TRIAL TODAY GET IN TOUCH
close

Our approach to Platform Privacy

We're Egress Software Technologies Limited, part of the Egress Software Technologies Group. More information about our group can be found at www.egress.com/about.

Your information will be held by us for and on behalf of us and our group companies, and this policy sets out how we and they will look after information that you give us, or that we get from other sources, or learn about you through our relationship with you when you use our platform.

Below you can find details of:

  • the information we collect and how we get it
  • how we use that information
  • who we may share it with and why
  • where we may transfer and process it
  • what you need to do if you provide information to us about others

If you have any questions we’d be happy to answer them, just get in touch at DPO@egress.com.

This platform privacy policy was last updated on 22 October 2018. We updated it to:

  • amend the layout to make it easier to follow who we may disclose and share your information with, how long we retain your information and how we undertake marketing activities

The way we talk about the information we collect

Account Information

The database, logs and other collections of information about you (and, if you’re a business, your users) that is provided to us by you or your users, or that we obtain in connection with:

  • the creation and administration of your and their accounts.
  • your and their use of our platform and services (e.g. how they’re used, accessed and interacted with)
  • any permissions, consents or preferences that are given to us, including to access your data through third party email products when you use our plug-ins
  • you being our customer, and information that we obtain from third parties that may be linked to you, your employer or your organisation

Content

Data, text, audio, video and images transferred, stored, shared or hosted on or through the Platform by you and third parties. It does not include Account Information or System Data.

System Data

(i) Usage statistics, system logs, performance and security data, feedback data, records of support requests, and aggregated data about how our sites, platform and apps are used (e.g. performance counters, access logs, metrics, associated metadata, unique identifiers for devices, technical information about the devices you use, the network, operating system and browser).(ii) data identified as malicious (e.g. malware infections, cyberattacks, unsuccessful security incidents, or other threats). This may contain limited Account Information where it appears, for example, in log records but excludes Threat Protection Data.

Threat Protection Data

the record of individual user email behaviour and associations formed from the processing, collection and analysis of email metadata such as date and time, sender and recipient email addresses, and other unique message identifiers. It doesn’t include Account Information and System Data.

The information we collect and how we get it

From

How we obtain or receive it

Examples of the types of information

You

  • purchasing, registering for, logging into, or using your account
  • filling out forms on our website or apps
  • uploading or sending Content
  • making use of our services
  • making use of our services
  • contacting us
  • if you take part in our competitions or promotions
  • attending our webinars
  • Account Information
  • System Data
  • Content
  • Threat Protection Data
  • IP address

Third-parties

  • companies or individuals that introduce you to us
  • credit reference agencies
  • third-party Content that includes information about you, or your employer or organisation
  • making use of our services
  • filling out forms on our website or apps and providing information about you
  • contacting us and providing information about you
  • publicly accessible records
  • government and law enforcement agencies
  • filling out forms on websites or webforms that we host on behalf of a third party
  • Account Information
  • Content sent by other users or recipients
  • Threat Protection Data
  • open data and public records
  • credit reports or other financial assessments

Microsoft or Google

  • if you use our Outlook or Gmail plug-in, you grant us permission to access your email in order to encrypt or decrypt it
  • if you use Threat Protection, to process Threat Protection Data for that purpose.
  • Account Information
  • Content
  • Threat Protection Data

General use of our services

  • accessing and using them, our websites or apps
  • Account Information
  • IP address (this may not always be personal to you – e.g. where using shared networks)
  • System Data

Threat protection and email encryption

  • email meta data (date and time, sender and recipient email addresses and other unique message identifiers)
  • Content sent by you and other users or recipients
  • Account Information
  • Content
  • Threat Protection Data
  • IP address

IP address

  • when you visit our website, apps or use our platform and services we will record your IP address.
  • your IP address may be kept in log files or matched against public or proprietary IP address databases to provide us with information about your visit. This may identify the organisation to whom the IP address is registered (and may in some cases enable us to identify you)
  • IP address
  • Account Information

How we use the data that we collect

We use the Account Information, Content and System Data in each of the following ways.

