Privacy Policy

  1. General

    Flexmail provides a marketing platform that allows clients to reach their customers, to understand how their customers interact with those communications and other content, and to customize marketing based on their customers’ interests.

    This Privacy Policy explains how Flexmail collects, uses, and discloses information from its clients and business contacts when using our website and other online products and Services (collectively, the “Services”) or when otherwise interacting with Flexmail. This policy does not apply to the information that our clients import into our Services, such as the email addresses of their customers (see Section 8 on Client Data of the Flexmail General Terms and Conditions).

  2. Processing of Personal Data related to the Customer

    “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

    If, in the performance of the Agreement or the order, Flexmail processes any Personal Data related to the Customer or the Customer’s personnel, clients, suppliers or business, then the Customer remains the sole controller for the processing of such personal data and Flexmail is the processor thereof within the meaning of the applicable data protection legislation. In such case, Flexmail will act only on behalf of Customer and will process the personal data in accordance with the Agreement, order and any applicable data protection legislation, and only on the instructions of the Customer, and only for the purpose of performing its obligations under the Agreement.

    Flexmail will take the necessary technical and organizational security measures to protect the personal data from accidental or illicit destruction, accidental loss, modification of and access to the personal data by unauthorized persons, and from any other illicit processing of the personal data (a “Data Breach”). In the event of such Data Breach which complies with the conditions set forth in Articles 33 and 34 of the General Data Protection Regulation, Flexmail will inform the Customer thereof as to enable it to inform the competent authorities if so required by data protection law.

    The provisions set forth hereafter, shall become applicable as of 25 May 2018, the date of which the General Data Protection Regulation will become applicable:
    Customer understands and agrees that Flexmail may engage sub-processors for the performance of certain aspects of the Services. Such sub-processors are specified in the order. In such case, Flexmail shall procure that its sub-processors are bound by obligations similar to the obligations as specified in this Article.

    Unless permitted by the Customer, Flexmail shall abstain from transferring any personal data outside the European Economic Area. However, subject to previous paragraph above, Flexmail may, as part of providing the Services, engage sub-processors who are located outside the European Economic Area. In such case, Flexmail shall procure that such sub-processors provide an adequate level of protection as required under data protection law.

    To the extent reasonably possible, Flexmail shall assist the Customer in complying with the data protection obligations incumbent upon it. To the extent that Flexmail receives requests from Customer’s data subject regarding the exercise of their rights accorded to them in accordance with data protection laws, Flexmail shall forward such requests within a reasonable timeframe to the Customer.

    Upon expiration or termination of this Agreement or an order, Flexmail shall, at Customer’s request either delete or return any personal data processed by Flexmail as part of the Agreement or the order concerned. If such personal data are to returned, Parties will agree on the format and medium on which such data must be returned and, if applicable, the costs in relation thereto.
    Flexmail shall retain a record of its data processing operations. Such record is confidential and shall only be disclosed to competent authorities upon their request.

    The Customer, or an independent party designated by it, is entitled to perform an audit in relation to Flexmail’s compliance with its data protection obligations. A Customer that wants to audit the Services delivered by Flexmail, needs to formally make such request by sending a request via the existing support interface with Flexmail or via the Customer’s account management liaison. Flexmail will answer such demand with a request to complete the Request For Audit (RFA) document. After having received the completed RFA document from the Customer, a Flexmail compliance team member will be assigned to internally organize the support of the audit activities and provide a formal answer to the RFA within 12 workdays. Such answer will take into account the justness of the requested audit activities, the availability of internal resources to support the audit activities, the estimated effort and cost to support the audit activities and include a proposal for the practical realization of the audit. In case the audit result would proof Flexmail to be in breach with one or more data protection obligations, Flexmail will inform the Customer within 12 workdays, following the audit result, of the actions that will be taken to reach full compliance with data protection obligations.

    To the extent that Customer has any questions or issues as regards compliance with data protection laws, Customer shall revert such issue or question to Flexmail’s Data Protection Team.

  3. Use of information by Flexmail

    The following discloses the information gathering and usage practices for the Flexmail website, and for which Flexmail acts as the data controller. The Flexmail website offers several opportunities for visitors to register for promotional and informational mailings or to receive assistance in evaluating our software and Services. Flexmail uses this contact information to send users information about the company and its products and services. Users may opt-out of receiving future mailings at any time and have the right to object, by request and free of charge, to the processing of his or her data for the purposes of direct marketing.

    When signing up for and using the Services, consulting the customer service team, sending us an email, posting on our blog, integrating the Services with another website or service or communicating with us in any way, you are voluntarily giving Flexmail information that we collect.

    Flexmail is the sole owner of the information collected on this website. Flexmail will not sell, share, or rent this information to others in ways different from what is disclosed in this statement. Flexmail collects information from its users at several different points on the website.

    The transmission of unsolicited commercial email is expressly forbidden by Flexmail.

    Flexmail may use information about you for various purposes, including to:

    • Provide, maintain, customize, and improve the Services;
    • Provide and deliver the products and Services you request, process transactions and send you related information, including confirmations and invoices;
    • Send you technical notices, updates, security alerts and support and administrative messages;
    • Respond to your comments, questions and requests and provide customer service;
    • Communicate with you about products, suggestions, services, offers, promotions, rewards, and events offered by Flexmail and others, and provide news and information Flexmail thinks will be of interest to you;
    • Monitor and analyze trends, usage and activities in connection with our Services.

