TRIAL TODAY GET IN TOUCH
close

Our approach to Platform Privacy

We're Egress Software Technologies Inc. part of the Egress Software Technologies Group. More information about our group can be found at www.egress.com/about.

Your information will be held by us for and on behalf of us and our group companies, and this policy sets out how we and they will look after information that you give us, or that we get from other sources, or learn about you through our relationship with you when you use our platform.

Below you can find details of:

  • the information we collect and how we get it
  • how we use that information
  • who we may share it with and why
  • where we may transfer and process it
  • what you need to do if you provide information to us about others

If you have any questions we’d be happy to answer them, just get in touch at DPO@egress.com.

This platform privacy policy was last updated on 7 November 2018. We updated it to:

  • amend the layout to make it easier to follow who we may disclose and share your information with, how long we retain your information and how we undertake marketing activities

The way we talk about the information we collect

Account Information

The database, logs and other collections of information about you (and, if you’re a business, your users) that is provided to us by you or your users, or that we obtain in connection with:

  • the creation and administration of your and their accounts.
  • your and their use of our platform and services (e.g. how they’re used, accessed and interacted with)
  • any permissions, consents or preferences that are given to us, including to access your data through third party email products when you use our plug-ins
  • you being our customer, and information that we obtain from third parties that may be linked to you, your employer or your organisation

Content

Data, text, audio, video and images transferred, stored, shared or hosted on or through the Platform by you and third parties. It does not include Account Information or System Data.

System Data

(i) Usage statistics, system logs, performance and security data, feedback data, records of support requests, and aggregated data about how our sites, platform and apps are used (e.g. performance counters, access logs, metrics, associated metadata, unique identifiers for devices, technical information about the devices you use, the network, operating system and browser).(ii) data identified as malicious (e.g. malware infections, cyberattacks, unsuccessful security incidents, or other threats). This may contain limited Account Information where it appears, for example, in log records but excludes Threat Protection Data.

Threat Protection Data

The record of individual user email behaviour and associations formed from the processing, collection and analysis of email metadata such as date and time, sender and recipient email addresses, and other unique message identifiers. It doesn’t include Account Information and System Data.

The information we collect and how we get it

From

How we obtain or receive it

Examples of the types of information

You

  • purchasing, registering for, logging into, or using your account
  • filling out forms on our website or apps
  • uploading or sending Content
  • making use of our services
  • making use of our services
  • contacting us
  • if you take part in our competitions or promotions
  • attending our webinars
  • Account Information
  • System Data
  • Content
  • Threat Protection data
  • IP address

Third-parties

  • companies or individuals that introduce you to us
  • credit reference agencies
  • third-party Content that includes information about you, or your employer or organization
  • making use of our services
  • filling out forms on our website or apps and providing information about you
  • contacting us and providing information about you
  • publicly accessible records
  • government and law enforcement agencies
  • filling out forms on websites or webforms that we host on behalf of a third party
  • Account Information
  • Content sent by other users or recipients
  • Threat Protection data
  • open data and public records
  • credit reports or other financial assessments

Microsoft or Google

  • if you use our Outlook or Gmail plug-in, you grant us permission to access your email in order to encrypt or decrypt it.
  • if you use Threat Protection, to review email meta data and email addresses for that purpose.
  • Account Information
  • Content
  • Threat Protection data

General use of our services

  • accessing and using them, our websites or apps
  • Account Information
  • IP address (this may not always be personal to you – e.g. where using shared networks)
  • System Data

Threat protection and email encryption

  • email meta data (date and time, sender and recipient email addresses and other unique message identifiers)
  • Content sent by you and other users or recipients
  • Account Information
  • Content
  • Threat Protection data
  • IP address

IP address

  • when you visit our website, apps or use our platform and services we will record your IP address.
  • your IP address may be kept in log files or matched against public or proprietary IP address databases to provide us with information about your visit. This may identify the organisation to whom the IP address is registered (and may in some cases enable us to identify you)
  • IP address
  • Account Information

How we use the data that we collect

We use the Account Information, Content and system data in each of the following ways.