Relationship management

What we use it for

Our reasons

Our lawful basis where you’re an individual

Our lawful basis where you’re a business

Information type

Manage, track and develop our relationship with you and your employer or organisation

Processing to complete any pre-contract processes that you request.

Performance of contract

Legitimate interests

Account Information

To ensure that we have a productive relationship where we’re able to meet customer needs and respond to them both proactively and reactively. This is core to our business and forms the cornerstone of success. If we were unable to process personal data for this purpose, our business would cease to function properly.

Legitimate interests

Legitimate interests

Account Information, System Data

To understand you and your employer or organisation better through the use of third party data.

Legitimate Interests

Legitimate interests

Account Information

We may use your information to create reports or profiles for marketing and analytics purposes.

Legitimate Interests

Legitimate interests

Account Information, System Data

Delivery of requested services

What we use it for

Our reasons

Our lawful basis where you’re an individual

Our lawful basis where you’re a business

Information type

Provide the platform and service access and support to you

To ensure that we meet our contractual obligations to you.

Performance of contract

Legitimate interests

Account Information, System Data, Content, Threat Protection Data

Provide guidance on our platform and services

This could include responding to pre-contract questions, and also dealing with support or service questions during our contract with you.

Performance of contract

Legitimate interests

Account Information, System Data, Content, Threat Protection Data

Respond to and resolve complaints, queries, requests and support tickets

To respond to your queries and to ensure that you’re able to use our platform and services appropriately. This may involve the recording of calls that you make to our support desks or sales teams for training and monitoring purposes. Processing of Content may be required for resolving some support tickets.

Legitimate interests

Legitimate interests

Account Information, System Data, Content, Threat Protection Data

Ensure our platform services are functioning properly

To ensure that we can provide the platform and services that we’re contracted to provide. This may include both automated and manual processing (but not automated decision making in the context of the Data Protection laws in the UK).

Legitimate interests, Performance of contract

Legitimate interests

Account Information, System Data, Content, Threat Protection Data

Alert you to issues or updates to your services

To ensure that you’re presented with relevant messaging based on the access and services that you’ve purchased from us and our group.

Legitimate interests

Legitimate interests

Account Information, System Data, Content, Threat Protection Data

Scan meta data to provide you with feedback on the interactions you are about to make, or to encrypt or unencrypt email traffic

To provide our Threat Protection and secure email services. Threat Protection requires certain information in order to understand your, and any of your users’, behaviour. Secure email requires the processing to meet the encryption and decryption obligations where you’ve requested this service.

Performance of contract

Legitimate interests

Account Information, System Data, Content, Threat Protection Data

Enable third party plug-ins you request

To integrate with and respond to third party plug-ins in order to provide the requested services.

Performance of contract

Legitimate interests

Account Information, System Data, Content, Threat Protection Data

Service Information by electronic means

We may send, or otherwise display, to you information about the services you receive from us (e.g. how you use them, how you could do so more efficiently, faults, issues, updates or notices of times when they’ll not be available).

Performance of contract

Legitimate interests

Account Information, System Data, Threat Protection Data

Delivering on contractual obligations and exercising rights

What we use it for

Our reasons

Our lawful basis where you’re an individual

Our lawful basis where you’re a business

Information type

Make and manage payments made by, or due to, you

Processing to achieve this purpose may take place both pre and post contract agreement (e.g. initial subscription payment and renewals).

Performance of contract, Legitimate Interests

Legitimate interests

Account Information, System Data

Meet and perform our audit obligations

We recognise that processing may be required in order to exercise our rights under the terms of our contract with you, or for our own compliance purposes.

Legitimate Interests, Legal obligation

Legitimate Interests, Legal obligation

Account Information, System Data, Threat Protection Data

Processing may be required where requested by a customer to meet any audits conducted in accordance with the terms of our contracts with them.

