TRIAL TODAY GET IN TOUCH
close

Our approach to Platform Privacy

We're Egress Software Technologies Inc. part of the Egress Software Technologies Group. More information about our group can be found at www.egress.com/about.

Your information will be held by us for and on behalf of us and our group companies, and this policy sets out how we and they will look after information that you give us, or that we get from other sources, or learn about you through our relationship with you when you use our platform.

Below you can find details of:

  • the information we collect and how we get it
  • how we use that information
  • who we may share it with and why
  • where we may transfer and process it
  • what you need to do if you provide information to us about others

If you have any questions we’d be happy to answer them, just get in touch at DPO@egress.com.

This platform privacy policy was last updated on 30 July 2018. We updated it to:

  • reflect the development of our Threat Protection product and how the data collected and processed by it is used by us, our group and subprocessors.
  • update the definition of System Data to bring it in line with our up-to-date terms and conditions.

The way we talk about the information we collect

Account Information

Information about you that you provide to us, or that we obtain in connection with:

  • the creation and administration of your account. Depending on who you are and the services you ask us to provide, this may include things like your name, username, address, employer, phone number, email address, billing and transaction information, password, personal contact information, the date you opened/closed your account, information provided by you when you contact us, and the access and services we provide to you
  • your use of our platform and services (e.g. how you use, access and interact with them)
  • any permissions, consents or preferences you give us, including to access your data through third party email products when you use our plug-ins
  • you being our customer, and information that we obtain from third parties that may be linked to your employer or organization
Content

Data, text, audio, video and images transferred, stored, shared or hosted on or through the Platform by you and third parties. It does not include Account Information or system data.

System data

Usage statistics, system logs, performance and security data, records of support requests, and aggregated data about how our sites, platform and apps are used (e.g. performance counters, access logs, metrics, associated metadata, unique identifiers for devices, technical information about the devices you use, the network, operating system and browser). This may contain limited Account Information where information such as email addresses or usernames appear in log records.

The information we collect and how we get it

From

How we obtain or receive it

Examples of the types of information

You

  • purchasing, registering for, logging into, or using your account
  • filling out forms on our website or apps
  • uploading or sending Content
  • making use of our services
  • making use of our services
  • contacting us
  • if you take part in our competitions or promotions
  • attending our webinars
  • Account Information
  • System Data
  • Content
  • Threat Protection data
  • IP address

Third-parties

  • companies or individuals that introduce you to us
  • credit reference agencies
  • third-party Content that includes information about you, or your employer or organization
  • making use of our services
  • filling out forms on our website or apps and providing information about you
  • contacting us and providing information about you
  • publicly accessible records
  • government and law enforcement agencies
  • filling out forms on websites or webforms that we host on behalf of a third party
  • Account Information
  • Content sent by other users or recipients
  • Threat Protection data
  • open data and public records
  • credit reports or other financial assessments

Google

  • if you use our Gmail plug-in, you grant us permission to access your email in order to encrypt or decrypt it.
  • if you use Threat Protection, to review email meta data and email addresses for that purpose.
  • Account Information
  • Content
  • Threat Protection data

General use of our services

  • accessing and using them, our websites or apps
  • Account Information
  • IP address (this may not always be personal to you – e.g. where using shared networks)
  • System Data

Threat protection and email encryption

  • email meta data (date and time, sender and recipient email addresses and other unique message identifiers)
  • Content sent by you and other users or recipients
  • Account Information
  • Content
  • Threat Protection data
  • IP address

IP address

  • when you visit our website, apps or use our platform and services we will record your IP address.
  • your IP address may be kept in log files or matched against public or proprietary IP address databases to provide us with information about your visit. This may identify the organisation to whom the IP address is registered (and may in some cases enable us to identify you)
  • IP address
  • Account Information

How we use the data that we collect

We use the Account Information, Content and system data in each of the following ways.

Relationship Management

What we use it for

Our reasons

Manage, track and develop our relationship with you and your employer or organization

Processing to complete any pre-contract processes that you request.

To ensure that we have a productive relationship where we’re able to meet customer needs and respond to them both proactively and reactively. This is core to our business and forms the cornerstone of success. If we were unable to process personal data for this purpose, our business would cease to function properly. To understand you and your employer or organization better through the use of third party data.

