PRIVACY POLICY

Last Updated: 05-01-2024

1. Introduction

   1. This Privacy Policy (this “Privacy Policy”) governs the processing by EasyDMARC B.V., a private limited liability company (in Dutch: besloten vennootschap met beperkte aansprakelijkheid), incorporated and governed under the laws of the Netherlands, having its statutory seat in Zoetermeer, the Netherlands, and its registered address at Vlamingstraat 4, 2712 BZ, Zoetermeer, registered with the trade register of the Dutch Chamber of Commerce under number 82516138 (“EasyDMARC”, “we”, “our”), of information from individuals including our customers, other users of our website https://easydmarc.com (“Website”) and its subdomains, our apps (“Apps”), and those we interact with offline, for which EasyDMARC qualifies as a controller under the GDPR. Hereinafter we refer to such individuals as “you”. This Privacy Policy comports with EU data protection regulations. If you are a resident of the United States (US), US Privacy Policy, which is only valid for orders with EasyDMARC Inc.. accessible here.

      When we use the term “Personal Data” or “Personal Information”, we refer to any means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (“Personal Data”).

   2. Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Information and how we will treat it.

   3. EasyDMARC may amend this Privacy Policy at any time. In case the Privacy Policy is amended, we will make the amended Privacy Policy available to you on our Website. Please review this Privacy Policy whenever you visit the Website or when prompted when we collect Personal Information from you offline to check if there have been any changes, so that you know the terms that apply to you at that time. At the top of this Privacy Policy, you can see when this Privacy Policy has been last updated.

2. Processing of Personal Data

   1. We collect and process the following types of information from and about you which may include Personal Data. These include information:

      • By which you may be personally identified, such as name, e-mail address, or other details to help you with your experience;

      • Collected via our apps and aggregated in XML reports;

      • Collected through your use of our services such as the number of emails you have sent out, the sender and the recipient of the emails, and the domain from where they were sent and in certain instances information on the subject line of emails you sent out (more on this below);

      • Your IP address; and

      • Your Website usage and browser setting

      For the avoidance of doubt, we do not have access to the content of any the emails that are sent out using our services. However, certain reports that can be generated using our services will include information on such emails’ subject lines. Hence, we strongly discourage you not to include any personal information on the subject line of any email that you sent out using our services and ensure that your employees, agents and other representatives using our services do the same. Subject lines are only stored if you use RUF reports, so if you do not want to store subject lines, please consider to not configure RUF and only use the RUA reports.

      For some processing of Personal Data we may qualify as a processor, such as the e-mail addresses and accidental personal information in the subject line. We do not process this Personal Data other than we are instructed to do so.

   2. We collect your Personal Data in different ways:

      • Directly from you: For example, by asking you to provide it to us (for example by filling out forms on our Website (e.g., registration, subscription, “contact us” forms etc.) or if you post contributions through interactive features on our Website (e.g., reviews, testimonials, social media feed, etc.); subscribe to a newsletter, respond to a survey, use live chat, open a support ticket or enter information on our Website).

      • Indirectly from you: For example, through automatic data technologies or tools (e.g., Cookies (as defined below) and other tracking technologies, including but not limited to Google Analytics), which collect certain information about your IP address, Website usage, and browser setting. For more information on the automatic tools (Cookies and scripts) we use, please see below Section about “Cookies” under Section 4.

      • From third parties: For example, through advertising networks, from service providers, data analytics providers, social media, etc.

   3. We store your Personal Data in accordance with Soc 2 audit criteria for as long as necessary to perform the purposes of processing as set forth in Section 3 of this Privacy Policy. This includes but is not limited to storing your Personal Data at least for the period necessary to enable your use of our services or our Website.