Performance of contract

Legitimate interests

Account Information, System Data, Threat Protection Data

Recover money owed to us or other companies in our group

To ensure that payments are both made and timely.

Legitimate Interests

Legitimate Interests

Account Information

Legal and regulatory risk management

What we use it for

Our reasons

Our lawful basis where you’re an individual

Our lawful basis where you’re a business

Information type

Detect and prevent crime

To ensure that we and our group can both detect and report criminal activity.

Legitimate Interests

Legitimate interests

Account Information, System Data, Threat Protection Data

Manage risk for us, our group and our customers

To ensure that we and our group can manage legal and regulatory risk and do so in the most appropriate and compliant manner.

Legitimate Interests, Legal obligation

Legitimate interests

Account Information, System Data, Threat Protection Data

Obey our or our group’s legal obligations

To ensure that we and our group can manage legal and regulatory risk and requests in the most appropriate and compliant manner. This may include adapting the way we and our group operates or engages to meet new or future obligations.

Legitimate Interests, Legal obligation

Legitimate interests, Legal obligation

Account Information, System Data, Threat Protection Data

Keep our records accurate and up-to-date

Processing to ensure we meet our obligations in respect of data accuracy (this may include acting in response to your notifications).

Legitimate Interests, Legal obligation

Legitimate interests, Legal obligation

Account Information

Run our and our group’s businesses in an efficient and proper way

We use shared systems, activities, suppliers and sub-processors in order to help manage legal and regulatory risk within our group, and to operate in a way that ensures quality, consistency and security of service delivery.

Legitimate Interests

Legitimate interests

Account Information, System Data, Threat Protection Data

Innovation and system development

What we use it for

Our reasons

Our lawful basis where you’re an individual

Our lawful basis where you’re a business

Information type

Develop new systems, features, functionality and ways to meet customer needs

We have a legitimate interest to understand how our platform and services are used, and to look at areas where customer needs could be met either as new functionality, or in improved ways.

Legitimate Interests

Legitimate interests

Account Information, System Data

Study how customers and users use our services

We have a legitimate interest to understand how our platform and services are used, and how customers benefit from the services that we provide to them.

Legitimate Interests

Legitimate interests

Account Information, System Data

Test new products and services

We have a legitimate interest in ensuring that prior to being launched, products and services operate in a secure and efficient manner.

Legitimate Interests

Legitimate interests

Account Information, System Data

Exercise our contractual rights

To ensure that we appropriately protect ourselves and our group based upon our contractual rights.

Legitimate Interests

Legitimate interests

Account Information, System Data

Show you the right websites

To ensure that you enter into any contractual relationship with the right company in our group. This also enables us to present content relevant to that jurisdiction where appropriate.

Legitimate Interests

Legitimate interests

Account Information, System Data, IP address

To create anonymous reports and statistics

We have a legitimate interest in understanding market risks, trends and activities and, where relevant, utilising the anonymous insights that we can gain from our platform and services in the provision of publicly available reports, blogs and other communications.

Legitimate Interests

Legitimate interests

Account Information, System Data

Marketing and promotion

What we use it for

Our reasons

Our lawful basis where you’re an individual

Our lawful basis where you’re a business

Information type

To develop and carry out marketing activities

We have a legitimate interest to conduct marketing, promotional and other advertising activities in order to grow our brand, and the awareness of our products and services.

Legitimate Interests, Consent

Legitimate interests

Account Information

To enable your participation in competitions and promotions

Where you’ve elected to take part, we will process your information in order to enable you to participate.

Consent

N/A

Account Information, System Data

We may use information that we hold about you (or if you’re a business, your users) to send information about our and our group companies’ products and services. This may be by email or other electronic means available to us in the future. We may use other information available to us in order to tailor our communications. If you’re an individual in most circumstances we’ll only do this if we have your consent but there may be some situations where we have a legitimate interest in doing so (e.g. where you complete a purchase through our online ecommerce platform).

