Home 9 PoliteMail Data Privacy & GDPR Compliance

Privacy by Design

It’s Your Data,
We Process and Protect It.

 

See How PoliteMail Protects Your Privacy and Data.

Now measure your most effective employee communication channel while keeping your employee’s personal data private. We take proactive measures to identify risks and build data privacy and security controls into our software and services. PoliteMail is compliant with global privacy legislation including the EU GDPR, the Californian CCPA and the Canadian PIPEDA.

Measure your most effective employee communication channel while keeping your employees’ personal data private. We take proactive measures to identify risks and build data privacy and security controls into our software and services.

Data Security
Is a Privacy Feature

Privacy is accomplished with effective data security practices, which follows the data through it full lifecycle, from initial collection, to reporting, to archiving and deletion.

Transparent
Policies

We are completely transparent about our policies, operational practices, technology platforms and data processing. We never sell or share your company or personal data with any third parties.

GDPR
Compliance

PoliteMail complies with all the requirements of the recent EU privacy legislation, and currently complies with both the EU-US Privacy Shield and the Standard Contractual Model Clauses. Additionally, we can host your data in the US, EU, Asia or AU, per customer order.

While PoliteMail customers, as the data controllers and owners, have the primary responsibility and obligation to protect personal data, as a processor providing software and services, we commit to having implemented security and privacy safeguards, policies and practices to protect the data privacy of individuals and give them the right to access information collected about them.

Privacy by Design and Default.

When developing our software products and services, we consider both our customer and their data subjects (typically employees).

By default, PoliteMail provides statistical email analysis at the anonymous level, which means, while you know who the email was sent to (e.g. the employees on the distribution list), and you will have accurate statistics regarding the number of people and devices interacted with your message, you will not know specifically who.

PoliteMail provides dedicated cloud services and databases so your data is never at risk of being intermingled with other customers. While virtual machines may run on the same physical hardware as that of other customers, we use logical isolation and storage segregation to maintain clear separation. All data in transit is encrypted using the HTTPS TLS1.2 protocols and at rest with AES256 encryption.

We build privacy into our software and services when developing our products. We follow a security development lifecycle to address privacy and security concerns up front. We ensure we code against the SANS/CWE Top 25 most dangerous software errors, conduct static and dynamic vulnerability scanning on every build, and conduct at least annual third party application penetration testing.

How We Manage Your Data

We use your customer data only to provide the services we have agreed on, and never share or sell it for marketing or advertising. We make contractual data security and privacy commitments for the software and services we agree to provide. We strive to maintain transparent policies and processes, so our customers and their employee data subjects can be fully aware of the data being collected, its purpose, and what operations are being performed on that data. We provide ready access to your data, so you may extract as desired, and if you leave our service we follow specific processes to remove your data from our systems.

How We Limit Access to Your Data

We take proactive measures to protect your data from unauthorized or inappropriate access, following least privilege principles using role-based security group controls, IP restrictions and multifactor authentication for PoliteMail personnel. All PoliteMail employees are required to sign confidentiality agreements and attend data security and privacy awareness training upon hire and at least annually.

Data Locations

PoliteMail limits our use of subcontractors to only our Tier 1 cloud hosting service providers, whom we maintain active partnerships with, and with whom we have agreements which are at least as stringent as our own data-processing terms.

Customers may select a specific geographic location, such as within the EU, and even when data services are provided.
AWS | MS Azure
US EAST – Virginia
US WEST – Washington
EU – Ireland
EU – Germany
AsiaPac – Singapore
AsiaPac – Australia

How We Respond to Legal Requests for Customer Data

In the event of a legal hold or government request for data, we follow our standardized, contractual processes to provide you with notice and a copy of such request, unless legally prohibited to do so.

How Does Politemail Anonymization Work to Protect the Privacy of Your Employees?

Personal data, including name and email address is always stored within our systems, as we use that information to address and send your email messages, so you will have a record of who the email was sent to.

When it comes to the analytics data, PoliteMail utilizes anonymization and pseudonymization techniques to protect the identity of the email recipients, such that their specific interactions cannot be tied back to a specific person.

Anonymization means the data cannot be identified to a person, and pseudonymization or encryption means no individual can be identified without a specific “key” and such a key is kept separate from the data.