Delivery of requested services

What we use it for

Our reasons

Information type

Provide the platform and service access and support to you

To ensure that we meet our contractual obligations to you.

Account Information, System Data, Content, Threat Protection Data

Provide guidance on our platform and services

This could include responding to pre-contract questions, and also dealing with support or service questions during our contract with you.

Account Information, System Data, Content, Threat Protection Data

Respond to and resolve complaints, queries, requests and support tickets

To respond to your queries and to ensure that you’re able to use our platform and services appropriately. Processing of Content may be required for resolving some support tickets.

Account Information, System Data, Content, Threat Protection Data

Ensure our platform services are functioning properly

To ensure that we can provide the platform and services that we’re contracted to provide. This may include both automated and manual processing (but not automated decision making in the context of the GDPR).

Account Information, System Data, Content, Threat Protection Data

Alert you to issues or updates to your services

To ensure that you’re presented with relevant messaging based on the access and services that you’ve purchased from us and our group.

Account Information, System Data, Content, Threat Protection Data

Scan meta data to provide you with feedback on the interactions you are about to make, or to encrypt or unencrypt email traffic

To provide our Threat Protection and secure email services. Threat Protection requires certain information in order to understand your, and any of your users’, behaviour. Secure email requires the processing to meet the encryption and decryption obligations where you’ve requested this service.

Account Information, System Data, Content, Threat Protection Data

Enable third party plug-ins you request

To integrate with and respond to third party plug-ins in order to provide the requested services.

Account Information, System Data, Content, Threat Protection Data

Service Information by electronic means

We may send, or otherwise display, to you information about the services you receive from us (e.g. how you use them, how you could do so more efficiently, faults, issues, updates or notices of times when they’ll not be available).

Account Information, System Data, Threat Protection Data

Delivering on contractual obligations and exercising rights

What we use it for

Our reasons

Information type

Make and manage payments made by, or due to, you

Processing to achieve this purpose may take place both pre and post contract agreement (e.g. initial subscription payment and renewals).

Account Information, System Data

Meet and perform our audit obligations

We recognize that processing may be required in order to exercise our rights under the terms of our contract with you, or for our own compliance purposes.

Account Information, System Data, Threat Protection Data

Processing may be required where requested by a customer to meet any audits conducted in accordance with the terms of our contracts with them.

Account Information, System Data, Content, Threat Protection Data

Recover money owed to us or other companies in our group

To ensure that payments are both made and timely.

Account Information

Legal and regulatory risk management

What we use it for

Our reasons

Information type

Detect and prevent crime

To ensure that we and our group can both detect and report criminal activity.

Account Information, System Data, Content, Threat Protection Data

Manage risk for us, our group and our customers

To ensure that we and our group can manage legal and regulatory risk and do so in the most appropriate and compliant manner.

Account Information, System Data, Threat Protection Data

Obey our or our group’s legal obligations

To ensure that we and our group can manage legal and regulatory risk and requests in the most appropriate and compliant manner. This may include adapting the way we and our group operates or engages to meet new or future obligations.

Account Information, System Data, Content, Threat Protection Data

Keep our records accurate and up-to-date

Processing to ensure we meet our obligations in respect of data accuracy (this may include acting in response to your notifications).

Account Information

Run our and our group’s businesses in an efficient and proper way

We use shared systems, activities, suppliers and sub-processors in order to help manage legal and regulatory risk within our group, and to operate in a way that ensures quality, consistency and security of service delivery.

Account Information, System Data, Content, Threat Protection Data

Innovation and System Development

What we use it for

Our reasons

Information type

Develop new systems, features, functionality and ways to meet customer needs

We have a legitimate interest to understand how our platform and services are used, and to look at areas where customer needs could be met either as new functionality, or in improved ways.

Account Information, System Data

Study how customers and users use our services

We have a legitimate interest to understand how our platform and services are used, and how customers benefit from the services that we provide to them.

Account Information, System Data

Test new products and services

We have a legitimate interest in ensuring that prior to being launched, products and services operate in a secure and efficient manner.

Account Information, System Data

Exercise our contractual rights

To ensure that we appropriately protect ourselves and our group based upon our contractual rights.

