Agreement on the processing of personal data
As part of the Services provided to the User, MAILNJOY is required to process personal data on behalf of the User. This processing is carried out for the duration of the contractual relationship between MAILNJOY and the User.
The processing operations carried out by MAILNJOY on behalf of the User are described below:
- Storage of lists of e-mail addresses uploaded by the User
- Deletion of lists of e-mail addresses uploaded by the User
- Processing of e-mail addresses contained in the User’s lists.
Furthermore, the User’s consent to such processing is tacitly acquired.
As such, MAILNJOY declares that it presents sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the RGPD and ensures the protection of the rights of the data subject, and undertakes to comply with the following obligations:
1. Obligations of MAILNJOY
a) User instructions
MAILNJOY undertakes to process personal data only for the purposes of performing the Services in accordance with the User’s instructions. Thus, MAILNJOY will not grant, rent, transfer or otherwise communicate to another person, all or part of the personal data, even free of charge, and will not use the personal data for purposes other than those provided for in the General Terms of Use.
In the event that MAILNJOY considers that an instruction given by the User constitutes a violation of applicable law, MAILNJOY shall immediately inform the User.
b) Confidentiality and security
MAILNJOY guarantees the confidentiality of personal data processed as part of the Services. To this end, it will:
- that personal data is only communicated to persons who need to know it
- these persons are aware of the User’s instructions and undertake to process the personal data entrusted to them only in strict compliance with these instructions
- they are subject to an appropriate contractual or legal obligation of confidentiality
- that they receive the necessary training in personal data protection.
MAILNJOY undertakes to implement appropriate technical and organizational measures to preserve the confidentiality and security of personal data, and in particular to prevent it from being distorted, damaged or communicated to unauthorized third parties, and more generally, to protect personal data against accidental or illicit destruction, accidental loss, alteration, or unauthorized access, as well as against any form of unlawful processing, it being specified that these measures must ensure, taking into account the state of the art and the costs associated with their implementation, a level of security appropriate to the risks presented by the processing and the nature of the data to be protected, and more generally, in order to guarantee a level of personal data security appropriate to the risk.
c) Notification of personal data breaches
In the event of a breach of security resulting in the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or access to, personal data processed by MAILNJOY, MAILNJOY undertakes to inform the User immediately within 72 hours of detection of the incident.
In such circumstances, and in consultation with the User, MAILNJOY undertakes to put in place the necessary measures to protect the data, and to limit any negative effect on the persons concerned.
MAILNJOY undertakes to provide the User with all reasonable information and assistance to enable the User to comply with its obligations to notify data protection authorities.
d) Assistance to the User
MAILNJOY undertakes, insofar as possible, to assist the User in complying with its own obligations. MAILNJOY shall therefore:
- respond promptly to any request from the User concerning the personal data processed, in order to enable the User to take into account, within the allotted time, any requests from the interested parties (right of access, right of rectification, right of destruction, etc.), and more generally take into account the nature of the processing and assist the User by appropriate technical and organizational measures in fulfilling its obligation to respond to requests made by the persons concerned with a view to exercising their rights;
- send to the User, upon receipt, requests from data subjects to exercise their rights.
e) Data access / Deletion
At any time during the execution of the General Terms of Use, the User may access the personal data processed by MAILNJOY or delete them directly from the Site using the list deletion function.
At the end of the contractual relationship, at the User’s option, MAILNJOY undertakes to destroy all personal data, or to return them to the User or to another subcontractor designated by the User if this is technically feasible, within a maximum period of 3 months. The return must be accompanied by the destruction of existing copies in MAILNJOY’s information systems, unless applicable law requires their retention. MAILNJOY undertakes to provide the User, upon request, with the certificate of such destruction.
2. Audit
MAILNJOY undertakes to make available to the User all information and documents necessary to demonstrate compliance with the obligations set forth herein.
MAILNJOY authorizes the User or any other external auditor non-competitor to MAILNJOY, mandated by the User, to inspect and audit its personal data processing activities, and undertakes to accede to all reasonable requests issued by the User in order to verify that MAILNJOY is complying with the contractual obligations imposed on it by the present appendix.
It is agreed that, subject to requests from regulators to this effect, these audits may take place a maximum of once (1) per contractual year. In all cases, the User must give MAILNJOY at least thirty (30) days’ notice, and the audit must in no way disrupt MAILNJOY’s current activities. The audit shall be limited to the personal data processing activities performed by MAILNJOY on behalf of the User, and the User shall not have access to data concerning other MAILNJOY customers.
MAILNJOY undertakes to provide all evidence that the processing complies with the User’s instructions, and that the appropriate security measures have been implemented.
The entire cost of the audit will be borne by the person requesting it.