When PoliteMail sends an email, it creates a pseudo anonymized record, one for each recipient, and it inserts unique, anonymized tracking encoding into the email message for each recipient, which is directly related only to the pseudo anonymized record. Specifically, PoliteMail includes an https request to a tiny, transparent image hosted on the analytics server, commonly called a “beacon image,” and it will rewrite any URLs contained within the email message to a redirect URL which is also hosted on the PoliteMail analytics server.

When recipients receive and interact with the email message, PoliteMail will receive and process those https requests. Such requests include what is commonly called a “user agent” which does contain some personal data, such as IP address or device ID, but only because that information comes over with all standard web https requests. We do not store the user agent or IP, but instead process it to extract some non-specific personal data which is useful for analysis, such as geographic location (to the city level, using a reverse IP look-up database), operating system and device type (such a Windows or iOS and iPhone) and browser and screen size.

In this way, PoliteMail is able to provide accurate analytics down to a specific person, but without identifying who that person is. In other words, PoliteMail will be able to measure if a specific email message was read by one person, using two different devices, but you will not be able to determine who that person was.

Certain features of PoliteMail may make it possible to infer the identity of an individual, for instance, if you sent an email to a list of 3 people, one in each of 3 cities or countries, Then you will likely be able to use the geolocation data to infer a person.

Therefore, in addition to anonymization, PoliteMail provides limitations on segmentation size – the minimum size at which PoliteMail will show certain data. Using the example above, as the send was less than 10 people, no data would be shown, nor would it be exportable by a user, for that send of three.

In the unlikely event of breach, say of the entirety of the server system and PoliteMail databases (meaning the compromise would have to exist at a level which would afford access to the data encryption keys) a person would have to invest significant time and have sufficient technical expertise of the data structures to reverse engineer the anonymization process and link interaction records to an individual.

What Data Does PoliteMail Process and Store?
DATA ELEMENT REQUIRED STORED PROCESSING STORAGE ENCRYPTION
USER/SENDER DATA
Email Message Yes Optional and temporary (as draft or scheduled send) Composing and sending email message AES256
USER EMAIL ADDRESS Yes Yes User Authentication AES256
USER PASSWORD Yes Yes User Authentication SHA256
USER TITLE Optional User Identity AES256
USER ADDRESS Optional User notifications AES256
USER PHONE Optional User notifications AES256
USER GROUP Optional User Identity, user segmentation AES256
USER REGION Optional User Identity, user segmentation AES256
RECIPIENT AND MAIL LIST DATA
RECIPIENT EMAIL Yes Yes Email addressing, list membership, subscription management, reporting segmentation
RECIPIENT NAME Optional (defaults to Outlook display name) Yes Email addressing, personalization, list membership AES256
RECIPIENT GEOLOCATION Yes Yes IP reverse lookup to ascertain long/lat to city level AES256
RECIPIENT TIME ZONE Yes Yes Working Hours AES256
RECIPIENT DEFAULT LANGUAGE (OFFICE SETTING) Optional Personalization, translation* AES256
RECIPIENT MANAGER EMAIL Optional Hierarchical list management, send from addressing, reporting segmentation AES256
DEPARTMENT Optional List management, reporting segmentation AES256
DIVISION Optional List management, reporting segmentation AES256
CAMPUS Optional List management, reporting segmentation AES256
BUILDING Optional List management, reporting segmentation AES256
MANAGER Optional List management, reporting segmentation AES256
EXECUTIVE Optional List management, reporting segmentation AES256
OTHER HR ATTRIBUTES IF/AS REQUIRED BY CUSTOMER Optional List management, reporting segmentation AES256
MESSAGE DATA AES256
EMAIL MESSAGE Yes Optional and temporary (as draft or scheduled send) Composing and sending email message AES256
USER EMAIL ADDRESS Yes Yes User Authentication AES256
USER PASSWORD Yes Yes User Authentication SHA256
USER TITLE Optional User Identity AES256
USER ADDRESS Optional User notifications AES256
USER PHONE Optional User notifications AES256
USER GROUP Optional User Identity, user segmentation AES256
USER REGION Optional User Identity, user segmentation AES256
RECIPIENT AND MAIL LIST DATA
RECIPIENT EMAIL Yes Yes Email addressing, list membership, subscription management, reporting segmentation
RECIPIENT GEOLOCATION Yes Yes IP reverse lookup to ascertain long/lat to city level AES256
SENT FROM NAME Yes Yes Email Addressing, reporting display AES256
SENT FROM EMAIL ADDRESS Yes Yes Email Addressing, Reporting segmentation AES256
DATE SENT Yes Yes Reporting and Analysis AES256
LISTNAME Yes Yes Email Addressing, Reporting segmentation AES256
RECIPIENT EMAIL ADDRESS Yes Yes Email addressing, reporting segmentation AES256
SUBJECT LINE Yes Yes Email Addressing, Reporting segmentation AES256
LINK TEXT & URL(s) Optional When included within email content will be stored unless ‘no track’ option is applied Yes Email content, click measurement and reporting AES256
WORD COUNT Yes Yes Reporting & analysis AES256
FLEISH READING EASE (And other text analysis attributes) Yes Yes Reporting & analysis AES256
IMAGE AREA Yes Yes Reporting & analysis
IMAGE(s) Optional If placed into message using PoliteMail tools AND Outlook embed images set to default off Yes Image content AES256
FILE ATTACHMENTS Optional Through upload via app SmartAttachment feature (10MB and format limited) Email content (as URL to hosted file) IP restricted optional AES256
RECIPIENT INTERACTION DATA
OPEN DATE Yes Yes Reporting analytics AES256
OPEN TIME Yes Yes Reporting analytics AES256
MESSAGE ID Yes Anon Reporting analytics AES256
RECIPIENT ID Optional Individual or Anonymized Anon Reporting analytics AES256
IP Yes Yes Reporting analytics AES256
USER AGENT Yes Yes Reporting analytics AES256
LONG/LAT Yes, Reverse IP lookup Yes Reporting analytics AES256
URL CLICKED Yes Yes Reporting analytics AES256
READ TIME Yes Yes Reporting analytics AES256

