Privacy by Design
It’s your data, we process and protect it.
Now measure your most effective employee communication channel while keeping your employee’s personal data private. We take proactive measures to identify risks and build data privacy and security controls into our software and services.
Data Security is a Privacy Feature
Privacy is accomplished with effective data security practices, which follows the data through it full lifecycle, from initial collection, to reporting, to archiving and deletion.
We are completely transparent about our policies, operational practices, technology platforms and data processing. We never sell or share your company or personal data with any third parties.
PoliteMail complies with all the requirements of the recent EU privacy legislation, and currently complies with both the EU-US Privacy Shield and the Standard Contractual Model Clauses. Additionally, we can host your data in the US, EU, Asia or AU, per customer order.
While PoliteMail customers, as the data controllers and owners, have the primary responsibility and obligation to protect the personal data, as a processor providing software and services, we commit to having implemented security and privacy safeguards, policies and practices to protect the data privacy of individuals and give them the right to access information collected about them.
Privacy by Design and Default.
When developing our software products and services, we consider both our customer and their data subjects (typically employees).
By default, PoliteMail provides statistical email analysis at the anonymous level, which means, while you know who the email was sent to (e.g. the employees on the distribution list), and you will have accurate statistics regarding the number of people and devices interacted with your message, you will not know specifically who.
PoliteMail provides dedicated cloud services and databases so your data is never at risk of being intermingled with other customers. While virtual machines may run on the same physical hardware as that of other customers, we use logical isolation and storage segregation to maintain clear separation. All data in transit is encrypted using the HTTPS TLS1.2 protocols and at rest with AES256 encryption.
We build privacy into our software and services When developing our products. We follow a security development lifecycle to address privacy and security concerns up front. We ensure we code against the SANS/CWE Top 25 most dangerous software errors, conduct static and dynamic vulnerability scanning on every build, and conduct at least annual third party application penetration testing.
How we manage your data
We use your customer data only to provide the services we have agreed on, and never share or sell it for marketing or advertising. We make contractual data security and privacy commitments for the software and services we agree to provide. We strive to maintain transparent policies and processes, so our customers and their employee data subjects can be fully aware of the data being collected, its purpose, and what operations are being performed on that data. We provide ready access to your data, so you may extract as desired, and if you leave our service we follow specifies processes to remove your data from our systems.
How we limit access to your data
We take proactive measures to protect your data from unauthorized or inappropriate access, following least privilege principles using role-based security group controls, IP restrictions and multifactor authentication for PoliteMail Personnel. All PoliteMail employees are required to sign confidentiality agreements and attend data security and privacy awareness training upon hire and at least annually.
PoliteMail limits our use of subcontractors to only our Tier 1 cloud hosting service providers, whom we maintain active partnerships with, and with whom we have agreements which are at least as stringent as our own data-processing terms.
Customers may select a specific geographic location, such as within the EU, and even when data services are provided
USEAST – Virginia
USWEST – Oregon
AsiaPac – Singapore
AsiaPac – Australia
How we respond to legal requests for customer data
In the event of a legal hold or government request for data, we follow our standardized, contractual processes to provide you with notice and a copy of such request, unless legally prohibited to do so.
How does PoliteMail anonymization work to protect the privacy of our employees?
Personal data, including name and email address is always stored within our systems, as we use that information to address and send your email messages, so you will have a record of who the email was sent to.
When it comes to the analytics data, PoliteMail utilizes anonymization and pseudonymization techniques to protect the identity of the email recipients, such that their specific interactions cannot be tied back to a specific person.
Anonymization means the data cannot be identified to a person, and pseudonymization or encryption means no individual can be identified without a specific “key” and such key is kept separate from the data.
When PoliteMail sends an email, it creates an pseudo anonymized record, one for each recipient, and it inserts unique, anonymized tracking encoding into the email message for each recipient, which is directly related only to the pseudo anonymized record. Specifically, PoliteMail includes an https request to tiny, transparent image hosted on the analytics server, commonly called a “beacon image”, and it will rewrite any URLs contained within the email message to a redirect URL which is also hosted on the PoliteMail analytics server.
When recipients receive and interact with the email message, PoliteMail will receive and processes those https requests. Such requests include what is commonly called a “user agent” which does contain some personal data, such as IP address or device ID, but only because that information comes over with all standard web https requests. We do not store the user agent or IP, but instead process it to extract some non-specific personal data which is useful for analysis, such as geographic location (to the city level, using a reverse IP look-up database), operating system and device type (such a Windows or IOS and iPhone) and browser and screen size.
