Confidentiality Policy Protection of Personal Data

As part of its business activities, SendinBlue is required to process personal data belonging to its customers/users/prospects and their customers/users/prospects in accordance with the French Data Protection Act no. 78-17 of 6 January 1978, as amended by the Act of 6 August 2004.

The confidentiality policy adhered to by SendinBlue is governed by the conditions shown below.

Definitions

Personal data: personal data refers to any information relating to an identified individual or an individual that can be identified, directly or indirectly, by means of an identification number or one or more elements that are personal to him/her.

Processing of personal data: the processing of personal data refers to any operation or group of operations pertaining to such data, whatever the process used, and in particular its collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission or otherwise making available, alignment or combination, blocking, erasure or destruction.

Cookie: a cookie is information placed on an internet user's hard disk by the server of a website he/she has visited. It contains several pieces of data: the name of the server that placed it there, an identifier with a unique number and possibly an expiry date. This information is sometimes stored on the computer as a simple text file which a server can access to read and save information.

Party responsible for data processing − Data protection officer

The party responsible for the processing of personal data referred to in this document is SendinBlue, a simplified joint stock company with a capital of 137,531 euros, registered with the Paris commercial registry under no. 498 019 298 and whose registered office is located at 47, rue de la Chaussée d'Antin, 75009 Paris, France.

SendinBlue has appointed Mr. Armand Thiberge as its data protection officer at the CNIL.

Data provided by the user

The user is the holder of the file's intellectual property rights and retains full and exclusive rights over the file transmitted to SendinBlue.

SendinBlue has access to the data provided by its users and held in their personal account, as well as to the subject line and content of emails sent to their contacts via SendinBlue services.

This data is stored on secure servers and is subject to computer processing to provide the service subscribed to by the user and improve SendinBlue's services.

The host servers on which SendinBlue processes and stores its databases are located exclusively within the European Union.

The behavior of the recipients of these emails may be subject to analysis (tracking of an individual's open, click and bounce rates) to improve its email marketing campaigns.

SendinBlue undertakes to neither transfer nor rent the data provided by its users.

Personal data provided by the user may only be disclosed to a third party in the following instances:

  • with the user's authorization and confirmation that the owner of this personal data has personally authorized its disclosure;
  • at the request of legally competent authorities, upon presentation of a court order or within the context of a legal dispute.

The user is responsible for processing his/her personal data under the terms of the French Data Protection Act no. 78-17 of 6 January 1978, as amended by the Act of 6 August 2004.

The user guarantees to SendinBlue that he/she will respect the provisions of the French Data Protection Act no. 78-17 of 6 January 1978, as amended by the Act of 6 August 2004, and notably:

  • that the personal data contained in the transmitted file was collected and processed in accordance with the provisions of the aforementioned law;
  • if applicable, the collection and processing were authorized by the owner of the data;
  • that he/she will allow the owners of the processed data to exercise their individual right to access, amend, rectify or delete any of their personal information;
  • that he/she undertakes to ensure that this information is rectified, completed, clarified, updated or deleted if it is inaccurate, incomplete, ambiguous or out-of-date, or if the owners wish to prohibit its collection or use, communication or retention.

SendinBlue will destroy any data file(s), as well as any media or copies made as part of its data processing and routing operations after a maximum period of 30 days following the termination of the contractual relationship.

The user can retrieve his/her data at any time by clicking on the 'export button' from his/her SendinBlue personal account.

Personal data collected directly by SendinBlue (data belonging to SendinBlue's customers/users/prospects)

Collected data

SendinBlue collects and processes the following data: email, first name, surname, country, address, intra-Community VAT number, mailing address, telephone number, IP address(es) and domain name, login and navigation data when authorized by the user, bank details when authorized by the user, order history, complaints, incidents and information relating to subscriptions and communications on our website.

When this data is collected, an asterisk indicates whether its provision is mandatory or optional (to finalize the user's subscription and provide SendinBlue services).

Moreover, some data is collected automatically as the user navigates the website (see the paragraph on cookies).

Data recipients

The personal data collected is reserved for SendinBlue's commercial and accounting departments.

It can be transmitted to sub-contracting companies whose services are required by SendinBlue as part of its operations.

SendinBlue will neither rent nor send personal data to third parties for marketing purposes without the express permission of SendinBlue users.

Apart from these scenarios, personal data may only be disclosed in the following instances:

  • with their authorization;
  • at the request of legally competent authorities, upon presentation of a court order or within the context of a legal dispute.

