Sendinblue attaches particular importance to the respect for the privacy of the Users and of the confidentiality of their personal data, and is thus committed to processing the data in compliance with the applicable laws and regulations, and in particular Law No. 78-17 of 6 January 1978 relating to Information Technology, Data Files and Civil Liberties (hereafter referred to as the “Data Protection Act”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter referred to as the “GDPR”).
Personal data: any information relating to an identified or identifiable natural person, that is, a person who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person.
Processing of personal data: any operation or any set of operations relating to personal data, whatever the process used, and in particular the collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as locking, erasure, or destruction.
Cookie : a cookie is a piece of information placed on the hard drive of Internet users by the server of the site they visit. It contains several pieces of data: the name of the server which installed it, an identifier in the form of a unique number, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and save pieces of information.
Data Controller – DPO
The data controller for the processing of the personal data referred to herein is Sendinblue, a simplified joint stock company with a share capital of 137,531 Euros, registered with the Paris Trade and Companies Register under number 498 019 298 and whose registered office is located at 55 rue d’Amsterdam, 75008 Paris, France.
Sendinblue has appointed a Data Protection Officer who can be contacted at the following address: firstname.lastname@example.org.
Sendinblue collects data from Users in order to make the Services for which they have subscribed to the platform available to them.
The mandatory or optional nature of the data provided (in order to complete the Users’ registration and to render the Services) is indicated at the time of collection by an asterisk.
In addition, certain data is collected automatically as a result of the User’s actions on the site (see the paragraph on cookies).
The personal data collected by Sendinblue during the provision of the Services is necessary for the performance of the contracts concluded with the Users, or to allow Sendinblue to pursue its legitimate interests while respecting the rights of the Users. Certain data may also be processed based on the Users’ consent.
The purposes for which Sendinblue processes data are the following:
- commercial and accounting management of the contract;
- management of customer acquisition and marketing activities;
- detection of malicious behaviour (fraud, phishing, spam, etc.);
- the improvement of the Users path on the site;
- more generally, any purpose referred to in Article 2 of Deliberation No. 2012-209 of 21 June 2012 creating a simplified standard for the automated processing of personal data relating to the management of users and prospects.
Recipients of the data
The personal data collected is intended for Sendinblue’s commercial and accounting departments. It may be transmitted to Sendinblue’s subsidiaries, or to third-party data processors which Sendinblue is authorized to use within the context of the performance of its Services.
In this context, personal data may be transferred to an EU or non-EU country. Sendinblue implements guarantees ensuring the protection and security of this data, in compliance with applicable rules and regulations.
Sendinblue does not transfer or rent personal data to third parties for marketing purposes without the express consent of the Users of Sendinblue.
In addition, personal data may only be disclosed to third parties for purposes other than marketing in the following cases:
- with their authorisation;
- at the request of the competent legal authorities, upon judicial request, or in the context of a legal dispute.
Data retention period
To satisfy its legal obligations or in order to have the necessary elements to assert its rights, Sendinblue will be able to retain the data under the conditions established by applicable rules and regulations.
Thus, personal data collected by Sendinblue relating to the identity and contact details of its Users is retained for a maximum period of two years after the termination of the contractual relationship for Users that are customers, or from their collection by the data controller or the last contact from the Users that are prospects, for the data relating to the latter.
The termination of the contractual relationship is understood as the express termination of the contract by the User, or the non-use of Sendinblue Services for a period of five years.
Rights of Users
In accordance with applicable rules, the Users have the right to access and rectify their personal data, which enables them to rectify, complete, update, or delete data that is inaccurate, incomplete, ambiguous, or outdated, or whose collection, use, communication, or storage is prohibited.
The Users also have the right to request the limitation of the processing, and to oppose on legitimate grounds the processing of their personal data. The User may also communicate instructions on the fate of their personal data in the event of their death.
Where applicable, the User may request the portability of their personal data or, where the legal basis for the processing is consent, withdraw their consent at any time.
The Users may exercise their rights by sending an email to email@example.com or a letter to:
Sendinblue SAS – Politique de confidentialité
55, rue d’Amsterdam 75008 Paris, France
These requests shall be processed within a maximum period of 30 days.
The Users may also at any time modify the data pertaining to them by logging on to https://www.sendinblue.com and clicking on “edit my profile” or by contacting the customer relations department at firstname.lastname@example.org
The Users may unsubscribe from the Sendinblue newsletter or marketing emails by following the unsubscribe links in each of these emails.
In the event of a dispute, the Users may file a complaint with the CNIL, for which contact details may be found at https://www.cnil.fr.
The Users may access detailed information on the use of their personal data, in particular concerning the purposes of the processing, the legal bases enabling Sendinblue to process the data, its storage period, its recipients, and, where applicable, its transfer to a country outside the European Union as well as the related compliance guarantees put in place for such transfers. To do so, the User can send their request by email to email@example.com.
Additional terms regarding the use of the Inbox Feature
- only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings, allowing Sendinblue to provide a web email client for the Users to compose, send, read, and process emails;
- never transfer such data to other parties unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets;
- in no way use such data for its management of customer acquisition and marketing activities;
- in no way use such data to serve advertisements;
- not allow humans to read this data unless Sendinblue has the User’s affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for Sendinblue’s internal operations, and even then, only when the data have been aggregated and anonymized.
Sendinblue has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent it from being accessed by unauthorized third parties, distorted, or damaged.
These measures include the following:
- Multi-level firewall.
- Proven solutions for anti-virus protection and detection of intrusion attempts.
- Encrypted data transmission using SSL/https/VPN technology.
- Tier 3 and PCI DSS certified data centres.
In addition, access to processing data on behalf of Sendinblue by the receiving third-party services requires authentication of the persons accessing the data, by means of an individual access code and password, that is sufficiently robust and regularly renewed.
Data transmitted over unsecured communication channels is subject to technical measures designed to make such data incomprehensible to any unauthorised person.
Any questions about the security of the Sendinblue website can be directed to firstname.lastname@example.org.
The Users shall be notified of any changes made to this policy via our website or by email at least thirty days prior, when possible, to their entry into force.
Sendinblue SAS – Politique de confidentialité
55, rue d’Amsterdam 75008 Paris, France