Effective Date: 1 January 2023
- “Client” refers to organizations that engage Postalgia to provide services.
- “Client Data” refers to personal data that we collect, process and manage on behalf of our clients and the clients of our clients. We process such data on behalf and under the instruction of the respective Client in our capacity as a “data processor” in accordance with our Data Processing Addendum to our Direct Mailing Agreement with them (see Section 3 below for more information).
- “Customer Employee” refers to employees, contractors, or representatives of our clients’ organizations.
- “Personal Data” or “Personal Information” refers to any information that identifies or can be used to identify an individual, including but not limited to names, contact information, and other data collected in the course of providing our services to our clients.
- “Prospects” refers to visitors of our website (postalgia.ink), participants at our events, and any other prospective customer, user or partner who visits or otherwise interacts with our website, digital ads and content, emails, integrations or communications under our control.
You are not legally required to provide us with any of your Personal Data. If you do not wish to provide us with your Personal Data, or to have it processed by us, please simply do not visit or interact with our Site.
3. Data Processing on Behalf of Clients
Postalgia acts as a data processor on behalf of our clients. Our clients determine the purposes and means of processing Personal Data, and we process Personal Data only in accordance with their instructions. The following principles apply:
3.1 Data Collection
We collect and process Personal Data on behalf of our clients only as instructed by them. The types of Personal Data and purposes of processing are defined by our clients, and we do not use this data for any other purposes.
3.2 Data Security
We implement appropriate technical and organizational measures to ensure the security and confidentiality of the Personal Data processed on behalf of our clients. We have in place safeguards to protect against unauthorized access, disclosure, alteration, or unauthorized destruction of Personal Data. To report security incidents please send an email to firstname.lastname@example.org
3.3 Data Retention
We retain Personal Data processed on behalf of our clients only for the duration specified by our clients, or as required by applicable laws and regulations. If duration is unspecified and unregulated, files are deleted after 90 days.
3.4 Data Disclosure
We do not disclose Personal Data processed on behalf of our clients to third parties unless instructed to do so by our clients or as required by law.
4. Data Collected
Postalgia may collect Personal Data for various purposes. The following principles apply:
4.1 Data Collection
We collect Personal Data directly only with our Clients’ consent or as necessary to provide our Services. We may collect Personal Data through email, data transfer portals, or other means as required.
4.2 Data Use
We use personal data collected for the following purposes, and pursuant to the following legal bases:
- To provide and improve our services. (Performance of a contract (to the extent applicable); Legitimate Interest (to provide our Services));
- To communicate with clients and customers. (Legitimate Interest (to send service-related messages); Consent (to send marketing messages));
- To respond to inquiries and provide customer support. (Performance of a contract (to the extent applicable); Legitimate Interest (to ensure the ongoing availability of our Services));
- To comply with legal obligations. (Performance of Contract (to the extent applicable); Legitimate Interest (to maintain compliance); Legal Obligation (to the extent applicable))
We do not sell or share your Personal Information for the intents and purposes of the California Consumer Privacy Act (CCPA), nor disclose Personal Information that we “control” to any third party for their direct marketing purposes.
4.3 Data Protection
We implement security measures to protect Personal Data, including encryption, access controls, and regular security assessments.
5. Your Rights
Individuals have rights concerning their Personal Data. Please contact us by e-mail at email@example.com if you wish to exercise your privacy rights under any applicable law, including the EU General Data Protection Regulation (GDPR), UK GDPR, the CCPA, the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA) and other similar US State Laws. If you are a GDPR-protected individual, you also have the right to lodge a complaint with the relevant supervisory authority in the EU or the UK, as applicable.
If your request relates to Personal Data contained in Client Data (i.e., Personal Data we process on our Client’s behalf as their “data processor”), please note that the Client exclusively determines how such data may be processed, as well as if and how your request should be handled – so we advise that you submit your request directly to them.
For more information on cookies, please click here.
7. Contact Information