*Future

What’s the Intent?

The key principal of the data privacy regulation is that personal data is owned by the person, therefore, any collection, processing or use of such data must be handled with care and by permission only. The idea is to limit sharing, profiteering and breach of personal data, such that personal data provided for one purpose, may not be utilized for other purposes without the person’s further permission.

What Is Required for Compliance?

To collect, store and process personal data, a company must obtain and document consent from the individual, keep a record of it, and be able to produce it when requested.

Generally, and this is not legal advice, by providing an employee with an email address and clearly informing them by policy that you intend to send communications to them using that address and to statistically analyze their use of it, you have created informed consent, at minimum implied consent that your organization is using their name and email address in order to send them communications, and if they sign-off on specific acceptable use or internet use policies, and you are clear about your collection and use of data for statistical analysis, as it applies say to internet use in general or email, intranet and internet use specifically, then you have obtained explicit consent for such personal data collection.

Most PoliteMail customers will go one step further and utilize anonymous tracking, which uses a combination of anonymization and pseudo anonymization techniques to prevent the statistical data from being directly or indirectly identified to a person.

Additionally, for compliance, companies must provide the following:

Personal Privacy Rights of the Individual

  • Access their personal data
  • Correct errors in their personal data
  • Erase their personal data
  • Object to certain processing
  • Export their data

Organizational Controls & Transparent Policies

  • Person must consent to providing the data for the specific purpose
  • Use of the data should be transparent and clearly stated at point of collection
  • Personal data should be held no longer than necessary to fulfill the purpose
  • Personal data must be properly secured
  • Notification to authorities in the case of breach
  • Keep detailed records of content send processing
  • Define data retention and deletion policy

GDPR FAQ

Has Your Software Been Approved by the EU Works Councils?

With several global enterprises with headquarters based in Germany, PoliteMail has worked through approvals with the German Works Councils, known to be the most privacy restrictive in the EU.

In all cases, PoliteMail’s anonymous tracking methodologies, data processing, privacy and security procedures have been approved, accepted and are in use.

If We Have Employees in the EU, Can We Use Politemail Without Additional Policies?

Most certainly yes. You are already sending employees Outlook email, and by utilizing either our Anonymous or Aggregate tracking options (which can be locked down to a specific method) you will be in compliance with the GDPR.

Do I Have to Notify Employees about Tracking?

With anonymous or aggregate tracking, the email interaction data is not related to, or able to identify, a specific person – so you have no legal obligation to notify employees. Many customers do so implicitly by way of internet use or acceptable use policies (email analytics is similar to web analytics) and others elect to do so explicitly out of respect for employees, including a one-time or even per email notice such as “For statistical analysis we are collecting anonymized information about your interactions with corporate communications broadcast to you. Thank you.”