Last Updated: May 24th, 2018
Who is this policy addressed to?
For the purpose of data protection legislation including the EU General Data Protection Regulation (‘GDPR’), the data controller of your personal data is Pepo, Inc. 3150 Porter Dr, 94304, Palo Alto, California, United States (Jurisdiction: Delaware, Company Number: 5943778, Incorporation Date: 21 January 2016).
Pepo, Inc. (“Pepo Campaigns”, “we”, “our” and “us”) provides its users (“Clients”) with a website and online platform to create, launch, and manage email campaigns (the “Services”) for end user customers (each, a “Subscriber” and, collectively, your “Subscribers”).
We are committed to protecting and respecting your privacy and keeping personal information secure.
This policy does not apply to the information collected by our Clients about Subscribers (“Subscriber Data”), including via our Services.
We process Subscriber Data in accordance with our agreements with Clients. We do not have any relationship with Contacts, and process information relating to them solely for the purposes of providing our service to our customers.
For more details about the privacy practices of our Clients, please refer to their respective privacy policies. If you are a Subscriber of one of our Clients and would no longer like to be contacted by our Client, please contact our Client directly.
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.
Information We Collect
Information You May Provide
Pepo Campaigns collects and stores information you voluntarily provide, including:
Personal information you may provide when registering for an account, updating your profile, purchasing a service, or filling out a form.
When you register for our service we will collect your Email address, Password, Company Name, Your Sending Domain, Country and Time Zone (in order to setup your sending schedule).
In the profile and account section additional information can be provided to ensure a better experience (e.g., name, address, business sector, company size or any other information you voluntarily choose to provide). During the AWS integration setup we will store your AWS access keys and AWS account ID.
When purchasing a service you will be asked for financial details such as credit card information. Please refer to the Security & Data protection section below for detailed information.
We will retain personal data we process on behalf of our Clients for as long as needed in order to provide services to our Clients. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Information We Collect Automatically
Log Information: We collect log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to our Services.
“Cookies” and ” Web Beacons”: We use a variety of technologies on our site. Among these are cookies: a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk so that the website can remember your browser in the future.
A cookie will typically contain the name of the domain from which the cookie has come, the “lifetime” of the cookie, and a value, usually a unique number. When you visit our website, open our email, or encounter our services online we may send you a cookie.
Cookies may be used in many ways: track and measure the success of a particular marketing campaign, track overall site usage and determine areas clients prefer, enabling us to make your visit to our website easier by recognizing you when you return and helping to provide you with a customized experience.
You typically have the ability to accept or decline cookies by modifying the settings in your browser. If you choose to disable cookies, you may still use our site; however, you may have limited access to some areas within our website. We also include web beacons in the emails we deliver for you. We use the data from those web beacons to create the reports about how your email campaign performed and what actions your Subscribers took. Reports are also available to us when we send email to you, so we may collect and review that information.
We currently use in the specific the following cookies in order to ensure an easy experience on our website:
- Signup/Login Cookie – auth cookie, secure auth cookie, client ID cookie;
- UTM Cookie to identify the Universal Tracking Parameters that are used in th URLs to identify the origin of a user on the website;
- Billing Cookie – plan id carry forward.
If you have any specific question on the Cookies we are using please do not hesitate to contact us.
We use Google Analytics to analyse the use of our website. Our analytics service provider generates statistical and other information about website use by means of cookies. Google Analytics is present on the website and software through the means of Google Tag Manager which through its code snippet is delivering the Google Analytics cookie.
The information generated relating to our website is used to create reports about the use of our website.
Google Analytics privacy policies is available at http://www.google.com/policies/privacy/
Information We Collect From Other Sources
We utilize Tawk.to (https://www.tawk.to) in order to provide our Clients with live chat and collect queries via email on the website.