Relationship Management

What we use it for

Our reasons

Information type

Manage, track and develop our relationship with you and your employer or organization

Processing to complete any pre-contract processes that you request.

Account Information, System Data

To ensure that we have a productive relationship where we’re able to meet customer needs and respond to them both proactively and reactively. This is core to our business and forms the cornerstone of success. If we were unable to process personal data for this purpose, our business would cease to function properly. To understand you and your employer or organization better through the use of third party data.

Account Information, System Data

We may use your information to create reports or profiles for marketing and analytics purposes.

Account Information, System Data

Delivery of requested services

What we use it for

Our reasons

Information type

Provide the platform and service access and support to you

To ensure that we meet our contractual obligations to you.

Account Information, System Data, Content, Threat Protection Data

Provide guidance on our platform and services

This could include responding to pre-contract questions, and also dealing with support or service questions during our contract with you.

Account Information, System Data, Content, Threat Protection Data

Respond to and resolve complaints, queries, requests and support tickets

To respond to your queries and to ensure that you’re able to use our platform and services appropriately. This may involve the recording of calls that you make to our support desks or sales teams for training and monitoring purposes. Processing of Content may be required for resolving some support tickets.

Account Information, System Data, Content, Threat Protection Data

Ensure our platform services are functioning properly

To ensure that we can provide the platform and services that we’re contracted to provide. This may include both automated and manual processing (but not automated decision making in the context of the GDPR).

Account Information, System Data, Content, Threat Protection Data

Alert you to issues or updates to your services

To ensure that you’re presented with relevant messaging based on the access and services that you’ve purchased from us and our group.

Account Information, System Data, Content, Threat Protection Data

Scan meta data to provide you with feedback on the interactions you are about to make, or to encrypt or unencrypt email traffic

To provide our Threat Protection and secure email services. Threat Protection requires certain information in order to understand your, and any of your users’, behaviour. Secure email requires the processing to meet the encryption and decryption obligations where you’ve requested this service.

Account Information, System Data, Content, Threat Protection Data

Enable third party plug-ins you request

To integrate with and respond to third party plug-ins in order to provide the requested services.

Account Information, System Data, Content, Threat Protection Data

Service Information by electronic means

We may send, or otherwise display, to you information about the services you receive from us (e.g. how you use them, how you could do so more efficiently, faults, issues, updates or notices of times when they’ll not be available).

Account Information, System Data, Threat Protection Data

Delivering on contractual obligations and exercising rights

What we use it for

Our reasons

Information type

Make and manage payments made by, or due to, you

Processing to achieve this purpose may take place both pre and post contract agreement (e.g. initial subscription payment and renewals).

Account Information, System Data

Meet and perform our audit obligations

We recognize that processing may be required in order to exercise our rights under the terms of our contract with you, or for our own compliance purposes.

Account Information, System Data, Threat Protection Data

Processing may be required where requested by a customer to meet any audits conducted in accordance with the terms of our contracts with them.

Account Information, System Data, Content, Threat Protection Data

Recover money owed to us or other companies in our group

To ensure that payments are both made and timely.

Account Information

Legal and regulatory risk management

What we use it for

Our reasons

Information type

Detect and prevent crime

To ensure that we and our group can both detect and report criminal activity.

Account Information, System Data, Content, Threat Protection Data

Manage risk for us, our group and our customers

To ensure that we and our group can manage legal and regulatory risk and do so in the most appropriate and compliant manner.

Account Information, System Data, Threat Protection Data

Obey our or our group’s legal obligations

To ensure that we and our group can manage legal and regulatory risk and requests in the most appropriate and compliant manner. This may include adapting the way we and our group operates or engages to meet new or future obligations.

Account Information, System Data, Content, Threat Protection Data

Keep our records accurate and up-to-date

Processing to ensure we meet our obligations in respect of data accuracy (this may include acting in response to your notifications).

