Privacy Notice

We at 1992379 Ontario Inc. d.b.a. Mailfloss (“Mailfloss”, “us”, “our”, or “we”) are strongly committed to transparency, and we want you (“you” or “your”) to understand how we collect, use, share and protect your personal information, as well as how you can manage the personal information we collect. This Privacy Notice applies to your interactions with us or your use of our websites (https://mailfloss.com and https://app.mailfloss.com), products, services, apps, or features, either online or offline (collectively, our “Services”). Please see Section 12 for the contact details of our data protection officer for the purposes of EU and UK privacy laws.

By using our Services, you acknowledge the terms of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, please do not use our Services. If you do not understand, or if you have questions about, this Privacy Notice, please contact us before using, or continuing to use, our Services.

We reserve the right to change our Privacy Notice from time to time by posting the changes here. If we choose to amend this Privacy Notice, we will revise the Last Updated date at the top of this Privacy Notice when we post the updated version. We may also provide you with notice by prominently posting on our website, via email or both, if we make any significant changes to this Privacy Notice. Your use of our Services after we have informed you in one of these ways that we made changes to our Privacy Notice will mean that you have accepted those changes.

1. TYPES OF INFORMATION WE COLLECT

We collect two basic types of information from you when you provide it to us or when you use or interact with our Services: personal information and non-personal information.

Personal information includes all information that relates to you or which are opinions about you personally and either identifies or may be used to identify you personally (collectively, “personal information”). We may collect the following types of personal information from you depending upon the device you are using and how you interact with us or use or interact with our Services, such as your:

Contact Information. Name, mailing address, email address, phone number, and other contact information.

Device Information. IP address, browser type and version, browser plug-in types and versions, operating system and platform, device type and device identifiers.

Financial Information. Credit and debit card numbers and other financial information necessary to receive payment for Services purchased.

Account Information. If you create an account, we may store and use your name, email address, zip or postal code, title, industry category, and other personal information you may provide with your account. You can modify some of the personal information associated with your account. If you believe that someone has created an unauthorized account, you can request its removal.

Email List Information. When you use our Services, we collect the list of email addresses from you in order to verify the validity of these email addresses. In providing our Services, we only verify the validity of email addresses and do not have access to any emails sent to or received from the email address we verify.

To see all of the categories of personal information we collect, click here.

Non-personal information includes information that does not personally identify you or information that has been anonymized (collectively, “non-personal information”). When we combine non-personal information with personal information, we treat the combined information as personal information.

You can always refuse to provide your personal information, but please note that some personal information is necessary to provide our Services.

2. HOW WE COLLECT PERSONAL INFORMATION

We need to collect personal information from you in order to provide you with our Services, as well as to improve your experience. You may provide us with personal information in several ways, including, for example when you:

• Visit our website or use our Services;
• Register for an account;
• Correspond with us in any way;
• Sign up to receive our newsletter or promotional information;

Ask for customer service, support, or other assistance; or

Interact with us in any other way, online or offline, including through our Services.

Cookies

Like many websites and apps, we use “cookies”, which are small text files that are stored on your computer or equipment when you visit certain online pages that record your preferences and actions, including how you use the website. We use this information for analytics purposes which allows us to improve your browsing experience. The information we collect through these technologies will also be used to manage your session. Out of these cookies, the cookies that are categorised as “necessary” are stored on your browser as they are essential for the working of basic functionalities of the website. These necessary cookies cannot be disabled.

For more information about cookies and how we use them, please see our Cookie Notice.

Cookie Opt-out. You can set your browser or device to refuse all cookies or to indicate when a cookie is being sent. If you delete your cookies, if you opt-out from cookies, or if you set your browser or device to decline these technologies, some Services may not function properly. Our Services do not currently change the way they operate upon detection of a Do Not Track or similar signal.

Online Analytics

We also use various types of online analytics including Google Analytics, a web analytics service provided by Google, Inc. (“Google”), on our website. These online analytics services, like Google Analytics, use cookies or other tracking technologies to help us analyze how users interact with and use the website, compile reports on the related activities, and provide other services related to website and app activity and usage. The technologies used by these services like Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or app. In particular, the information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt-out of tracking of analytics by Google click here.

