Privacy policy

MailBluster (referred to as “we” throughout this policy) are committed to protecting and respecting your privacy and keeping personal information secure. This policy applies to our email marketing service and to our associated websites, including MailBluster.com (and its subdomains) and our other sites you visit in which this Privacy Policy is linked to in the footer. All of these websites are referred to as ‘our website’ in this policy.

This policy (together with our Terms of use and anti-spam policy, our Cookie policy and any other documents that they refer to) sets out:

  • details of the personal information that we may collect from you;
  • information about how we use your personal information;
  • information about the limited way we share your information with our partners;
  • information about how we store your information; and
  • information about your rights.

Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

Some key points to note:

  • We use Google Analytics, Hotjar & Facebook Pixel to track user behavior on our website – learn more
  • Our websites use cookies & local storage – learn more

Who is this policy addressed to?

For the purpose of data protection legislation including the General Data Protection Regulation (‘GDPR’), the data controller of your personal data is ThemeWagon, Inc. of  2025 Sunset Lake Road, Suit B-2, Newark, 19792, Delaware, USA (registered at Delaware Department of State: Division of Corporations with company number 6324510 and trading as ThemeWagon, Inc.).

When we refer in this policy to ‘you’, we are referring to a customer of our services, or a person visiting our website. We are not referring to a person receiving an email sent by a customer using our service, or a person on a mailing list maintained by one of our customers. We refer to those people in this policy as ‘Contacts’. We do not have any relationship with Contacts, and process information relating to them solely for the purposes of providing our service to our customers.

When we refer to a ‘marketing list’ in this policy, we are referring to details of Contacts (including their email addresses) processed by us on your behalf to provide you with our MailBluster service.

If you are a Contact and wish to cease receiving emails from one of our customers, please unsubscribe directly using the unsubscribe link in the customer’s email, or contact the customer directly.

If a Contact makes a direct request to be removed from the marketing list of one of our customers, we may do so on behalf of our customer, while providing notice to the customer of the Contact’s request. Our customer is the data controller in respect of Contacts’ personal data, and Contacts should consult our customer’s own Privacy Policy for details on the customer’s data protection practices. We will never use the Contact email addresses to send our own informational and promotional content. We may refer to Contact’s personal data when generating usage reports and analysis as a data processor for our data controller customers. This may involve analysis on the events (such as deliveries, bounces, unsubscribes, clicks, and opens) arising from emails sent to Contacts using our service.

Information we may collect from you

We may collect and process the following data about you:

  • Information that you provide to us. You may give us your information by filling in forms on our website or by corresponding with us by email, live chat, phone or otherwise. This includes information you provide when you register to use our service, respond to any surveys that we send to you to complete, and when you contact us for any reason. When you register for our service we will ask for a range of information we need to collect in order to set up your account and engage one or more of our upstream email service providers to handle your emails. If you contact us, we may keep a record of any information contained in the correspondence.
  • With regard to each of your visits to our website, we will collect your IP address. This information is used for fraud and abuse detection.
  • We also collect data from you for the purposes of retargeting – see the ‘Retargeting’ section below.
  • Payment information
    When using our paid service, you will be asked for financial details such as credit/debit card information. The processing of these payments is carried out by our payment processor, Stripe. We do not store any credit or debit card information on our servers. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. (This is the most stringent level of certification available). Their Security assurances and Privacy policy are available on their website.

How we use your personal information

We use information held about you for the following purposes:

  • to provide you with information or services that you request from us, including responding to any requests for assistance with the service;
  • to send you newsletters about our service and notify you about any changes to the service;
  • to carry out our obligations arising from any contracts entered into between you and us;
  • to administer our site and for internal operations, including troubleshooting;
  • to help optimize and develop our service, for example through statistical analysis and research on your use of our service;
  • as part of our efforts to keep our website safe and secure and to monitor actual or suspected fraudulent activity;
  • to determine your regional location for the purposes of recommending a billing currency;
  • and to carry out retargeting advertising (see “Retargeting” section below).

Retargeting

Our website uses retargeted advertising provided by Facebook and Google. As a result of this retargeting, you may see ads for our services on other sites such as Facebook. This happens in one of two ways:

One way is that our retargeting provider will read a cookie that is already in your browser, or they will place an anonymous cookie or ‘pixel’ in your browser when you visit our site. This can only happen if your browser is set to let it happen – you can control your settings in your browser to stop this.

