’ refers to the disclosure of your personal information to a third-party for monetary or other valuable consideration.

Your rights regarding your personal information: As a California resident, you have certain rights granted by the CCPA with regard to your personal information. Such rights are:

1. To receive information about, within the last 12 months:
   • The categories of personal information that we collected from you;
   • The categories of sources from which we collected your personal information;
   • The purposes for which we collected your personal information;
   • The categories of third parties to which your personal information was disclosed and the personal information that was disclosed; and
   • The specific pieces of personal information that we collected about you;
2. To request us to delete your personal information that we hold about you, unless there is an exception under the CCPA; and
3. Remain free from unlawful discrimination for exercising your rights.

Making requests under the CCPA: If you have not found sufficient information in this Privacy Policy, you can submit your requests for exercising your rights to us by email at hello@emailable.com with “CCPA request” in the subject line. We will reply to you as soon as possible but no later than 2 weeks. Please note that we may need to verify your identity by requesting you to submit certain identifying details. Alternatively, you can send us a letter by post to our postal address specified at the end of this Privacy Policy.

Authorised agent: You can exercise your rights through an authorised agent. To do so, you will need to (i) provide us with a copy of your written permission for the authorised agent to act on your behalf; and (ii) verify your identity with us. Alternatively, you can (i) provide your authorised agent with a power of attorney under the California Probate Code sections 4000 to 4465 and (ii) submit a copy of the power of attorney to us.

Declining your requests: In some instances, we may not honour your request. Such instances include: (i) the failure to verify your identity; (ii) if you do not have authority to exercise the rights on behalf of another person; (iii) if there is an exception under the CCPA; or (iv) where the personal information that we hold about you is not subject to the CCPA.

Filing a formal complaint: If you are not satisfied with our response to your request, you have the right to file a formal complaint with the Attorney General’s Office (see https://oag.ca.gov/contact/consumer-complaint-against-business-or-company for more information).

Term, Termination, and Amendments

Term and termination: This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.

Amendments: We may update this Privacy Policy from time to time by publishing a new version on the Website. You should check this page occasionally to ensure you are happy with any changes. We may notify you of any important changes by email or through the private messaging system. For significant material changes in the Privacy Policy or where required by applicable law, we may seek your consent.

Contact us

Please feel free to contact us if you have any questions about this Policy. Our contact details are specified below.

Email address: hello@emailable.com
Postal address: EMAILABLE LLC, 223 Wall St, Huntington, NY 11743, United States