We use your personal information to provide, administer, improve and personalise our products and services, to send you informational and promotional content, to send you system alert messages, maintain and update our records, monitor and analyze trends and usage, manage our relationship with you and deal with your enquiries and concerns. Any of these uses are permitted by your consent declared when registering at our service.
We may also use your personal information to detect or prevent suspected fraud, misconduct and unlawful activity.
If you are our Client, your personal information is used to create your personal access to our email marketing product, and to contact you in the course of using this product. Financial information that is collected is used to verify, identify and to bill either you or your company for products and services, as applicable. Pepo Campaigns also compiles demographic and product use information, but in the aggregate only, and may make that aggregate information publicly available.
As part of your use of our email marketing software, Pepo Campaigns allows you to elect to not receive certain information from Pepo Campaigns.
If you opt out of our service and / or email campaigns, Pepo Campaigns will not send you unsolicited email information, commercial offers or advertisements, but may continue to send you non-promotional messages. All promotional emails that you have requested will have an option to unsubscribe. Unsubscribe requests are fulfilled within a reasonable time from the initial request, after which no further promotional communications will be sent.
We reserve the right to disclose your personal information if we believe disclosure is required by law, such as to comply with a subpoena, bankruptcy proceedings or similar legal process, and when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud and/or to comply with a judicial proceeding, court order, or legal process served on our website.
In the event we go through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, we may share your personal information as part of that business transaction.
Social Sharing Features
Information Collected by you While Using Our Services
Pepo Campaigns has access to the information of your email distribution lists that are created within your account. It also has access to the subject and content of the emails that are sent to your email lists.
The data are stored on secure servers and only a limited number of employees of Pepo Campaigns are authorised to access your distribution lists, for the sole scope to provide you with support assistance services.
You have access anytime to download the lists within your Pepo Campaigns account via the Export function in the Lists module.
In no case does Pepo Campaigns sell, share or rent out your distribution lists and contacts details to third parties, nor does it use them for any purposes other than those set forth herein. We will use the information from your distribution lists only for legal requirements, to invoice and collect summaries for our own statistics and for the purposes of providing you with customer support services. Please remember that as a creator of circulation lists and associated email campaigns.
Security & Data Protection
Within the framework of its services, Pepo Campaigns attributes the very highest importance to the security and integrity of its customers’ personal data and their subscribers’ data.
In order to ensure this to customers worldwide, Pepo Campaigns complies with the highest standard of security in terms of data protection and data personnel security.
Thus and in accordance with EU General Data Protection Regulation (GDPR), we undertake to take all pertinent precautions in order to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorised circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorised persons.
To this end, we implement industry standard security measures to protect personal data from unauthorised disclosure.
Our credit card processing vendor, Braintreepayments.com, uses security measures designed to protect your information both during the transaction and after it’s complete. Braintree is a validated Level 1 PCI DSS Compliant Service Provider. It is on Visa’s Global Compliant Provider List and MasterCard’s SDP List. If you have any questions about the security of your personal information, you may contact us.
We ensure the same level of data protection throughout our whole group of companies. Data transfer and processing between the companies occurs in accordance with EU General Data Protection Regulation (GDPR), thus ensuring a high level of data protection. Our technical and organisational measures for data security meet the industry standards and are controlled between the companies as well as against subcontractors. This includes the implementation of thirs-party beneficiary clauses, guaranteeing our full liability for performance of sub processors throughout our companies. On request, you may review our data transfer agreements as a description of the data transfer, the description of technical and organisational security measures and the subprocessing agreement for means of due diligence. Simply get in contact with us if any questions arise.
All information you provide to us is stored on our secure servers. Any payment transactions will be carried out by Braintree over encrypted connections using SSL technology. Where we have given you (or where you have chosen) a password or API key which enables you to access certain parts of our site, or you have invited team members to access parts of our site, you are responsible for keeping this password or API key confidential.