The other method of retargeting is to use your email address to match MailBluster ads to you when you browse other sites. This involves sharing your email address with Facebook and Google. This form of retargeting is generally used to update you on new functionality added to the MailBluster platform.

Conversely, we also use Facebook to ensure that we don’t present some MailBluster ads to our existing customers. Again, this involves our sharing your email address with Facebook.

Your marketing lists

Your marketing lists are stored in Ireland, within the European Economic Area (“EEA”), on the secure servers of Amazon Web Services (“AWS”). They will also be available to our email service providers (”ESPs”). ESPs will only have access to your lists when you are sending an email. Once the email is sent, the ESPs no longer have access to your marketing list. Our ESP is Amazon Web Services Simple Email Service. We don’t, under any circumstances, sell or share your marketing lists with anyone else. If someone on your marketing list complains or contacts us, only then will we respond to that person. Only you, our authorized employees, and our ESPs have access to view your marketing lists.

We may also monitor those events for the purposes of administering our service (including checking for any abuse of our service) and research on patterns and trends in the use of our service. We will never use any Contact data for the purposes of that administration or generating that research. It will always be conducted on an aggregated and anonymized dataset, which does not identify any individual Contact.

You may export (download) your marketing lists from MailBluster at any time. We’ll only ever use and disclose the information in your marketing lists for the reasons listed in this section or in the section entitled ’How we use your personal information’ above.

We will never use or disclose the information in your marketing lists to send our own informational and promotional content. If we detect abusive or illegal behavior related to your marketing list, we may share your marketing list or portions of it with affected internet service providers (“ISPs”) or anti-spam organisations. We may also be required to disclose it to law enforcement or regulatory bodies. We will only do so if legally required.

We may conduct analysis on your use of the service and the results generated by your emails sent by means of the service. This analysis is conducted solely on an aggregated and anonymised basis.

Cookies and tracking technologies

Our website uses cookies and local storage to distinguish you from other users of our website. The majority of these are required to provide our service, ensuring you remain logged in to MailBluster and that we can personalise the service offered. Cookies (or ‘pixels’ which are similar tracking mechanisms) are also used for retargeting purposes (see the ’Retargeting’ section above). Please see our Cookie policy for full details on our use of cookies.

We use Google Analytics, Hotjar and Facebook pixel to help us review how people are using our services. Hotjar enables us to see where people click on a page, follow mouse patterns, and track text that people might type using those services. It will involve Hotjar processing all data on the screen of our websites when you use them, we ensure that all data in relation to your Contacts is redacted and is not recorded. Hotjar is provided by Hotjar Inc. Their privacy statement is here. You are a ‘User’, for the purposes of this Privacy Policy. You are able to opt-out of Hotjar at anytime. The legal basis for processing this data is that it is in the legitimate interests of use and our users that we optimise the service and our users’ experience on our website.

Where we store your personal data

The account details and IP address that we collect from you is stored on our AWS servers in Ireland, inside the UK and European Economic Area (“EEA”). All the personal data we collect from you may be processed by our staff, or those of our ESPs and other service providers operating outside the UK and EEA. Such staff may be engaged in, among other things, the fulfilment of your services, and the provision of support services. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. Please contact us if you would like more details on the appropriate safeguards we employ to require that these providers process your data with due respect for its privacy.

Security

All information you provide to us is stored on our secure servers. Any payment transactions will be carried out by Stripe over encrypted connections using SSL technology (see the ’Payment Information’ section above). Where we have given you (or where you have chosen) a password or API key which enables you to access certain parts of our site, or you have invited team members to access parts of our site, you are responsible for keeping this password or API key confidential.

We take security very seriously, and ‘privacy by design’ is baked into our engineering and product development principles but, as with any online service, despite our use of leading security tools and techniques, the personal data we hold about you can never be 100% immune from unauthorised access.

Disclosure of your information

We may disclose your personal information to any company under the same ownership as us.