Account Information, System Data

Show you the right websites

To ensure that you enter into any contractual relationship with the right company in our group. This also enables us to present content relevant to that jurisdiction where appropriate.

Account Information, System Data, IP address

To create anonymous reports and statistics

We have a legitimate interest in understanding market risks, trends and activities and, where relevant, utilising the anonymous insights that we can gain from our platform and services in the provision of publicly available reports, blogs and other communications.

Account Information, System Data

To develop and carry out marketing activities

We have a legitimate interest to conduct marketing, promotional and other advertising activities in order to grow our brand, and the awareness of our products and services.

Account Information

To enable your participation in competitions and promotions

Where you’ve elected to take part, we will process your information in order to enable you to participate.

Account Information, System Data

Free user account information

If you have a free user account with us and the domain of the email address associated with it is owned or controlled by an organisation (like your employer) and that organisation subsequently establishes a relationship with us and wishes to add your account to its account, then certain information concerning your free user account and your past use of it may become accessible to that organisation and its administrator, including your email address.

If you provide us with information about others

If you or your business provide information to us about another person, or if you or your business send their information or Content using our platform or services, you must make sure you have the right and permission to do so. We’re reliant on this in order to receive and process the information you or your business provide. By providing it, you confirm that you do.

Where you use Threat Protection, or where you correspond with an individual or business that does so, your emails and their associated metadata may be routinely monitored to protect against the risk of misaddressed emails and to improve the accuracy of those decisions.

Sending information outside the EEA and the United States

Account Information, Threat Protection Data and System Data:To operate our group effectively we use shared systems, resources and subprocessors and so Account Information and System Data may be transferred, shared and processed within our group and to and by these third-parties. This may involve the storage, transfer and processing of this information outside the country where you, your business or a particular user is located. Where this happens, we’ll ensure that any such transfer or processing is subject to appropriate legal and technical safeguards.

Content: Your Content will be stored on secure servers. You acknowledge that our platform is a ‘software-as-a-service solution’. You, your users and recipients may access Content outside the country you’re located in (e.g. by logging in to your account anywhere in the world). Where this happens, Content may be processed by you or them on the device used wherever that is located..

Who we may share your information with

Account Information, Threat Protection Data and System Data: To operate our group effectively we use shared systems, resources and subprocessors and so Account Information, Threat Protection Data and System Data may be transferred within our group and to these third-parties. Details on these can be found through the subcontractor page available at www.egress.com/subcontractors.

We may share Threat Protection Data with other companies in our group and authorised sub-processors to provide the service that you’ve purchased from us.

Content: Your Content may be shared with third parties as directed by you through your use of the features of our Platform and services. We may share Content with other companies in our group and authorised subprocessors where necessary to provide the services that you have purchased from us.

Free user account information: We may share details of the email address associated with your free user account with the organisation (like your employer) that owns or controls the domain of the email address associated with it (this may be either as a result of a request by that organisation, or as a result of discussions relating to a potential purchase by it of a business account).

Transfer of Rights: We reserve the right to transfer our obligations, rights and permissions in Account Information, System Data, Threat Protection Data and Content to any organisation to which we may transfer our business or assets (including if we, or a relevant part of us or our assets, are proposed to be purchased or acquired by a third party).

Applicable law: We reserve the right to disclose Account Information, System Data, Threat Protection Data and Content in order to comply with legal or regulatory obligations, or a binding order of a legal, governmental or regulatory authority, or for the prevention and detection of crime or fraud, or to protect against imminent harm to the rights, property or safety of Us, our customers or the public.

What we need you to do

We need to make sure that the information that we hold about you (and if you’re a business, your users) is accurate, up-to-date and still relevant. As a result, we need you to tell us promptly if there are any changes to the information that you (or they) have provided by letting us know at DPO@egress.com.

You must ensure that you always have (and if you’re a business, that your users always have) a lawful reason for the processing of your Content and any third party email address through your use of our platform and services, and you must comply with all applicable law in respect of how you use it.

Marketing

We may use some of the information that we hold about you (or if you’re a business, your users) to send information about our, and our group companies’, products and services. Information provided may be used alongside other information we hold about you, your users, employer or organisation in order to tailor our communications to you or your users. We may do this by email, or by other electronic means available to us in the future. If you’re an individual, in most circumstances we’ll only do this if we have your consent, but there may be some situations where we have a legitimate interest in doing so.