In this way, PoliteMail is able to provide accurate analytics down to a specific person, but without identifying who that person is. In other words, PoliteMail will be able to measure if a specific email message was read by one person, using two different devices, but you will not be able to determine who that person was.
Certain features of PoliteMail may make it possible to infer the identify of an individual, for instance, if you sent an email to a list of 3 people, one in each of 3 cities or countries, then you likely be able to use the geolocation data to infer a person.
Therefore, in addition to anonymization, PoliteMail provides limitations on segmentation size – the minimum size at which PoliteMail will show certain data. Using the example above, as the send was less than 10 people, no data would be shown, nor would it be exportable by a user, for that send of three.
In the unlikely event of breach, say of the entirely of the server system and PoliteMail databases (meaning the compromise would have to exist at a level which would afford access to the data encryption keys) a person would have to invest significant time and have sufficient technical expertise of the data structures to reverse engineer the anonymization process and link interaction records to an individual.
What data does PoliteMail collect and process?
What data does PoliteMail collect and process:
For managed-cloud-services accounts, where PoliteMail is providing the software as a service and managing the backend, we will collect and process data. For your-cloud-services accounts or on-premise accounts, where you IT team is responsible for managing the backend, PoliteMail will not be collecting or processing any personal data.
A User, as used below, means is a PoliteMail for Outlook application end user
A Recipient, as used below, is an employee email recipient (generally an Office Outlook or Office365 user in your environment)
What is the GDPR?
The EU General Data Protection Regulation, becoming effective May 25, 2018, is designed to unify and strengthen personal data handling for citizens of the European Union, no matter where the data collector is located.
What is Personal Data?
Personally Identifiable Information (PII), includes such items such a person’s name and email address, or combinations of data such as title and location, or any other data which can be used to identify them as a person, including online identifiers such as device IDs, IP addresses, and cookie identifiers. PoliteMail (and/or our Syncronym list management tool) may collect and process such data as the above, in order to send email messages and collect statistical data about their interactions with such messages.
See table of data collected and processed by PoliteMail
Sensitive personal data, a special category including additional items such as race, religion, political opinions, union membership, health data, etc. are generally not collected or processed by PoliteMail.
What’s the Intent?
The key principal of the data privacy regulation is that personal data is owned by the person, therefore, any collection, processing or use of such data must be handled with care and by permission only. The idea is to limit sharing, profiteering and breach of personal data, such that personal data provided for one purpose, may not be utilized for other purposes without the person’s further permission.
What is Required for Compliance?
To collect, store and process personal data, a company must obtain and document consent from the individual, keep a record of it, and be able to produce it when requested.
Generally, and this is not legal advice, by providing an employee with an email address and clearly informing them by policy that you intend to send communications to them using that address and to statistically analyze their use of it, you have created informed consent, at minimum implied consent that your organization is using their name and email address in order to send them communications, and if they sign-off on specific acceptable use or internet use policies, and you are clear about your collection and use of data for statistical analysis, as it applies say to internet use in general or email, intranet and internet use specifically, then you have obtained explicit consent for such personal data collection.
Most PoliteMail customers will go one step further and utilize anonymous tracking, which uses a combination of anonymization and pseudo anonymization techniques to prevent the statistical data from being directly or indirectly identified to a person.
Additionally, for compliance, companies must provide the following:
Personal Privacy Rights of the Individual
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to certain processing
- Export their data
Organizational Controls & Transparent Policies
- Person must consent to providing the data for the specific purpose
- Use of the data should be transparent and clearly stated at point of collection
- Personal data should be held no longer than necessary to fulfill the purpose
- Personal data must be properly secured
- Notification to authorities in the case of breach
- Keep detailed records of content send processing
- Define data retention and deletion policy
Has your software been approved by the EU Works Councils?
With several global enterprises with headquarters based in Germany, PoliteMail has worked through approvals with the German Works Councils, known to be the most privacy restrictive in the EU.
In all cases, PoliteMail’s anonymous tracking methodologies, data processing, privacy and security procedures have been approved, accepted and are in use.
If we have employees in the EU, can we use PoliteMail without additional policies?
Most certainly yes. You are already sending employees Outlook email, and by utilizing either our Anonymous or Aggregate tracking options (which can be locked down to a specific method) you will be in compliance with the GDPR.
Do I have to notify employees about tracking?
With anonymous or aggregate tracking, the email interaction data is not related to, or able to identify, a specific person – so you have no legal obligation to notify employees. Many customers do so implicitly by way of internet use or acceptable use policies (email analytics is similar to web analytics) and others elect to do so explicitly out of respect for employees, including a one-time or even per email notice such as “For statistical analysis we are collecting anonymized information about your interactions with corporate communications broadcast to you. Thank you.”