3. Subsequent subcontracting
The User is informed, and expressly accepts, that within the framework of the Services, MAILNJOY may have recourse to subcontractors who will have access to/process the personal data entrusted by the User on its behalf. The list of subcontractors concerned is as follows:
Subcontractor | Service |
---|---|
AWS France | Hosting |
Orange Business Service | Hosting |
OVH France | Hébergement |
Scaleway (formerly Online) | Hosting |
Paypal | Payment |
Stripe | Payment |
List of Mailnjoy’s subcontractors.
MAILNJOY undertakes to put in place all the necessary safeguards to ensure that transfers comply with regulations.
In this context, the User expressly authorizes MAILNJOY to sign, in its name and on its behalf, standard contractual clauses between data controller and data processor with subsequent data processors (see the European Commission’s standard clauses at the following address:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=EN
In the event of modification of the list of its subcontractors, MAILNJOY will notify the User by email or by notification in the customer account, who will have the option of closing his account in the event of objection. It is specified that this notification will include all information relating to any transfers of personal data outside the European Union.
Where MAILNJOY engages subsequent subcontractors to carry out specific processing activities on behalf of and on the instructions of the User, the same data protection obligations as those set out in the GTU shall be contractually imposed on the subsequent subcontractors, in particular as regards presenting sufficient guarantees as to the implementation of appropriate technical and organizational measures.
It is MAILNJOY’s responsibility to ensure that subsequent processors present sufficient guarantees so that processing meets the requirements of the RGPD. If the subsequent subcontractors fail to meet their data protection obligations, it is recalled that MAILNJOY remains fully liable to the User for the subsequent subcontractors’ performance of their obligations.
4. Transfers of personal data outside the EU for legal purposes
If MAILNJOY is required to make such transfers under applicable law, it undertakes to inform the User immediately of this legal obligation prior to processing, unless applicable law prohibits such information for reasons of public interest.
Privacy policy Protection of personal data
In the course of its business and for the purposes of providing the Services, MAILNJOY collects and processes the personal data of its users (hereinafter the “Users”).
The present Privacy Policy, established by MAILNJOY, is intended to provide Users with summary and global information on the processing of personal data by MAILNJOY.
MAILNJOY attaches particular importance to respecting the privacy of Users and the confidentiality of their personal data, and thus undertakes to process data in compliance with applicable laws and regulations, and in particular Law No. 78-17 of January 6, 1978 relating to data processing, aux fichiers et aux libertés (hereinafter the “Loi Informatique et Liberté”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “RGPD”).
Definitions
Personal data: Personal data is any information relating to an identified or identifiable natural person, i.e. a person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to him or her.
Processing of personal data: processing of personal data means any operation or set of operations concerning such data, regardless of the process used, and in particular collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, as well as blocking, erasure or destruction.
Cookie: A cookie is a piece of information deposited on an Internet user’s hard disk by the server of the site he or she is visiting. It contains several items of data: an identifier in the form of a unique number, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file which a server accesses to read and record information.
Data controller – DPO
The company responsible for processing the personal data referred to herein is MAILNJOY, a simplified joint stock company with capital of 25,000 euros, registered with the Toulouse Trade and Companies Register under no. 882433030 and whose registered office is located at 6b rue de la Gravette – 31830 PLAISANCE du TOUCH.
MAILNJOY has appointed a Data Protection Officer who can be contacted at the following address: dpo@mailnjoy.com.
Data collected
MAILNJOY collects data from Users in order to provide them with the services for which they have subscribed to the platform.
The compulsory or optional nature of the data provided (in order to finalize the User’s registration and provide him/her with MAILNJOY services) is indicated at the time of collection by an asterisk.
In addition, certain data is collected automatically as a result of the User’s actions on the site (see paragraph on cookies).
Purposes
Personal data collected by MAILNJOY in connection with the provision of services is necessary for the performance of contracts concluded with the User, or to enable MAILNJOY to pursue its legitimate interests in respect of the User’s rights. Some data may also be processed on the basis of the User’s consent.
The purposes for which MAILNJOY processes data are as follows:
- Commercial and accounting management of the contract;
- Management of marketing activation and promotion;
- Detection of malicious behavior (fraud, insincere treatment, etc.);
- To improve the user experience on the site;
- More generally, any purpose referred to in article 2 of Deliberation n°2012-209 of June 21, 2012 creating a simplified standard concerning the automated processing of personal data relating to the management of users and prospects.
Data recipients
The personal data collected is intended for use by MAILNJOY’s sales and accounting departments. It may be transmitted to MAILNJOY subsidiaries, or to subcontracting companies that MAILNJOY may call upon for the performance of its services.
In this context, personal data may be transferred to a country within or outside the European Union. MAILNJOY implements safeguards to ensure the protection and security of such data, in compliance with regulations.
MAILNJOY does not sell or rent personal data to third parties for any commercial purpose.
Apart from this, personal data may only be disclosed to third parties in the following cases:
- With their authorization;
- At the request of legally competent authorities, upon judicial requisition, or in the context of legal proceedings.