Use

The processing of personal data is necessary for SendinBlue to carry out its business.

It will be used for the following:

  • commercial and accounting management under the contract;
  • business development management;
  • the compiling of sales statistics and the monitoring of regulatory compliance relating to data protection;
  • in more general terms, any use referred to in article 2 of French Resolution no. 2012-209 of 21 June 2012 establishing a simplified standard for the automatic processing of personal data relating to the management of users and prospects.

Data retention period

Personal data collected by SendinBlue relating to the identity and contact details of its users and prospects is stored for a period of five years following the termination of the contractual relationship for data relating to users, or from the time it was collected by the data controller or from the last contact made by the prospect for data relating to prospects.

The termination of the contractual relationship is understood as being the deliberate cancellation of the contract by the user or the non-use of SendinBlue's services for a period of five years.

Rights of access, amendment and objection

In accordance with the French Data Protection Act no. 78-17 of 6 January 1978, as modified by the Act of 6 August 2004, the user has the right to access and amend personal information, which can be exercised by sending an email to [email protected] or a letter to:

SendinBlue SAS - Confidentiality Policy
47, rue de la Chaussée d'Antin
75009 Paris
France

The user may also, for legitimate reasons, object to the processing of data concerning him/her.

These requests are dealt with within a maximum of 30 days.

The user can also amend his/her personal data at any time by logging onto http://www.sendinblue.com and by clicking on 'edit my profile', or by emailing us at the following address: [email protected]

The user can unsubscribe from our newsletter and marketing emails by using the unsubscribe links contained in any of these emails.

The SendinBlue website uses cookies whose purpose is to make it easier to navigate the website, provide SendinBlue services, assess the website's audience and allow website pages to be shared.

Types of cookies used

Cookies needed to navigate the website

These cookies are needed for the sendinblue.com website to operate properly. They allow the website's main features to be used.

Without these cookies, users would not be able to use the website normally.

Functional cookies

These cookies allow a customized user experience to be provided.

Analytical cookies

These cookies allow website use and performance to be monitored and its operation to be improved by analyzing the traffic to information pages through the tracking of an individual's open, click and bounce rates.

Share button cookies

Social media cookies allow users to share pages and content on third-party social networks via social media sharing buttons.

Cookie management

Users can accept or refuse cookies on a case by case basis, or refuse all cookies by adjusting their browser settings.

If the user chooses to refuse all cookies, access to some of the website's pages will be limited.

Depending on which navigator the user has, cookies can be blocked as follows:

Internet Explorer

  • Click on the Tools button, then on Internet Options.
  • On the General tab, under Navigation History, click on Settings.
  • Click on the Display Files button.
  • Select the cookies you would like to block and click on Remove.

Firefox

  • Click on the Navigation Tools icon and select the Options menu.
  • In the window that opens, select Private Life and click on Display Cookies.
  • Select the cookies you would like to block and click on Remove.

Safari

  • Click on the Edit icon and select the Preferences menu.
  • Click on Security and then Display Cookies.
  • Select the cookies you would like to block and click on Remove.

Google Chrome

  • Click on the Tools icon, select the Options menu and then click on the Advanced
  • Options tab to access the Privacy section.
  • Click on the Display Cookies button.
  • Select the cookies you would like to block and click on Remove.

Cookie retention period

Cookies will be held on the user's device for a maximum period of 13 months from the date the user gives consent.

Once this period has expired, consent will need to be given again.

Location of stored data

The host servers on which SendinBlue processes and stores its databases are located exclusively within the European Union.

SendinBlue undertakes not to transfer data outside of the European Union.

Security

SendinBlue has taken all necessary precautions to safeguard personal data and, in particular, to prevent it from being misrepresented, damaged or accessed by an unauthorized third party.

These measures include the following:

  • Multi-level firewall,
  • Anti-virus with a proven reputation for detecting attempted intrusions,
  • Encrypted data transmission using SSL/HTTPS/VPN technology.

Moreover, persons from SendinBlue’s recipient departments wishing to access the data must be authenticated using an individual access code and password that are sufficiently robust and changed regularly.

Data processed via non-secure communication channels is subject to technical measures rendering it incomprehensible to any unauthorized person.

Any questions about the security of our website can be addressed to [email protected]

Amendments to the Confidentiality Policy

SendinBlue reserves the right to amend this Confidentiality Policy to comply with any changes to the laws and regulations in force.

Any amendments will be communicated via our website or by email, as far as possible, at least thirty days before they come into force.

Contact