Offline Interactions and Other Sources

We also may collect personal information from other sources, such as our partners or third party service providers, or from our offline interactions with you for the purposes listed in the How We Use Personal Information section below, including to enable us to verify or update information contained in our records and to better customize the Services for you.

3. HOW WE USE PERSONAL INFORMATION

We may use personal information to do any or all of the following:

• provide you with our Services;
• facilitate your interactions and transactions with us;
• respond to your requests, communications, suggestions, comments, inquiries, and requests (including your feedback about our Services);
• administer our relationship with you, including creating and managing your account;
• maintain and improve our Services;
• measure the performance of our Services;
• develop new products, features, and services;
• better understand the preferences of our customers;
• provide personalized Services, including content and ads;
• provide you with, and improve, relevant marketing offers or information from us or relevant third parties;
• respond to legally binding requests from law enforcement, regulatory authorities, or other third parties;
• defend, protect or enforce our rights or applicable terms of service or to fulfill our legal or contractual obligations;
• to prevent fraud or the recurrence of fraud;
• assist in the event of an emergency;
• comply with applicable law; or
• any other purpose with your consent.

We may also combine your personal information collected through various sources, including information collected through our Services, and develop a customer profile that will be used for the purposes above.

Except as otherwise permitted or required by applicable law, we only retain personal information for as long as we need to use the information for the purposes listed above, including, for legal, regulatory, backup, archival, accounting, and/or audit purposes.

We may use personal information to create non-personal information. We may use non-personal information for any legitimate business purpose.

4. WHY WE USE PERSONAL INFORMATION

We may use personal information for a number of reasons:

• to fulfill our contractual obligations to you, including to provide our Services to you;
• the applicable individual has given consent for a particular purpose (for example, where an individual has given us consent to send them marketing information);
• when using the information is necessary for our legitimate interests or those of a third party, provided we have balanced these interests against the individual’s rights and interests; and
• in order to comply with a legal obligation (for example, responding to government or law enforcement information requests).

Our legitimate interests for using personal information are:

• to effectively administer and manage our business;
• to ensure effective administration and management of the individual’s relationship with us, including providing our Services;
• to understand how our customers use our Services and to manage our Services;
• to carry out research and analysis on what Services or products our customers want or how they would like us to improve our Services and products;
• to understand how our customers use our Services and identify any issues in how the Services are used and how we can improve the customer’s usage experience;
• to tell our customers about the various products and Services we can offer;
• to understand and respond to inquiries and feedback;
• to better tailor and personalize the promotions and benefits that we can offer to our customers;
• to ensure our systems and premises are secure;
• to develop relationships with business partners;
• to ensure debts are paid;
• to operate suppressors to exclude you from direct marketing if you unsubscribe;
• to share data in connection with acquisitions and transfers of our business;
• to manage our supply chain;
• to prevent, detect, or investigate unauthorized use of our Services and ensure we comply with the law and our policies; and
• to manage any dispute and accidents and take legal or other professional advice.

5. HOW WE SHARE PERSONAL INFORMATION

We do not sell or rent personal information.

We may share personal information with our third party service providers, suppliers, vendors, professional advisors and business partners, which may include IT service providers, financial institutions and payment providers, customer relationship management vendors, other cloud-based solutions providers, lawyers, accountants, auditors and other professional advisors. We contract with such vendors and advisers to ensure that they only process your personal information under our instructions and ensure the security and confidentiality of your personal information. We share personal information with these third parties to help us:

• with the uses described in the How We Use Information section above;
• in the operation, management, improvement, research and analysis of our Services;
• with our marketing and promotional projects, such as sending you information about products and services you may like and other promotions (provided you have not unsubscribed from receiving such marketing and promotional information from us); and
• comply with your directions or any consent you have provided us.

We may share personal information with law enforcement and regulatory authorities or other third parties as required or permitted by law for the purpose of:

• responding to a subpoena, court order, or other legal processes;
• defending, protecting, or enforcing our rights;
• assisting in the event of an emergency; and
• complying with applicable law.

In accordance with applicable law, we may also transfer or assign personal information to third parties as a result of, or in connection with, a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganization, or liquidation. If we are involved in defending a legal claim, we may disclose personal information about you that is relevant to the claim to third parties as a result of, or in connection with, the associated legal proceedings.

To see all of the categories of personal information we share, click here.