Account Information

Run our and our group’s businesses in an efficient and proper way

We use shared systems, activities, suppliers and sub-processors in order to help manage legal and regulatory risk within our group, and to operate in a way that ensures quality, consistency and security of service delivery.

Account Information, System Data, Content, Threat Protection Data

Innovation and System Development

What we use it for

Our reasons

Information type

Develop new systems, features, functionality and ways to meet customer needs

We have a legitimate interest to understand how our platform and services are used, and to look at areas where customer needs could be met either as new functionality, or in improved ways.

Account Information, System Data

Study how customers and users use our services

We have a legitimate interest to understand how our platform and services are used, and how customers benefit from the services that we provide to them.

Account Information, System Data

Test new products and services

We have a legitimate interest in ensuring that prior to being launched, products and services operate in a secure and efficient manner.

Account Information, System Data

Exercise our contractual rights

To ensure that we appropriately protect ourselves and our group based upon our contractual rights.

Account Information, System Data

Show you the right websites

To ensure that you enter into any contractual relationship with the right company in our group. This also enables us to present content relevant to that jurisdiction where appropriate.

Account Information, System Data, IP address

To create anonymous reports and statistics

We have a legitimate interest in understanding market risks, trends and activities and, where relevant, utilising the anonymous insights that we can gain from our platform and services in the provision of publicly available reports, blogs and other communications.

Account Information, System Data

Marketing and promotion

What we use it for

Our reasons

Information type

To develop and carry out marketing activities

We have a legitimate interest to conduct marketing, promotional and other advertising activities in order to grow our brand, and the awareness of our products and services.

Account Information

To enable your participation in competitions and promotions

Where you’ve elected to take part, we will process your information in order to enable you to participate.

Account Information, System Data

We may use information that we hold about you (or if you’re a business, your users) to send information about our and our group companies’ products and services. This may be by email or other electronic means available to us in the future. We may use other information available to us in order to tailor our communications. If you’re an individual in most circumstances we’ll only do this if we have your consent but there may be some situations where we have a legitimate interest in doing so (e.g. where you complete a purchase through our online ecommerce platform).

If you’ve given your consent, you can withdraw this at any time, or if we’re reliant on our legitimate interests for sending you marketing you can object. In either case, just let us know using the details at www.egress.com/your-rights.

Free user account information

If you have a free user account with us and the domain of the email address associated with it is owned or controlled by an organisation (like your employer) then:

  • we may share details of the email address associated with your account with that organisation (either as a result of a request we receive or as part of discussions with it relating to a potential purchase)
  • if that organisation subsequently establishes a relationship with us and wishes to add your account to its own business account, then we’ll transfer your account into its business account and certain information concerning your free user account and your past use of it may become accessible to that organisation and its administrator.

If you provide us with information about others

If you or your business provide information to us about another person, or if you or your business send their information or Content using our platform or services, you must make sure you have the right and permission to do so. We’re reliant on this in order to receive and process the information you or your business provide. By providing it, you confirm that you do.

Where you use Threat Protection, or where you correspond with an individual or business that does so, your emails and their associated metadata may be routinely monitored to protect against the risk of misaddressed emails and to improve the accuracy of those decisions.

Sending information outside the EEA and the United States

Account Information, Threat Protection Data and System Data: To operate our group effectively we use shared systems, resources and subprocessors and so Account Information and System Data may be transferred, shared and processed within our group and to and by these third-parties. This may involve the storage, transfer and processing of this information outside the country where you, your business or a particular user is located. Where this happens, we’ll ensure that any such transfer or processing is subject to appropriate legal and technical safeguards.

Content: Your Content will be stored on secure servers. You acknowledge that our platform is a ‘software-as-a-service solution’. You, your users and recipients may access Content outside the country you’re located in (e.g. by logging in to your account anywhere in the world). Where this happens, Content may be processed by you or them on the device used wherever that is located.