We may disclose your personal information to selected third parties, including:

  • in the event that we sell or buy any business or assets, the prospective seller or buyer of such business or asset;
  • if MailBluster or substantially all of its assets are acquired by a third party, to the relevant third party;
  • business parties and subcontractors for the purposes of providing the MailBluster services;
  • Our ESPs will receive different information at different times. When you verify your domain for the purpose of receiving the services, they will see a user’s email address, phone number, street address, domain, and user ID. When an email is sent using an ESPs service, the ESP will see the ‘from’ name and address, the subject, the body of the email, and the destination email addresses. When an email recipient opens an email you have sent or clicks a link in the email, the ESP will see the IP address of the recipient (from which may be inferred a notional latitude and longitude associated with that IP address). For a detailed list of which ESPs have access to which information, please contact us.
  • analytics providers that assist us in the improvement and optimisation of our website; and
  • law enforcement agencies or regulatory bodies; or other third parties for fraud detection and prevention. We will only do this is if we are legally required to do so.
  • We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of use and anti-spam policy and other agreements, or to protect the rights, property, or safety of MailBluster, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud detection and protection and credit risk reduction.

Integrations: MailBluster API Connect and other third party integrations

Our service integrates with your own account held with an email service provider, such as AWS (Amazon Web Services). Please see your provider’s Privacy Policy and Terms and Conditions of Service to review their practices and processes regarding the usage, storage and disclosure of any data used in relation to their service.

You can additionally integrate your MailBluster account with third party apps, websites or other services with whom you have your own account independent of MailBluster. If you do decide to connect your account with that third party to MailBluster, the third party you integrate will as a result receive your marketing lists, information about your use of our services, and access to any other personal data you make available to them. All third parties you integrate in this way are your own data processors – they are not subcontractors or sub-processors of MailBluster. Information collected by these third parties is subject to their own terms and privacy policies. An example of such a third party is Zapier.

Retention of your personal information

The periods for which we keep your information depend on why your information was collected and what we use it for. We will not keep your personal information for longer than necessary for our business purposes or for legal requirements.

Legal basis for processing

We are required to state the legal basis on which we undertake processing of your personal information. We will only use your information where:

  • we have your consent to do so; or
  • we need to process the personal information to perform services for you under our terms and conditions of service.
  • We have a legitimate interest in engaging in the provision of our MailBluster service and in offering products and services of value to you. Please contact us if you would like to learn more about our assessment of our legitimate interests in processing data.
  • We are processing the data to meet a legal requirement.

Any consent you provide may be withdrawn at any time by emailing us.

Your rights

You have the right to request access to personal data that we may process about you.

You have the right to require us to correct any inaccuracies in your data, free of charge. If you wish to exercise this right, you should:

  • put your request in an email to us;
  • provide us with enough information to identify you (e.g. email address); and
  • specify the information that is incorrect and what it should be replaced with.

You can access, correct, update or request deletion of your personal information at any time, either through your online account or by contacting us.

Deletion of data will be carried out on the understanding that removal of some information (e.g. email address) during an active membership term may negatively affect your ability to use the MailBluster service.

We cannot delete any invoices, as these are kept for tax purposes.

You can request that we restrict processing of your personal information, object to processing of your information or request portability of your personal information. For these requests, please contact us. We will comply with your request where your rights have been exercised in accordance with applicable laws.

If we have collected and processed your personal information with your consent, then you can withdraw that consent at any time. To be clear, we may still continue to process your data if we have a different legal basis for doing so (for example, if we are required by law to do so, or we need to do so for the purposes of fulfilling our obligations to you under our terms and conditions of service).

You also have the right to ask us to stop processing your personal data for direct marketing purposes. You can do this through your MailBluster profile settings or via email. If you wish to exercise this right via email, you should:

  • put your request in writing (an email with a header that says ‘Unsubscribe’ is acceptable);
  • provide us with enough information to identify you (e.g. email address); and
  • if your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g. email address), please specify the channel you are objecting to.

Changes to privacy policy

We keep our privacy policy under regular review. If we change our privacy policy we will post the changes on this page, notify you, and place notices on other areas of the site, so that you may be aware of the information we collect and how we use it at all times.

Complaints

If you have any questions or comments regarding our use of your data, please contact us by email. If you make a complaint to us and think we have not dealt with it to your satisfaction, you may send your complaint to the Information Commissioner for investigation. For more information on the Information Commissioner, and how to make a complaint, please visit their website.

Our contact details

We welcome your feedback and questions. If you wish to contact us, please send an email to [email protected].

Last update: 19 June 2019