3. Purposes of Personal Data collection and grounds for processing

   1. Personal Data is collected and processed by EasyDMARC for the following purposes and on the basis of the following grounds:

      • Fulfilling or meeting the reason you provided the Personal Data. For example, if you disclose Personal Data to ask a question about our products or services, we will use such Personal Data to respond to your request/inquiry, based on your legitimate interest. If you provide your Personal Data to purchase a product or service, we will use such Personal Data to process and fulfill your orders and transactions, verify your information, or process payment, in order to perform the contract we have concluded with you;

      • Presenting our Website and its contents and interactive features to you, maintaining or servicing your accounts (e.g., we will contact you via the email address you provided to us if your password or your email address in our records has been changed), and providing customer service (including providing you with support, investigating and addressing your concerns, and monitoring and improving our responses), in order to perform the contract we have concluded with you;

      • Providing, supporting, personalizing, and developing our Website, products, and services, based on our legitimate interest;

      • Personalizing your Website experience and delivering to you content and product and service offerings relevant to your interests, including offers and ads through our Website, third-party sites (e.g., social media platforms), and via email or text message, including remarketing, targeted advertising, and profiling, based on your and our legitimate interest, performance of the contract or with your consent, where required by applicable law;

      • Notifying you about changes to our Website or any products or services we offer or provide through it, in order to perform the contract with you;

      • Auditing related to counting ad impressions, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards, based on our legitimate interest or because we are legally obliged to do so;

      • Helping to ensure the safety, security and integrity of our Website, products, databases, other technology assets, and business, based on our legitimate interest and/or to perform the contract with you;

      • Debugging to identify and repair errors that impair existing intended functionality of our Website, based on our legitimate interest;

      • Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of your current interaction with us, based on our legitimate interest or your consent where required by applicable law;

      • Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Website users is among the assets transferred, based on our legitimate interest;

      • Responding to law enforcement requests and as required by applicable law, court order, or governmental regulations, because we are legally obliged to;

      • For purposes you consented to.

   2. We may also contact you to further promote EasyDMARC, our Website, or any of our future services. If you do not wish to receive any such materials or information from us, please do not click the box on the Webpage when prompted. Should you wish to opt out, please do so by selecting the desired options in your EasyDMARC account or making use of the opt-out option provided to you in every email we send you.

4. Sharing of your Personal Data

   1. EasyDMARC discloses your Personal Data to the following third parties

      • Service providers: We may disclose your Personal Data with service providers that provide services to enable your use of the Website and the fulfillment of the obligations of our contract (e.g., payment processors, cloud providers etc.);

      • Marketing partners: We coordinate and disclose your Personal Data with our marketing partners, including advertising networks, internet service providers, data analytics providers, social networks, and marketing communication providers, in order to communicate with you about our products and services and market our products and services to you. They include Google LLC and Meta Platforms, Inc. for their remarketing and re-engagement of audiences. You can also learn more about how to opt out of these uses by visiting the privacy policies of Google LLC and Meta Platforms, Inc. You can access those privacy policies here https://policies.google.com/privacy?hl=en-US.

      • Business partners and affiliates: We may also disclose your Personal Data with business partners or affiliates (i.e., those that promote our products and services) in order for us to assess inter alia whether such affiliates referred you to us as a client.

      • Other companies in the EasyDMARC group: We may disclose your Personal Data to companies within the EasyDMARC group to the extent necessary for us to fulfill the purposes mentioned under Section 3;

      • Business transactions or reorganizations: We may disclose your Personal Data with a third-party during negotiation of, in connection with, or as an asset in a corporate business transaction (such as a merger, acquisition, joint venture, or financing or sale of EasyDMARC assets). Your Personal Data may also be disclosed in the event of insolvency, bankruptcy, or receivership;

      • Legal representatives, government authorities, law enforcement representatives: We may disclose your Personal Data with third parties, such as legal advisors and law enforcement to comply with court orders, enforcement actions, and applicable laws, rules and regulations;