    In order to measure the usage and performance of our various features, Flexmail uses Hotjar tracking your actions while using the Service. All confidential data (contact lists, invoicing details, …) are masked.
    Hotjar is ISO 27001 certified, PCI compliant and all data is stored in the EU with a retention of maximum 365 days.
    Hotjar privacy policy:
    Example of a capture with masking

    In addition to Hotjar, Flexmail also uses Mixpanel to measure application and feature usage and customer journeys. This will help us plan our next app versions, including how to allocate time and resources on the important areas of focus. All confidential and personal data you store in Flexmail is obfuscated. Mixpanel is an active participant in the EU-U.S. Privacy Shield framework since 11/7/2016.
  4. Collection of information

    Information you provide to us
    Flexmail collects information you provide directly to Flexmail. For example, Flexmail collects information when you create an account, participate in any interactive features of the Services, fill out a form, apply for a job, request customer support, or otherwise communicate with Flexmail. The types of information Flexmail may collect include your name, email address, postal address, phone number, and any other information you choose to provide. Flexmail or a designated third party may collect payment and credit card information when you subscribe to our paid Services or purchase additional services.

    Information we collect automatically when you use the services
    When you access or use the Services, Flexmail automatically collects information about you, including:

    • Log Information: We log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address, your general location, and the page you visited before navigating to our Services.
    • Device Information: We collect information about the computer or mobile device you use to access our Services, including the hardware model, operating system and version, unique device identifiers and mobile network information.
    • Information collected by cookies and other tracking technologies: Flexmail and its service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help Flexmail improve the Services and your experience, see which areas and features of the Services are popular, and count visits. Web beacons are electronic images that may be used in the Services or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies, please consult the Flexmail cookie policy on the Flexmail main website.

    Integrations with Other Services
    You may have the option of integrating the Services with other services, technologies or platforms on your desktop, permitted websites and/or your mobile phone. These integrations may require you to input personal information or access or use personal information. These integrations may (i) check for updates automatically and transmit your information to their server and/or engine; (ii) send information entered into or accessed by the technology to its server and/or engine; and (iii) be visible to the public if embedded on publicly available webpages (such as social networking webpages), depending on the policies of that website.

    List and email information
    When you add contacts to a list or create an email with the Services, Flexmail has and may access the data on your list and the information in your email to send out campaigns created by you. If a Subscriber chooses to use the ‘forward to a friend’ (FTF) link in an email campaign you send, it will allow the Subscriber to share your email content with individuals not on your List. When a Subscriber forwards an email to a friend, we do not store your Subscriber’s email address or their friend’s email address, and no one is added to any list as a result of the FTF. The Flexmail user who created the email campaign only sees an aggregate number of times their email campaign was forwarded by a Subscriber and does not have access to the email addresses used to share or receive that forwarded content.

  5. Sharing and usage of personal information

    Flexmail will never share, sell, or rent individual personal information with anyone without your preceding permission, unless ordered by a court of law. Information submitted to Flexmail is only available to employees managing this information for purposes of contacting you or sending you emails based on your request for information.
    Flexmail may share information about you as follows or as otherwise described in this Privacy Policy:

    • In response to a request for information if Flexmail believes disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
    • If Flexmail believes your actions are inconsistent with the spirit or language of our user agreements or policies, or to protect the rights, property and safety of Flexmail or others;
    • To transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this Privacy Policy, including your rights to access and choice. Flexmail will notify you of the change either by sending you an email or posting a notice on our website;
    • With your consent or at your direction.

    We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.

    Content of Email Campaigns
    When you send an email marketing campaign, it bounces from server to server as it crosses the Internet. Along the way, server administrators can read what you send. Email was not built for confidential information. Please do not use Flexmail to send confidential information.
    Sometimes we review the content of our members’ email campaigns to make sure they comply with our Conditions and Acceptable Use Policy. To improve that process, Flexmail has software that helps us find email campaigns that may violate our terms. Our employees may review those particular email campaigns. This benefits all members who comply with our terms of use because it reduces the amount of spam being sent through our servers and helps us maintain high deliverability.

  6. Security

    This website takes every precaution to protect our users' information. When users submit sensitive information via the website, your information is protected both online and offline. Flexmail takes care to reinforce the importance of its website visitors' security and privacy among our employees. We are constantly re-evaluating and deploying new technologies to enhance our security.

    Safeguarding your information
    We take reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.
    Flexmail accounts require a username and password to log in. You must keep your username and password secure, and never disclose it to a third party. Because the information in your distribution lists is so sensitive, account passwords are encrypted, which means Flexmail cannot see your passwords. Flexmail cannot resend forgotten passwords either. Flexmail will only reset them in such case.

  7. Accuracy of Data, Transparency, and Choice

    Flexmail does its best to keep your data accurate and up to date, to the extent that you provide Flexmail with the information it needs to do so. If your data changes (for example, if you have a new email address), then you are responsible for notifying Flexmail of those changes. Upon request, Flexmail will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Data.
    Flexmail will retain your information for as long as your account is active or as long as needed to provide you with our Services. Flexmail may also retain and use your information in order to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements.

    We will give an individual, either you or a Subscriber, access to any Personal Data we hold about them within thirty (30) days of any request for that information. Individuals may request to access, correct, amend or delete information we hold about them by contacting us. Unless it is prohibited by law, we will remove any Personal Data about an individual, either you or a Subscriber, from our servers at your or their request, and place them on our blacklist to protect that individual from being contacted again. There is no charge for an individual to access or update their Personal Information.

    Flexmail provides users the opportunity to opt-in and opt-out of receiving communications from us. This is made available during sign-up for our email lists and in all email messages delivered from our company, or you can email us at Once a user opts-out, the user will no longer receive future communications from that sender. For any emails sent by Flexmail, users can use the link in the footer of all email messages to opt-out.

    UPDATED: 29 MAY 2018