Who we may share your information with

Account Information, Threat Protection Data and System Data: To operate our group effectively we use shared systems, resources and subprocessors and so Account Information, Threat Protection Data and System Data may be transferred within our group and to these third-parties. Details on these can be found through the subcontractor page available at www.egress.com/subcontractors.

We may share Threat Protection Data with other companies in our group and authorised sub-processors to provide the service that you’ve purchased from us.

Content: Your Content may be shared with third parties as directed by you through your use of the features of our Platform and services. We may share Content with other companies in our group and authorised subprocessors where necessary to provide the services that you have purchased from us.

Free user account information: We may share details of the email address associated with your free user account with the organisation (like your employer) that owns or controls the domain of the email address associated with it (this may be either as a result of a request by that organisation, or as a result of discussions relating to a potential purchase by it of a business account).

Transfer of Rights: We reserve the right to transfer our obligations, rights and permissions in Account Information, System Data, Threat Protection Data and Content to any organisation to which we may transfer our business or assets (including if we, or a relevant part of us or our assets, are proposed to be purchased or acquired by a third party).

Applicable law: We reserve the right to disclose Account Information, System Data, Threat Protection Data and Content in order to comply with legal or regulatory obligations, or a binding order of a legal, governmental or regulatory authority, or for the prevention and detection of crime or fraud, or to protect against imminent harm to the rights, property or safety of Us, our customers or the public.

What we need you to do

We need to make sure that the information that we hold about you (and if you’re a business, your users) is accurate, up-to-date and still relevant. As a result, we need you to tell us promptly if there are any changes to the information that you (or they) have provided by letting us know at DPO@egress.com.

You must ensure that you always have (and if you’re a business, that your users always have) a lawful reason for the processing of your Content and any third party email address through your use of our platform and services, and you must comply with all applicable law in respect of how you use it.

How long we'll keep your and your users information for

We’ll keep Account Information for as long as you or your business are a customer of ours. After you or your business stop being a customer, we may retain relevant Account Information in accordance with our retention policy at www.egress.com/legal (including to maintain records required for legal or regulatory reasons, showing that we complied with our contractual obligations, responding to any complaints or queries, and for research and statistical purposes). We’ll ensure its confidentiality where we do so.

Content and Threat Protection Data will be deleted in accordance with our retention policy. Please note that some of your information and Content may continue to be processed by us even after you cease to be a customer of ours where it forms part of another user’s content.

Your rights as an individual

As an individual user of our Sites, you may have certain rights by law in respect of the personal data that we hold about you. These rights may not always apply as the basis on which we’re processing your personal data may affect their availability, as may be available to you and will depend on where you are resident. You can find out more information about them and our Data Protection Officer at www.egress.com/legal/your-rights.

Cookies

To find out more about cookies and how we use them, see www.egress.com/cookies. If you live in California, we need to let you know that some web browsers may transmit “do-not-track” signals to the websites and online services you communicate with. Whilst there is no industry standard that governs what, if anything, we should do if we receive such a signal, our website will not set cookies if you have your browser set to ‘Do not track’.

Changes to this policy

We can change this policy from time to time through notice to You. We may in some instances require you and your users to read and accept any changes before continuing to use their account.

About us

We're Egress Software Technologies Inc. We're a Massachusetts corporation with our registered office at 51 Melcher Street, First Floor, Boston, MA 02210. You can contact us at info@egress.com. When contacting us we strongly recommend you don't email us confidential or personal information. If you do, it's at your own risk although the terms of this policy will apply to our use of that information.

Law

This Website Privacy Policy and any disputes hereunder will be governed by the laws of the State of Delaware, without regard to its conflict of law principles. We both acknowledge and agree that any litigation concerning them shall be submitted to and resolved by the state or federal courts in and for Boston, Massachusetts, and the parties consent to the exclusive jurisdiction and venue of such courts.

If you’re looking for our website privacy policy, or just browsing our site then see our policy at www.egress.com/website-privacy.

accreditations accreditations accreditations accreditations accreditations