      • For the purpose of cross-context Behavior Advertising; Targeted Advertising; Profiling. Cross-context behavior advertising means targeted advertising sent to you based on your Personal Data obtained from your activity across businesses, websites, applications, or services with which you intentionally interact. Profiling means any form of automated processing of Personal Data to evaluate and predict certain aspects about you. We allow certain third-party companies to place tracking technologies like cookies and pixels on our sites, which enable those companies to receive information about your activity on the Website that is associated with your browser or device. Additionally, we might actively provide third-party companies information about you so that such third-party companies may create lookalike audiences – customers likely to be interested in our offerings because they share characteristics similar to our existing customers - based on the information provided about you. These third parties may use that data to serve you more relevant ads on our Website or the websites of others, or they may create lookalike audiences with other members who share your characteristics and provide us with the opportunity to expand and target our advertising efforts to the members of the lookalike audience. Such advertising is also known as interest-based advertising (also known as online behavioral advertising), cross-context behavior advertising, profiling, or targeted advertising. We may receive from such companies discounts or certain free services (e.g., free analytical services from Google LLC, or free creation of a lookalike audience by Meta Platforms, Inc. or LinkedIn Corporation.

      The information being collected by these third-party companies may include anonymized information (e.g., click stream information, browser type, time and date, subject of advertisements clicked or scrolled over, hardware/software information, and session ID), and personally identifiable information (e.g., static IP address).

      Google Analytics, Google Ads, and Remarketing

      We use a tool called “Google Analytics”, a web analytics service provided by Google to monitor the performance of our Website and collect information on your use of our Website. You can learn more about how Google Analytics collects and processes information here: https://policies.google.com/privacy?hl=en-US; and how to opt out of being tracked by Google Analytics by following the instructions found here https://tools.google.com/dlpage/gaoptout.

      We also use Google Ads for remarketing and re-engagement of audiences which allow us to reach people who previously visited our Website. Google may use Cookies and/or device identifiers to serve you ads on various sites on the internet based on your past visits to our Website. You may opt out of the use of this Cookie by visiting Google’s Advertising and Privacy through this link: https://policies.google.com/technologies/ads or by visiting Google Ads Settings accessible through this link: https://adssettings.google.com/anonymous?hl=en. We note that we only have access to de-identified information being collected by Google through these tools [and we do not have control over such collection or processing].

      In addition to Google Analytics, we use a tool called Hotjar to better understand how you use our Website and to enable us to improve the user interface, user experience, and internal data flows.

      Do Not Track

      Some internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track”, please visit here.

      Cookies

      We use cookies and other technologies (e.g., pixels, tags) (collectively, the “Cookies”) on our Website. Cookies are text or image data files that are placed or saved on the internet browser of the user’s computer system. They contain a string of characters that enables the browser or mobile device to be uniquely identified when the user visits the Website again. The purpose of the use of Cookies is to simplify the use of the Website for the Website’s visitor. All the information collected on our Website through Cookies is anonymized and de-identified.

      On the one hand, we use technically essential Cookies which are necessary to run the Website. That means, we are not able to deactivate these Cookies. On the other hand, we use Cookies for the analysis of the behavior of the Website’s visitors on our Website to measure our reach in the market. You may prevent the use of these Cookies by selecting the appropriate setting in our browser or managing your preferences via the pop-up window prior to entering the Website. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of the Website, particularly if certain technical Cookies are deactivated.

      We use the following Cookies on the Website:

      Cookie Name	Category	Domain	Cookie Type	Cookie Expiration Date	Description
      countryCode,country_code_*	Functionality cookies	easydmarc.com	First-party	1 month 1 day	This is the visitor's initial country code detected from the IP address
      KEYCLOAK_IDENTITY	Functionality cookies	uac.easydmarc.com	First-party	Session	Stores the authenticated user's identity token. This token includes claims about the user. The cookie is usually encrypted and signed to ensure its integrity and confidentiality.
      KEYCLOAK_IDENTITY_LEGACY	Functionality cookies	uac.easydmarc.com	First-party	Session	This is similar to KEYCLOAK_IDENTITY but may be used for older versions or for backward compatibility purposes. It serves the same purpose: storing the identity token of the authenticated user.
      KEYCLOAK_SESSION	Functionality cookies	uac.easydmarc.com	First-party	Session	Used to store the user session identifier. It helps in managing the user session on the server and is essential for session expiration, logout, etc.
      KEYCLOAK_SESSION_LEGACY	Functionality cookies	uac.easydmarc.com	First-party	Session	Similar to KEYCLOAK_SESSION, used for backward compatibility and functions the same way as KEYCLOAK_SESSION.
      AUTH_SESSION_ID	Functionality cookies	uac.easydmarc.com	First-party	Session	Holds the authentication session state, which could be considered the "master" session identifier. It is often used for Single Sign-On (SSO) purposes and helps in coordinating between various client applications and authentication realms.
      app_url	Functionality cookies	uac.easydmarc.com	First-party	365 days	"Back to application" button url
      sidebar_*,active_collapse	Functionality cookies	uac.easydmarc.com	First-party	365 days	Represents the active state of a sidebar, which is stored as a cookie
      connect.sid	Functionality cookies	uac.easydmarc.com	First-party	Session	EasyDMARC application session ID
      cf_*, __cf_bm, _cfuvid,	Functionality cookies	easydmarc.com	First-party	1 year	Set by Cloudflare for security and performance optimizations. These handle DDoS protection, bot mitigation, and visitor tracking.
      _csrf	Functionality cookies	easydmarc.com	First-party	Session	Random secret value, to prevent the submit of a request which the users isn’t authenticated for
      easydmarc_cookie_consent	Functionality cookies	easydmarc.com	First-party	30 Days	Utilized to manage the display of the cookie consent banner on the website.
      easy_r	Functionality cookies	easydmarc.com	First-party	10416 days	Designed to store the HTTP referral URL for tracking the source of web traffic
      IDE, test_cookie	Targeting cookies	.doubleclick.net	Third-party	1 year	Google Doubleclick cookies for targeted advertising and tracking user interactions with ads.
      li_*, lidc, AnalyticsSyncHistory, UserMatchHistory,bcookie, ln_or	Targeting cookies	.linkedin.com	Third-party	1 month	Used for tracking, security, and targeted advertising.
      _zitok	Strictly Necessary cookies	.zoominfo.com	Third-party	30 minutes	Used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
      YSC,VISITOR_INFO1_LIVE	Targeting cookies	.youtube.com	Third-party	Session	Set by Youtube to track views of embedded videos.
      _hj*	Strictly Necessary cookies	.easydmarc.com	Third-party	30 minutes	Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
      _ga*, _gid	Performance cookies	.easydmarc.com	Third-party	1 year 1 month	Used by Google Analytics to persist session state.
      __hs*, hubspot*,messagesUtk	Performance cookies	.easydmarc.com	Third-party	6 months	Hubspot specific cookies
      _gcl_au	Targeting cookies	.easydmarc.com	Third-party	3 months	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services
      _cl*, _uet*, MR, SM, bcookie, lidc, SRM_B	Targeting cookies	.easydmarc.com	Third-party	1 day	Microsoft Clarity and BING specific cookies

5. Security

   1. EasyDMARC is committed to securing the processing of your Personal Information, by maintaining administrative, technical and physical controls which are designed to protect your Personal Information against loss or theft, as well as against any unauthorized access, risk of loss, disclosure, copying, misuse, or modification. Therefore, we implement security measures where appropriate and applicable, such as, but not limited to:

      • Pseudonymization and encryption of Personal Information while in transfer; and

      • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

      • The ability to restore the availability of and access to Personal Information in a timely manner in the event of a physical or technical incident; and

      • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures to ensure security of processing.

      The safety and security of your Personal Data also depend on you. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our Website. Any transmission of Personal Data is at your own risk. We are not responsible for any circumvention of any privacy settings or security measures contained on our Website.

6. Retention Policy (our “Retention Policy”)

   Whenever the personal data is no longer necessary for the purpose for which it has been collected, we will destroy it, unless retention is required. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

   Because we have no access to the content of an email, we do not retain any Personal Data in relation thereto. We may, in very limited instances, need to maintain the content of subject line of certain emails.