Data retention period
In order to comply with its legal obligations or to have the necessary elements to assert its rights, MAILNJOY may archive data under the conditions stipulated by regulations.
Thus, personal data collected by MAILNJOY relating to the identity and contact details of its Users are archived for a maximum period of two years after the termination of contractual relations for customer Users, or from the date of their collection by the data controller or the last contact from the prospect User for data relating to the latter.
Termination of contractual relations is understood to mean the express cancellation of the contract by the User or the non-use of MAILNJOY’s services for a period of five years. This period is reduced to 6 months if the User has never made a purchase.
Users’ rights
In accordance with the law, the User has the right to access and rectify any personal data concerning him/her, allowing him/her to rectify, complete, update or delete any data that is inaccurate, incomplete, equivocal, out of date or whose collection, use, communication or storage is prohibited.
The User also has the right to request the limitation of processing, and to object on legitimate grounds to the processing of his/her personal data. The User may also communicate instructions concerning the fate of his/her personal data in the event of death.
Where applicable, the User may request the portability of his or her data, or, where the legal basis for processing is consent, withdraw consent at any time.
The User may exercise these rights by sending an e-mail to privacy@mailnjoy.com or by post to :
MAILNJOY – Privacy policy 6B rue de la Gravette 31830 Plaisance du Touch
Users may also modify their personal data at any time by logging on to www.mailnjoy.com and clicking on “my profile”, or by contacting the customer relations department at support@mailnjoy.com.
The User may unsubscribe from the MAILNJOY newsletter or marketing emails by following the unsubscribe links included in each of these emails.
In the event of a dispute, the User may lodge a complaint with the CNIL, whose contact details can be found at www.cnil.fr.
The User will be able to access detailed information on the use of his/her personal data, in particular concerning the purposes of processing, the legal bases enabling MAILNJOY to process the data, their retention periods, their recipients and, where applicable, any transfers of such data to a country that is not a member of the European Union, as well as the guarantees implemented. To do so, the User may send a request by e-mail to dpo@mailnjoy.com.
Cookies
The MAILNJOY site uses cookies to facilitate navigation on the site and to execute the service provided by MAILNJOY.
Types of cookies used
Cookies required to navigate the site.
These cookies are necessary for the operation of the www.mailnjoy.com site. They enable use of the site’s main functions.
Without these cookies, Users cannot use the site normally.
**Functional cookies
These cookies are used to personalize the User experience.
Analytical cookies
MAILNJOY does not use this type of cookie.
Share button cookies
MAILNJOY does not use this type of cookie.
Cookie management
Users have the option of accepting or refusing cookies on the site, or refusing them once and for all, by configuring their browser.
If the User chooses to refuse all cookies, navigation to certain pages of the site will be reduced or even impossible.
Depending on the browser used by Users, the methods for deleting cookies are as follows:
Internet Explorer
- Click on the Tools button, then on Internet Options.
- In the General tab, under Browsing History, click on Settings.
- Click on the Show Files button.
- Select the cookies you wish to refuse and click on “Delete”.
**On Firefox
- Click on the browser’s Tools icon, then select the Options menu.
- In the window that appears, choose “Privacy and security” and click on “Cookies and site data”.
- Select the cookies you wish to refuse and click on delete.
On Safari
- Click on the Edit icon, select the Preferences menu.
- Click on Security, then on Show Cookies.
- Select the cookies you wish to refuse and click on delete.
On Google Chrome
- Click on the Tools icon, select the Options menu and then click on Settings.
- Advanced settings and access the “Site settings” section, then “Cookies and site data”.
- Click on the “All cookies and site data” button.
- Select the cookies you wish to refuse, then click on “Delete”.
- **Cookie lifetime
Cookies are stored on the User’s terminal for a maximum period of 13 months from the date of the User’s consent.
At the end of this period, consent will be sought again.
Security
MAILNJOY has taken all necessary precautions to protect the security of personal data and, in particular, to prevent it from being distorted or damaged or accessed by unauthorized third parties.
These measures include the following:
- Multi-level firewalls,
- Proven anti-virus protection,
- Detection of intrusion attempts,
- Encrypted data transmission using SSL/https/VPN technology.
- ISO 27001 data centers
In addition, access to processing by MAILNJOY Services requires authentication of the persons accessing the data, by means of an individual access code and password.
Any questions regarding the security of the MAILNJOY website may be addressed to support@mailnjoy.com.
Modification of the Privacy Policy
MAILNJOY reserves the right to change this Privacy Policy in order to comply with changes in applicable laws and regulations.
Changes will be notified via our website or by email, where possible, at least thirty days before they take effect.
Contact
Any questions regarding MAILNJOY’s Privacy Policy can be sent by email to dpo@mailnjoy.com or by post to :
MAILNJOY – Privacy policy 6B rue de la Gravette 31830 Plaisance du Touch