If you’ve given your consent, you can withdraw this at any time, or if we’re reliant on our legitimate interests for sending you marketing you can object. In either case, just let us know using the details below.

Free user account information

If you have a free user account with us and the domain of the email address associated with it is owned or controlled by an organisation (like your employer) then:

  • we may share details of the email address associated with your account with that organisation (either as a result of a request we receive or as part of discussions with it relating to a potential purchase)
  • if that organisation subsequently establishes a relationship with us and wishes to add your account to its own business account, then we’ll transfer your account into its business account and certain information concerning your free user account and your past use of it may become accessible to that organisation and its administrator

If you provide us with information about others

If you or your business provide information to us about another person, or if you or your business send their information or Content using our platform or services, you must make sure you have the right and permission to do so. We’re reliant on this in order to receive and process the information you or your business provide. By providing it, you confirm that you do.

Where you use Threat Protection, or where you correspond with an individual or business that does so, your emails and their associated metadata may be routinely monitored to protect against the risk of misaddressed emails and to improve the accuracy of those decisions.

Who we may share your information with, and sending information outside the EEA

Details of the sub-contractors used in the provision of our Platform and services can be found through the sub-contractor page available at www.egress.com/subcontractors.

Who we may share your information with

Our reasons

Our lawful basis where you’re an individual

Our lawful basis where you’re a business

Information type

Outside EEA?

Microsoft

If you use Microsoft Office Online to edit documents within Egress Workspace, please be aware of how your Content is processed by Microsoft when using this tool. More details can be found here.

Performance of contract – we’re action your request to utilise that method of editing documents within Egress Workspace. You can change your election within your account settings.

Legitimate Interests

Content

Possible

Microsoft Dynamics

Used by us and our group companies for customer relationship management services.

Legitimate Interests

Legitimate Interests

Account Information

Possible

Egress Group companies

We use shared systems (such as our CRM platform, account systems and other internal platforms and processes) in order to operate our group effectively. Your information may be stored on these shared systems and therefore be accessible to other companies within our group.

Legitimate Interests

Legitimate Interests

Account Information, System Data, Threat Protection Data

Possible

Host providers

If you purchase our platform and services, we’ll host your Content on one or more of the providers listed here. Your Content will remain encrypted and these providers will not have access to it.

Performance of contract, Legitimate Interests

Legitimate Interests

Account Information, System Data, Content, Threat Protection Data

No

Zendesk, Inc.

Our support ticket system and online chat service are provided by Zendesk using an EEA hosted solution.

Legitimate Interests

Legitimate Interests

Account Information, data that you provide as part of your support ticket (we ask that this is kept to the minimum necessary and that you don’t include Content)

No

CalliTech Limited (trading as MoneyPenny)

Provide overflow support call services, and transfer out-of-hours support calls to our engineers.

Legitimate Interests

Legitimate Interests

Account Information

No

LogMeIn, Inc.

Our webinars, conference calls and remote access to your device (if that is required) are provided by this entity. The data collected by them is hosted using an EEA based solution. You’re able to determine if these are used (i.e. by accepting an invite to attend a webinar, conference call or by accepting our request to access your device – although this is rare).

Legitimate Interests

Legitimate Interests

Account Information (data you provide when registering), System Data

No

Communigator Ltd.

Assist in data collection and the sending out of marketing correspondence (therefore only relevant where you’ve consented to receiving this material). We also use a cookie provided by CommuniGator Ltd, please see our Cookie Policy for more information.

Legitimate Interests

Legitimate Interests

Account Information

No

The IT Service Limited

May be involved in providing training services to you where you purchase these from us.

Legitimate Interests, Performance of Contract

Legitimate Interests

Account Information

No

Law enforcement

We reserve the right to disclose information in order to comply with national, EU or Member State law to which we’re subject.

Legitimate Interests

Legitimate Interests

Account Information, System Data, Content, Threat Protection Data

Possible

Where any transfer outside of the European Economic Area (EEA) occurs, we’ll ensure that any such transfer or processing is subject to appropriate legal and technical safeguards.