7. Your rights

   1. We respect your rights under the GDPR. We will respond to requests for information as quickly as possible and, where applicable, will correct, amend, or delete your personal information.

      In such cases, we will need you to respond with proof of your identity before you can exercise these rights. In some cases, we might need additional information in order to identify you with these types of requests.

      You can exercise the following rights:

      • The right to access information

        At any point you can contact us to request the information we process of you. For information that is also present in the account, we advise you to check that first. There are no fees or charges for the first request.

      • The right to correct and update the information

        If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated. Some information can be adjusted in the account, we advise you to check this before you request us to do so.

      • The right to restrict the processing of personal data

        In certain cases you can restrict the processing of your data, for instance if you feel that the data we process is incorrect, and you do not want us to erase your data but restrict the processing.

      • The right to have your information erased

        If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purpose(s)).

      • Withdrawal of given consent

        When we process your personal data based on your consent, you have the right to withdraw this at any time.

      • The right to data portability

        If you want us to move your data to another data controller, you can do this in the circumstances that you have provided the data directly to us yourself, this data is processed based on your consent or used in order to fulfil a contract and the data is automated (this right does not apply to paper records).

      • The right to object to the use of your personal information

        You can object to processing of your personal data carried out by us (including profiling) if this is processed in our legitimate interests, to carry out a task in the public interest or in the exercise of official authority, unless we have legitimate grounds to do so. In the case of direct marketing you can always object to this processing. This also applies to the situation when your data is processed for scientific, historical or statistical research purposes, unless this is necessary for the public interest. Objecting to the processing when decisions are made on an automated basis is possible, unless this is necessary for the performance or entering into our contract, this is authorized by law, or when you have given us your consent.

      • Right to lodge a complaint with the Data Protection Authority

        If you feel that we have not dealt correctly with your personal data, you can lodge a complaint with the competent data protection supervisory authority.

      If you wish to exercise your privacy rights, you can send the request to EasyDMARC B.V., (address in the name of Vlamingstraat 4, 2712BZ Zoetermeer, Netherlands or to [email protected]) We aim to reply to your request within one (1) month. If your request cannot be processed within a month, you will be notified accordingly. If you have any questions about the policy of EasyDMARC with regard to the protection of personal data, these can be sent to the same post or e-mail address.

   2. Please be informed that when you exercise certain rights mentioned in Sections 7.1 (e.g., the right to deletion), we may no longer be able to offer you the use of the Website or portions thereof (e.g., access to your EasyDMARC account may be limited).

   3. We will remove your Personal Data pursuant to our Retention Policy. Should you decide to delete your account with EasyDMARC, please note that you will lose access to the Personal Data, courses, documents and other information in your EasyDMARC Account. EasyDMARC is not under any obligation to maintain a back-up of such information and data.

8. Minors

   The Website is not meant for users under the age of 16. We are committed to protecting the privacy needs of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. We do not knowingly collect information from users under the age of 16, and do not target users under the age of 16. If we receive a valid notice through [email protected] that a user under the age of 16 has provided us with Personal Information, we will take measures to delete it as soon as possible.

9. Links to Other Sites

   The Website may, from time to time, contain links to and from the websites, plug-ins and applications of our partner networks, advertisers, affiliates or social media sites. This Privacy Policy does not apply to your access to any Personal Information practices of such third-party websites and online services, which may (or may not) have privacy policies. Please understand that EasyDMARC does not control such “linked” websites (or the content contained on such websites) and takes no responsibility for their content. It should not be implied that EasyDMARC endorses or otherwise recommends such websites, or the products or services they offer. To learn about the data privacy practices of these third parties, please visit their respective privacy notices or policies.

10. Contact Information

    To ask questions about or comment on this Privacy Policy, contact us at:

    Phone: +1-888-563-5277
    Email: [email protected]
    Mailing Address: 8 The Green #7668, Dover, Delaware, 19901, United States
    Website: https://easydmarc.com/contact-us

    If you need to access this Privacy Policy in an alternative format due to having a disability, please contact [email protected] or +1-888-563-5277.