Where we stand on gathering, sharing and protecting your info
Effective Date: May 2020
Welcome to Benchmark Email, owned and operated by Benchmark Internet Group (herein after referred to as "Benchmark," "company," "us," "we," and/or "our").
Controller of the Data File
The controller of the data file within the meaning of data protection law is Benchmark Internet Group:
Erin Posey - Director of Customer Success & Support
5500 Bolsa Avenue, Suite 245
Huntington Beach, CA 92649, USA
Phone: 866-991-4888 x116
Benchmark Email as the Contract Data Processor
Benchmark Email offers its business customers a technical solution (so-called software as a service), to allow for email campaigns to be created and sent to customer-specific contacts. The respective customer of Benchmark Email named therein is responsible in terms of content and data protection law for the email campaigns as the provider or the sender of the email campaign. Benchmark Email does not have an influence on this, and insofar as data protection law is concerned, is merely a technical service provider for contract data processing subject to the instructions of its customers. Therefore, any claims in consequence of receipt of an email campaign and its content must always be directed towards the provider apparent therein. This applies in particular for claims under data protection law for information, correction, blocking or deletion. The respective offeror or sender of the email campaign shall independently provide information (e.g. in a separate data privacy statement) about how personal data will be used—also while employing the technical platform of Benchmark Email.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Benchmark, and its parent company Benchmark Internet Group, participate in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Benchmark is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
Benchmark is committed to cooperating with the Swiss Federal Data Protection and Information Commissioner (FDPIC) and will comply with the advice given by the authority with regard to human resources data transferred from Switzerland in the context of the employment relationship.
Benchmark is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Benchmark complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Benchmark is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Benchmark may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Benchmark has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you are unsure about our privacy rules or this policy, please contact us at firstname.lastname@example.org.
The General Data Protection Regulation (GDPR) is a European privacy law that went into effect on May 25, 2018. It regulates how personal data of EU citizens can be collected, used, stored and processed by both European businesses and non-European companies that have European contacts. Benchmark Email complies with all GDPR regulations regarding personal data of EU citizens.
The California Consumer Privacy Act (CCPA) outlines a consumer's rights regarding their personal information and relating to the access of, deletion of, and sharing of their personal information that is collected by a business. Each consumer has the right to request that businesses subject to CCPA disclose how they obtained your personal information over the past 12 months.Those businesses may be customers of Benchmark Email, and they may not discriminate against you for exercising your CCPA rights. Furthermore, if the business sells your personal information, you have the right to opt-out of that sale.
Under the CCPA, Benchmark Email acts as a service provider when offering our software services to our customers. The collection of any personal information is done on behalf of our customers so that we may provide a service to them. Any request for access or deletion of your personal information under the CCPA should be directed to our customer whom you have a relationship with.
We will not charge anyone different prices or offer different quality of services to them should they exercise their CCPA rights. We will also not ask for your personal information unless the value of the incentive or enhancement is reasonably related to the value of your personal information.
Information We May Collect
When you sign up for a free account, we will ask you for information. This information may include:
- Your name
- Your company name
- Your company or home address
- Your telephone number
- Your email address
- Your email list details
- How many emails you plan to send
- Whether you use good email marketing practices
Likewise, when you sign up for a paid plan, we will ask you for the same information as above, as well as:
- The name on your credit card
- Your credit card number
- Your credit card number expiration date
- The three or four-digit safety code on the back of your card
Your billing address
In addition, if you contact us for more info on any of our partner programs, our non-profit discount program, our faith-based initiative discount program or other programs, we may also ask you:
- Your non-profit's name
- Your non-profit's 501(c) number
- Your faith-based organization's name
- The size of your organization or congregation
Our website offers a publicly accessible blog and a member community forum. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Our community forum provides the ability to create a personal profile which gives you the option to submit additional personal and demographic information about yourself, such as age and personal interests. To request removal of your personal information from our blog or community forum, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
Also available through our forum, you can choose to use our referral feature to tell a friend about our site. We will ask you for your friend's name and email address. We will automatically send your friend a one-time email notifying him or her to the aspect of the site you wanted to share. Benchmark stores this information for the sole purpose of sending this one-time. Your friend may contact us at firstname.lastname@example.org to request that we remove this information from our database. Alternatively, if you used a third party application to post such information, you can remove it, by either logging into the said application and removing the information or by contacting the appropriate third party application.