Content: Your Content will be stored on secure servers in the European Economic Area. You acknowledge that our platform is a ‘software-as-a-service solution’. You, your users and recipients may access Content outside the European Economic Area (e.g. by logging in to an account anywhere in the world). Where this happens, Content may be processed by you, your user or the recipient on the device used wherever that is located. We’ll facilitate this processing for the purpose of performing our contract with you or a relevant recipient or user (where you’re an individual) or for our legitimate interests in providing the requested services to you (where you’re a business).

Your Content may be shared with third parties as directed by you through your use of the features of our Platform and services. We may share Content with other companies in our group and authorised subprocessors where necessary to provide the services that you have purchased from us.

Transfer of Rights: We reserve the right to transfer our obligations, rights and permissions in Account Information, System Data, Threat Protection Data and Content to any organisation to which we may transfer our business or assets (including if we, or a relevant part of us or our assets, are proposed to be purchased or acquired by a third party).

What we need you to do

We need to make sure that the information that we hold about you (and if you’re a business, your users) is accurate, up-to-date and still relevant. As a result, we need you to tell us promptly if there are any changes to the information that you (or they) have provided by letting us know at DPO@egress.com.

You must ensure that you always have (and if you’re a business, that your users always have) a lawful reason for the processing of your Content and any third party email address through your use of our platform and services, and you must comply with all applicable law in respect of how you use it.

How long we'll keep your and your users information for

Type of data

How long we keep it

Account Information

We keep this information throughout our relationship with you. Following termination or expiry of the last agreement between us, your account information (and that of any users of your business account) is kept in accordance with our retention policy available here. This is retained in this way for our legitimate interests in retaining records required for legal or regulatory reasons, showing that we complied with contractual obligations, responding to complaints or queries and for research and statistical purposes. We’ll ensure its confidentiality.

System Data

This is retained in accordance with our retention policy available here.

Content

This is retained in accordance with our retention policy available here. Content may continue to be processed after you cease to be a customer or ours where it forms part of another user’s content.

Threat Protection Data

This is retained in accordance with our retention policy available here.

Your rights as an individual

As an individual, you may have certain rights by law in respect of the personal data that we hold about you. These rights may not always apply as your location and the basis on which we’re processing your personal data may affect their availability. You can find out more information about them and our Data Protection Officer at www.egress.com/legal/your-rights

Cookies

To find out more about cookies and how we use them, see www.egress.com/cookies.

Changes to this policy

We can change this policy from time to time. You (and, if you’re a business, your users)should check this page periodically to make sure that you, or they, have read our most recent policy. When we do make changes, we’ll change the date at the top of this document. . If we make material changes regarding our privacy practices, we may in some instances require you and/or your users to read and accept any changes before continuing to use their account.

About us

We're Egress Software Technologies Limited. We're a limited liability company registered in England and Wales (number 06393598). Our registered office is 12th Floor, The White Collar Factory, 1 Old Street Yard, London, EC1Y 8AF, United Kingdom. Our VAT number is 921 4606 46. You can contact us at info@egress.com. When contacting us we strongly recommend you don't email us confidential or personal information. If you do, it's at your own risk although the terms of this policy will apply to our use of that information.

Law

If you’re a consumer, please note that these terms, their subject matter and formation are governed by English law. We both agree that the courts of England and Wales will have exclusive jurisdiction except that if you’re a resident of Northern Ireland you may also bring proceedings in Northern Ireland, and if you are resident of Scotland, you may also bring proceedings in Scotland.

If you’re a business, these terms, their subject matter and formation (and any non-contractual disputes or claims) are governed by English law. We both agree to the exclusive jurisdiction of the courts of England and Wales.

If you’re looking for our website privacy policy, or just browsing our site then see our policy at www.egress.com/website-privacy.

accreditations accreditations accreditations accreditations accreditations