We share non-personal information with third parties as reasonably necessary to meet our business needs.

6. HOW WE PROTECT PERSONAL INFORMATION

We are dedicated to ensuring the security of your personal information and have a number of safeguards in place to help protect your personal information. For example:

We use safe protocols for communication and transferring data (such as HTTPS).

We anonymize and pseudonymize information where suitable.

We use strict firewalls where suitable.

We update our network with critical security patches when necessary.

We monitor our systems for possible vulnerabilities and attacks and use encryption where suitable.

The following methods used to collect personal information, like file upload, API, and integration, are done via secure protocols.

Our employees are provided strict access to personal information on a need-to-know basis.

Our security procedures mean that we may occasionally request proof of identity before we disclose your personal information to you. We try our best to safeguard personal information once we receive it, but please understand that no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. If you suspect an unauthorized use or security breach of your personal information, please contact us immediately.

7. DATA TRANSFERS

We are a global business. As such, information we collect may be transferred to, stored, and processed in any country or territory where one or more of our business partners or service providers are based or have facilities which may be a different to your home country. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws that country. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal information that we transfer in line with this Privacy Notice requiring that our business partners or service providers adhere to this Privacy Notice and the applicable privacy regulations in your home country.

8. CHILDREN’S PRIVACY

Our Services are not for children or those under the age of 16. We do not knowingly collect personal information from children or other persons who are under 16 years of age. Individuals who are children or those under the age of 16 should not attempt to provide us with any personal information. If you think we have received personal information from children or those under the age of 16, please contact us immediately.

9. YOUR CALIFORNIA PRIVACY RIGHTS

We do not share personal information with third parties for their own direct marketing purposes without your consent. California residents under 18 years old, in certain circumstances, may request and obtain removal of personal information or content that you have posted on our Services. Please be mindful that this would not ensure complete removal of the content posted by you on our Services. To make any request pursuant to California privacy law, please contact us.

10. YOUR CHOICES

If you are a resident of the United States, we offer you the following choices in connection with our Services.

Access to your personal information

You have the right to request access to the personal information that we collect, use, and disclose about you. You also have the right to not receive discriminatory treatment for exercising your access right. To submit a request or designate an authorized agent to make a request, please contact us using the information below.

Deleting your personal information

You have the right to request that we delete your personal information, subject to some exceptions under applicable law. Once we have received and confirmed your request, we will delete (and direct our partners and service providers to delete) your personal information, unless an exception under applicable law applies. You have the right to not receive discriminatory treatment for exercising your deletion right. To submit a request or designate an authorized agent to make a request, please contact us using the information below.

Updating your personal information

The accuracy of the personal information we have about you is very important. To submit a request to update or correct your information or designate an authorized agent to make such a request, please contact us using the information below.

Email Communications / Direct Marketing

You may have the opportunity to receive certain communications from us related to our Services. If you provide us with your email address in order to receive communications, you can opt-out of marketing emails at any time by following the instructions at the bottom of our emails and adjusting your email preferences. Please note that certain emails may be necessary for the operation of our Services. You will continue to receive these necessary emails, if lawful and appropriate, even if you unsubscribe from our optional marketing communications.

Cookies / Beacons

If you wish to minimize information collected by cookies or beacons, you can adjust the settings of your device or browser. You can also set your device or browser to automatically reject any cookies. You may also be able to install plug-ins and add-ins that serve similar functions. However, please be aware that some Services may not work properly if you reject cookies. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests. For more information about how our Services use cookies, please see our Cookie Notice.

Network Advertising Initiative

Certain websites you visit may provide options regarding advertisements you receive. If you wish to minimize the amount of targeted advertising you receive, you can opt-out of certain network advertising programs through the Network Advertising Initiative (NAI) Opt-Out Page or through the Digital Advertising Alliance Opt-Out Tool. Please note that even if you choose to remove your personal information (opt-out) you will still see advertisements while you’re browsing online. However, the advertisements you see may be less relevant to you. For more information or to opt-out of certain online behavioral advertising, please visit http://www.aboutads.info.

Additionally, many advertising network programs allow you to view and manage the interest categories that they have compiled from your online browsing activities. These interest categories help determine the types of targeted advertisements you may receive. The NAI Opt-Out Page provides a tool that identifies its member companies that have cookies on your browser and provides links to those companies.