We also may display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us about using the information listed below.
When you use or interact with our services, we may collect data, which may include but is not limited to type of Internet browser, Internet Protocol (IP addresses), geographic location (approximate), a record of how you use our services and sites, referring/exit pages, operating system, date/time stamp, and/or clickstream data and other data. We use this information to analyze trends, to administer the site, to track users' movements around the site and to gather demographic information about our user base as a whole. We may combine this automatically collected log information with other information we collect about you. We do this [to improve services we offer you, to improve marketing, analytics, or site functionality.
We at Benchmark and our partners, affiliates, or analytics or service providers (Google, AdRoll, Yahoo, Bing), use technologies such as cookies or similar technologies to analyze trends, administer the website, tracking users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.
We partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here (or if located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.
What We Do with Your Information
We may use your personal information to:
- Fulfill your registration/order/purchase
- Send you an order confirmation
- Send you requested product or service information
- Respond to customer service requests
- Administer your account for proper functionality of our tools
- Send you a newsletter
- Send you marketing communications
- Call you for sales or support purposes
- Respond to your questions and concerns through our email and ticketing Zendesk service
- Facilitate your communication with other users
- List you in our member directory made available only to other members
Period of Storage
Your personal data will be kept for no longer than is necessary for the specific purposes for which the personal data are processed. More precisely, personal data is kept as long as actions to Benchmark are necessary with regard to the purpose(s) of the processing of personal data.
Using Our Email Service
You can import contacts from various CRM systems and other email account address books to populate your email recipient lists. We collect the username and password for the account you wish to import your contacts from and will only use it for that purpose.
When sending emails via our service, we maintain strict privacy for all your data. Hence, if you upload or create an email list and store it online, and decide to purge or delete those email addresses, we do not keep them on our servers. They are gone forever, so please take note to export your data before you delete it if you may need to use it in the future.
While we may review your list when you upload it, just to make sure it's opt-in, we do not monitor or review the content beyond that first stage.
Also, when you create or upload an email list and store it with our service, we do not sell, rent or give away the data on your list. That data is yours and yours alone, we merely store it for you when you use our service.
Regarding 3rd Party Data Processes through Our Email Service
Benchmark collects information under the direction of our customers, and has no direct relationship with the individuals whose personal data it processes as part of providing the Service. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our customers.
An individual who seeks access, who seeks to correct, amend, delete inaccurate data or withdraw consent to further contact should direct his/her query to the Benchmark customer they interact with directly (the data controller). If a Benchmark customer requests that we remove personally identifiable information on their behalf, we will respond to their request within 30 days.
Benchmark will retain personal data we process on behalf of our customers for as long as needed to provide services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When and How We Share Your Information
Benchmark does not sell or market your personal information to third parties.
We may provide your personal information to companies that provide services to help us with our business activities such as offering customer service. These companies are authorized to use your personal information only as necessary to provide these services to us.
Benchmark will only disclose your data, the content of your private communications, or the contact information of your recipients if required to do so by law, or as otherwise stated in this Statement, or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal or bankruptcy process served on Benchmark; (2) protect and defend the rights or property of Benchmark and others, including among other things to enforce our Terms of Service; (3) act under exigent circumstances to protect the personal safety of its members or the public; (4) to correct technical problems and malfunctions in how we provide our service to you and to technically process your information; (5) to take precautions against liability; (6) to respond to claims that information you have submitted to Benchmark has violated the rights or interests of a third party; or (7) as permitted by law or to provide information to law enforcement agencies.
Also, certain technical processing of email messages and their content that are required for: (1) sending and receiving messages; (2) conforming to connecting networks' technical requirements; (3) conforming to the limitations of the Service; or (4) other similar technical connecting requirements.