Nobody is safe from hackers. If a security breach causes an unauthorized intrusion into our system that materially affects you or people on your distribution lists, then Pepo Campaigns will notify you as soon as possible and later report the action we took in response.
The host servers on which Pepo Campaigns processes and stores its databases are located exclusively within the European Union and in the specific in Ireland.
Pepo Campaigns utilizes Amazon Web Services (AWS) servers in Europe Region West – Ireland – to both store the clients lists of contacts and to process the email sending related operations. Data hosted at AWS meets the standards of the EU GDPR. In order to ensure this level of protection for our customers, we have contracted with AWS under their Data Processing Agreement (DPA) to benefit from the best data protection available at AWS.
Pepo Campaigns undertakes not to transfer any data outside the European Economic Area and/or any third party country recognised by the European Commission as having an adequate level of protection. Where such transfer takes place or data may be viewed and accessed by our subsidiaries or company outside of the European Economic Area, our internal data protection contracts guarantee the same level of protection as agreed with AWS throughout our companies and against our employees.
Details of our service providers:
- Amazon Web Services (AWS), Processing Every Data. Pepo Campaigns infrastructure is entirely hosted on AWS virtual servers. Our marketing and transactional emails are also sent through AWS.
- Google Analytics, Processing User ID and IP address. Google Analytics is utilised to know how users are using the website and the software.
- Tawk.to, Processing Client email address, Tawk.to is the software used to provide support to Clients.
- GSuite (Google Apps), Processing Client email address. Pepo Campaigns utilises GSuite for all email, document and spreadsheet creation.
- Braintree, Processing Client name, Client email address, Client location, Payment details, IP address. Braintree is used for payments on paid plans.
- MaxMind, Processing IP Location. MaxMind is used to deliver the “Time Zone Delivery” when this feature is activated in the Client account.
- Freshdesk, Processign support cases. Freshdesk is the software used to process Clients inquires and communications
Legal basis for processing
We are required to state the legal basis on which we undertake processing of your personal information. We will only use your information where:
We have your consent to do so; or
We need to process the personal information to perform services for you under our terms and conditions of service.
We have a legitimate interest in engaging in the provision of our service and in offering products and services of value to you.
Any consent you provide may be withdrawn at any time by emailing us.
Clients have the right to request access to personal data that we may process about you.
Deletion of data will be carried out on the understanding that removal of some information (e.g. email address) during an active service subscription may negatively affect Clients ability to use the Pepo Campaigns service.
If Pepo Campaigns has collected and processed Client personal information with Client consent, then it is possible to withdraw that consent at any time. To be clear, Pepo Campaigns may still continue to process Client data if a different legal basis for doing so is present.
Clients have the right to require us to correct any inaccuracies in your data, free of charge. If you wish to exercise this right, you should email us and provide enough information in order to assess your identification while specifying the incorrect information that shall be updated. You can also access and update the information at any time from your online account or via email contacting us.
Clients can request that Pepo Campaigns restricts processing of Client personal information, object to processing of Client information or request portability of Client personal information.
Please contact us to have us complying with your request where your rights have been exercised in accordance with applicable laws.
Clients also have the right to ask Pepo Campaigns to stop processing Clients personal data for email marketing purposes by unsubscribing from the newsletter footer or requesting it via email.
Invoices are maintained for tax purposes.
If you are a resident of a country that provides you with the right to request a copy of the personal data Pepo Campaigns holds about you and/or to correct any inaccuracies within such data, and Pepo Campaigns is required by applicable laws to respond to such requests, then you may address such requests to the contact information provided in the “Contact Us” section accessible from Pepo Campaigns Homepage. Pepo Campaigns will use reasonable efforts to supply, correct or delete information that we hold about you or to advise you if we are not required by applicable laws to comply with such requests.
If you have any questions or comments, or if you want to update or change any personal information we hold, or you have a concern about the way in which we have handled any privacy matter, please use our contact email email@example.com to the attention of the Data Protection Officer.