Do Not Track

Some devices and browsers support a “Do Not Track” (or, DNT) feature, a privacy preference that you can set in certain browsers, which is intended to be a signal to websites and services that you do not wish to be tracked across different websites or online services you visit.

Please note that we cannot control how third party websites or online services you visit through our website respond to Do Not Track signals. Check the privacy policies of those third parties for information on their privacy practices. Our Services do not currently change the way they operate upon detection of a Do Not Track or similar signal.

11. THIRD PARTY WEBSITES AND APPS

Our website and Services may contain links to other websites or apps operated by third parties. Please be advised that the practices described in this Privacy Notice do not apply to information gathered through these third party websites and apps. We have no control over, and are not responsible for, the actions and privacy policies of third parties and other websites and apps.

12. EUROPE / UNITED KINGDOM / CANADA

This section only applies if you are a resident of a member state of the European Union (EU), the United Kingdom, the European Economic Area (EEA), or Canada.

If you have questions or concerns regarding the use of your personal information, please contact us.

International Transfers

The personal information we collect from you may be transferred to and stored by our group companies, or IT vendors and other service providers (as specified in How We Share Personal Information above) who operate on our behalf. We also transfer information to a number of providers of business applications – such as CRM and marketing applications – as well marketing service providers. These providers are primarily located in the United States, but may also be located in other jurisdictions.

In certain cases, there may not be an adequacy decision by the European Commission and/or United Kingdom authorities in respect of those countries. Adequacy of data protection is instead ensured by Standard Contractual Clauses approved by the European Commission in accordance with Article 46(2)(c) of the General Data Protection Regulation, or any equivalent clauses approved by the authorities in the United Kingdom including any additional safeguards as required by EU / UK data protection laws that we have in place with that third party. A copy may be requested by contacting our Data Protection Officer.

Data Retention

We retain your personal information for as long as necessary for the purpose(s) for which it was initially collected. The criteria we use to determine the retention period is as follows:

• whether there are contractual or legal obligations that exist which require us to retain the information for a period of time;
• whether there is an ongoing legal claim that relates to any business (or otherwise) relationship you have with us, or that is otherwise related to your relationship with us; and
• whether any applicable law, statute, or regulation allows for a specific retention period.

Your Privacy Rights

You may have – in accordance with applicable data protection laws – the following rights when it comes to our handling of your personal information. Please note that many of these rights are not absolute, and we may have grounds for refusing to comply with your request to exercise them (for example, where we are (a) required or permitted by law to process your personal data in a way that is incompatible with your request, or (b) able to rely on exemptions under data protection law which entitle us to process your personal data in a way that is incompatible with your request). Where such circumstances apply, we will inform you of this at the time you make a request to exercise your rights.

• Right of access – you may have the right to request a copy of the personal information we have about you and to request supporting information explaining how the personal information is used;
• Right of rectification – you may have the right to request that we rectify inaccurate personal information about you;
• Right of erasure – you may have the right to request that we erase personal information about you;
• Right to restrict processing – in some situations, you may have the right to request that we do not use the personal information you have provided (for example, if you believe it to be inaccurate);
• Right to data portability – you may have the right to receive your personal information in a structured, commonly used and machine-readable format and to transmit such information to another controller;
• Right to contest automated decisions – you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered;

Right to withdraw consent – where we process your personal information based on consent (including direct marketing consents), you have the right to withdraw consent at any time. However, this will not affect the lawfulness of the processing based on consent before its withdrawal. Furthermore, even in case of a withdrawal we may continue to use your personal information as permitted or required by law; and

Right to object – where we are processing your personal information based on a legitimate interest (or those of a third party) you may challenge this. However, we may be entitled to continue processing your personal information where we can demonstrate that we have compelling legitimate grounds to process your information (which override your rights and freedoms), or where continuing to process your personal information is relevant to the establishment, exercise or defence of legal claims. You also have the right to object where we are processing your personal information for direct marketing purposes.

If you would like to exercise any of these rights or in case you should have any concerns about how we process your personal information, please contact us using the information below.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information, or access someone else’s personal information on their behalf (or to exercise any of the other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated. Should we be unable to comply with your request, we will provide an explanation.

Data Protection Officer Contact Information

You may contact our Data Protection Officer with any issues or questions you have regarding our processing of personal information.