It is possible that as we continue to develop our business, Benchmark may be acquired. In such a transaction, your information may be transferred to the acquiring entity. Should this happen, you will be notified via email and a prominent notice on our Web site for 30 days prior to a change of ownership or control of your personal information. If as a result of the business transition your personally identifiable information will be used in a manner materially different from that stated at the time of collection, you will be given choice consistent with our notification of changes section.
Using sign-in services such as Facebook Connect, Twitter, Google and others, you may leave comments on our blog, reviews in our Marketplace, and Benchmark customers can integrate social media features into email campaigns. These services will authenticate your identity and may give you the option to post information about your activities on this Web site to your profile page to share with others within your social network.
Third Party Contracts and Understandings
The following is required to be stipulated in contracts between third parties and Benchmark in order to be compliant with Privacy Shield framework’s Onward Transfer Principle.
Contracts must be in place with all third parties to whom the company will have personal data (received under Privacy Shield) be processed.
Wherein “Processing” means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
Contracts must be in place with all third parties to whom the company will transfer personal information received under Privacy Shield to.
For transfers to third parties not acting as a service provider (e.g., controllers):
• Wherein, “Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.
1. Contract must be in place specifying and limiting data processing purposes consistent with the Individual’s consent.
2. Ensure the third party complies with the obligations associated with the PI (privacy information), and same level of privacy protections are in place.
3. Contractually require the third party to provide notice if they are no longer to meet with the obligations associated with the data, and to either cease processing or remediate.
*Contract is not required if transferring data within a controlled group of entities and another mechanism such as BCRs** or intra-group agreements are in place.
Transfer to third parties who are service providers (e.g., processors):
1. Contract must specify and limit the purposes of processing, and act only on instruction of the transferring organization (e.g., the controller).
2. Take reasonable steps to ensure service providers act only as instructed and put in place appropriate safeguards to protect information.
3. Contractually require the service provider to provide notice if they are no longer to meet with the obligations associated with the data, and to either cease processing or remediate.
4. Assist, as appropriate, in responding to individual’s requests around notice, choice, access, and privacy-related complaints. Specify this requirement, as appropriate, in the contract.
5. Require that the service provider require its sub-processors to comply with the obligations associated with PI they are processing.
*Upon notice, the company must stop and remediate any unauthorized processing by the service provider.
User Access and Preferences
Upon request Benchmark will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com.
If your personal information changes, or if you no longer desire our service, you may correct, update, amend or delete/remove certain information by making the change in your user account settings portal, by emailing our Customer Support at firstname.lastname@example.org or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 30 days.
Benchmark acknowledges that you have the right to access your personal information. Benchmark has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the Benchmark Client (the data controller). If requested to remove data we will respond within a reasonable timeframe.
We will retain your information for as long as your account is active or as needed to provide you services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to subscribe to our newsletter, we will use your name and email address to send the newsletter to you. We may also send our customers promotional emails occasionally. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page or you can contact us at email@example.com.
The security of personal information is important to us. When you enter sensitive information (such as a credit card number) on our site, we encrypt the transmission of that information using secure socket layer technology (SSL). Our Service platform is also encrypted to protect the integrity of our customers' information.
We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. Benchmark Email uses up to TLS 1.3 for our email transmission with any mailbox providers that support it. No method of transmission over the internet, or method of electronic storage is 100% secure, however.Therefore, we cannot guarantee absolute security. If you have any questions about the security of your data or our policies, you can contact us at firstname.lastname@example.org.
The profile you create on our site will be publicly accessible unless otherwise indicated. You may change the privacy settings of your profile through your account portal.
Links to Other Websites
Benchmark Policy Changes
As with any business, we reserve the right to make changes to our privacy statement, policies and practices. Should this happen, we will notify you or our Client at least 30 days before those changes take place by email (sent to the email address specified in your account) or by means of a notice on this Site prior to the change. If these new policies and practices reflect something different than what we're already doing, we'll give you the choice, at least 30 days in advance of those changes, to either continue with us or cancel your service and go elsewhere.
5500 Bolsa Avenue, Suite 245
Huntington Beach, CA 92649, USA
Phone: 866-991-4888 x116