If you’re an individual and you’ve given your consent, you can withdraw this at any time by notifying us using the details below.

How long we'll keep your and your users information for

We’ll keep Account Information for as long as you or your business are a customer of ours. After you or your business stop being a customer, we may retain relevant Account Information in accordance with our retention policy at www.egress.com/legal (including to maintain records required for legal or regulatory reasons, showing that we complied with our contractual obligations, responding to any complaints or queries, and for research and statistical purposes). We’ll ensure its confidentiality where we do so.

Content and Threat Protection Data will be deleted in accordance with our retention policy. Please note that some of your information and Content may continue to be processed by us even after you cease to be a customer of ours where it forms part of another user’s content.

Your rights as an individual

As an individual user of our Sites, you may have certain rights by law in respect of the personal data that we hold about you. These rights may not always be available to you and will depend on where you are resident. They may also not apply as the basis on which we’re processing your personal data may affect their availability.

Your right

What it enables

How do you exercise it with us

To make a data subject access request

An understanding of the personal data we hold about you.

Get in touch with our DPO using the details below. Please ensure your correspondence is entitled “data subject access request”.

Alternatively, please complete our online form.

To correct errors in personal data we hold about you

If you think personal data we hold about you is wrong or incomplete, you have the right to correct it. Following receipt of your notice, we’ll investigate any inaccuracy and correct the data where relevant

Get in touch with our DPO using the details below. Please ensure your correspondence is entitled “correcting my information”.

To request that we stop processing your personal data

You have the right to object to how we’re using your data, or to ask us to delete, erase or stop processing it if there’s no reason for us to use it. Remember:

  • there may be legal or regulatory reasons why we’re processing it
  • we may be processing it in order to fulfil our contractual obligations to another user (e.g. where they’ve provided it or are looking to send or share it as part of their Content)
  • information that you’ve shared to or with others may form part of their account with us and may not be deleted when you close your account or make this request

 

Get in touch with our DPO using the details below. Please ensure your correspondence is entitled “erasure of my personal data”.

To request that we restrict how we process your personal data

You have the right to ask us to restrict how we’re processing your personal data if:

  • it’s not accurate
  • it’s been used unlawfully but you don’t want us to delete it
  • it’s not relevant anymore but you want to keep it for use in legal claims
  • you’ve asked us to delete it and are waiting for us to confirm if we have a lawful reason for using it

 

Get in touch with our DPO using the details below. Please ensure your correspondence is entitled “restriction of the use of my personal data”.

To complain

If you have any concerns or complaints with how we have processed your data.

Get in touch with our DPO using the details below. You also have a right to complain to the Information Commissioners' Office, the UK's data protection regulator. You can find out more about this right here: https://ico.org.uk/concerns/

Our Data Protection Officer (DPO)

Name

Richard Green

Address

12th Floor, The White Collar Factory, 1 Old Street Yard, London, EC1Y 8AF, United Kingdom

Email address

DPO@egress.com

Phone number

(0) 20 7624 8500

Cookies

To find out more about cookies and how we use them, see www.egress.com/cookies. Currently, we do not respond to ‘Do not track’ browser features.

Changes to this policy

We can change this policy from time to time through notice to You. We may in some instances require you and your users to read and accept any changes before continuing to use their account.

About us

We're Egress Software Technologies Inc. We're a Massachusetts corporation with our registered office at 51 Melcher St, Boston, MA 02210. You can contact us at info@egress.com. When contacting us we strongly recommend you don't email us confidential or personal information. If you do, it's at your own risk although the terms of this policy will apply to our use of that information.

Law

This Website Privacy Policy and any disputes hereunder will be governed by the laws of the State of Delaware, without regard to its conflict of law principles. We both acknowledge and agree that any litigation concerning them shall be submitted to and resolved by the state or federal courts in and for Boston, Massachusetts, and the parties consent to the exclusive jurisdiction and venue of such courts.

If you’re looking for our website privacy policy, or just browsing our site then see our policy at www.egress.com/website-privacy.

accreditations accreditations accreditations accreditations accreditations