EMAIL – [email protected]

POSTAL ADDRESS – 17-7000 McLeod Road Suite # 309, Niagara Falls, ON, Canada, L2G7K3

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (Tel: 0303 123 1113 or at www.ico.org.uk). Alternatively, you can also make a complaint to the supervisory authority in the Member State of the EU or EEA in which you are resident. We would however appreciate the chance to deal with your concerns before you approach the ICO or a supervisory authority, so please contact us in the first instance.

13. CONTACT US

We welcome requests, questions, comments, and feedback on this Privacy Notice and our management of personal information. If you have requests, questions, concerns, or feedback, you can always contact us in the following ways. For your protection, we may need to verify your identity before assisting with your request, such as verifying that the information used to contact us matches the information that we have on file.

Email

• [email protected]

California Privacy Law Appendix

This appendix seeks to provide additional information to residents of California and supplements the information provided in the Privacy Notice above.

To learn more about the categories of personal information we collect, how we collect it, why it is collected, with whom we share the information, and how long we retain it, please see the chart below.

Category

What we collect

How we collect it

Why we collect it

With whom we share it

How long we retain it

Identifiers

Name, mailing address, email address, phone number, and other contact information.

For more information please see the Types of Information We Collect section above.

Collected online or offline when you directly provide it to us, through your use of our Services, or from third parties.

We collect this information for the purposes listed in the How We Use Information section above.

Shared with our affiliates, partners, vendors, and service providers as described in the How We Share Information section above.

We retain information for as long as necessary for the purpose for which it was initially collected, including the purposes listed in the How We Use Information section above

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, mailing address, email address, phone number, and contact information.

For more information please see the Types of Information We Collect section above.

Collected online or offline when you directly provide it to us, through your use of our Services, or from third parties.

We collect this information for the purposes listed in the How We Use Information section above.

Shared with our affiliates, partners, vendors, and service providers as described in the How We Share Information section above.

We retain information for as long as necessary for the purpose for which it was initially collected, including the purposes listed in the How We Use Information section above

Protected classification characteristics under California or federal law

Not collected.

N/A

N/A

N/A

N/A

Commercial information

Transactional information such as the products or services purchased.

For more information please see the Types of Information We Collect section above.

Collected online or offline when you directly provide it to us, through your use of our Services, or from third parties.

We collect this information for the purposes listed in the How We Use Information section above.

Shared with our affiliates, partners, vendors, and service providers as described in the How We Share Information section above.

We retain information for as long as necessary for the purpose for which it was initially collected, including the purposes listed in the How We Use Information section above

Biometric information

Not collected.

N/A

N/A

N/A

N/A

Internet or other similar network activity

IP address, browser type and version, browser plug-in types and versions, operating system and platform, device type and device identifiers

For more information please see the Types of Information We Collect section above.

Collected online when you directly provide it to us, through your use of our Services, or from third parties.

We collect this information for the purposes listed in the How We Use Information section above.

Shared with our affiliates, partners, vendors, and service providers as described in the How We Share Information section above.

We retain information for as long as necessary for the purpose for which it was initially collected, including the purposes listed in the How We Use Information section above

Geolocation data

Not collected.

N/A

N/A

N/A

N/A

Sensory data

Not collected.

N/A

N/A

N/A

N/A

Professional or employment-related information

Title and industry category.

Collected online or offline when you directly provide it to us, through your use of our Services, or from third parties.

We collect this information for the purposes listed in the How We Use Information section above.

Shared with our affiliates, partners, vendors, and service providers as described in the How We Share Information section above.

We retain information for as long as necessary for the purpose for which it was initially collected, including the purposes listed in the How We Use Information section above

Non-public education information

Not collected.

N/A

N/A

N/A

N/A

Inferences drawn from other personal information

Information generated from your use of our Services reflecting your preferences

Collected online or offline when you directly provide it to us, through your use of our Services, or from third parties.

We collect this information for the purposes listed in the How We Use Information section above.

Shared with our affiliates, partners, vendors, and service providers as described in the How We Share Information section above.

We retain information for as long as necessary for the purpose for which it was initially collected, including the purposes listed in the How We Use Information section above

Sensitive personal information

Not collected

N/A

N/A

N/A

N/A