Information we collect
We collect your Personal Information in the following ways:
Disclosure of Personal Information to Third Parties
Data Collected for and by our Customers
As you use our Services, you may import into our system Personal Information you have collected from your Subscribers or other individuals. As part of our Services, we may use and incorporate into features information you have provided, we have collected from you, or we have collected about Subscribers. We have no direct relationship with your Subscribers or any person other than you, and for that reason, you are responsible for making sure you have the appropriate permission for us to collect and process information about those individuals. We may transfer Personal Information of you or your Subscribers to third parties that help us promote, provide, or support our Services or the services of our Customers (“Service Providers”). Service Providers’ use of Personal Information is restricted in line with the approved uses in the “Use and Disclosure of Your Personal Information” section.
If you are a Subscriber and no longer want to be contacted by one of our Customers, please unsubscribe directly from that Customer’s newsletter or contact the Customer directly to update or delete your data. If you contact us, we may remove or update your information within a reasonable time and after providing notice to the Customer of your request. We will retain Personal Information we process on behalf of our Customers for as long as needed to provide our Services or to comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements.
Subscribers can be added to the Platform in a number of ways, including by importing contacts, such as through csv or directly from your ecommerce platform or email client. Your Subscribers are stored on a secure ahoy! server. We do not, under any circumstances, sell your Subscribers. If a Subscriber complains or contacts us, we might then contact that person. Only authorized employees have access to view Subscribers. You may export (download) your Subscribers from ahoy! at any time.
If we detect abusive or illegal behavior related to your Subscribers, we may share your Subscribers or portions of them with affected ISPs or anti-spam organizations.
Content of Emails Sent
When a Customer sends an email to a Subscriber, it bounces from server to server as it crosses the Internet. Along the way, server administrators can read what you send. Email was not built for sending confidential information and most emails end up in an unencrypted inbox. Please do not use the Services to send confidential information.
Anonymous and Aggregated Information
ahoy! may use your Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Sites or other online Services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. Anonymized or aggregated information is not Personal Information, and ahoy! may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within ahoy! and with Third Parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
Where you have consented to ahoy!’s Processing of your Personal Information, you may withdraw that consent at any time and opt out by following the instructions below. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will provide information regarding the new purpose and give you the opportunity to opt out. Note that, due to the nature of the Services, you may have to provide the email address or other identifying value that is associated with your Personal Information in order for ahoy! to segregate out the use and retention of such Personal Information. Where consent of the individual for the Processing of Personal Information is otherwise required by law or contract, ahoy! will comply with the law or contract.
Sensitive Personal Data
“Sensitive Personal Data” is a subset of Personal Information, which due to its nature, has been classified by law or by policy as deserving additional privacy and security protections. Sensitive Personal Data includes Personal Information regarding EU-residents that is classified as a “Special Category of Personal Data” under EU law, which consists of the following data elements: (a) race or ethnic origin; (b) political opinions; (c) religious or philosophical beliefs; (d) trade union membership; (e) genetic data; (f) biometric data where Processed to uniquely identify a person; (g) health information; (h) sexual orientation or information about the individual’s sex life; or (i) information relating to the commission of a criminal offense.
ahoy! does not collect Sensitive Personal Data from you. However, if we do ever collect it, we will, prior to disclosing it to a third party or Processing it for a purpose other than its original purpose or the purpose authorized subsequently by the individual, obtain your explicit consent. Where consent of the individual for the Processing of Personal Information is otherwise required by law or contract, ahoy! will comply with the law or contract.
“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. At this time, there is no general agreement on how companies like ahoy! should interpret DNT signals. Therefore, ahoy! does not recognize or respond to browser-initiated DNT signals, whether that signal is received on a computer or a mobile device.
ahoy! primarily stores Personal Information sent or collected via or by ahoy! in the United States and the European Union (as applicable), in the cloud, our servers, the servers of our group of companies, or the servers of our Service Providers. To facilitate our global operations, we may transfer and access such information from around the world. To carry out the email delivery function of the Platform, we may need to transfer such information around the world. Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request. By providing information to ahoy!, you consent to the transfer and storage of Personal Information in these locations.
Customers in Australia
If you are a Customer who lives in Australia, this Section applies to you. We are subject to the operation of the Privacy Act 1988 (“Australian Privacy Act”). Here are the specific points you should be aware of:
Where we say we assume an obligation about Personal Information, we are also requiring our subcontractors to undertake a similar obligation, where relevant.
We will not use or disclose Personal Information for the purpose of our direct marketing to you unless: you have consented to receive direct marketing; you would reasonably expect us to use your personal details for the marketing; or we believe you may be interested in the material but it is impractical for us to obtain your consent. You may opt out of any marketing materials we send to you through an unsubscribe mechanism or by contacting us directly. If you have requested not to receive further direct marketing messages, we may continue to provide you with messages that are not regarded as “direct marketing” under the Australian Privacy Act, including changes to our terms, system alerts, and other information related to your account.
Our servers are primarily located in the United States. In addition, we or our subcontractors, may use cloud technology to store or process Personal Information, which may result in storage of data outside Australia. It is not practicable for us to specify in advance which country will have jurisdiction over this type of off-shore activity. All of our subcontractors, however, are required to comply with the Australian Privacy Act in relation to the transfer or storage of Personal Information overseas.
If you think the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps, consistent with our obligations under the Australian Privacy Act, to correct that information upon your request.
If you are unsatisfied with our response to a privacy matter then you may consult either an independent advisor or contact the Office of the Australian Information Commissioner for additional help. We will provide our full cooperation if you pursue this course of action.
Your Personal Information
You may seek confirmation regarding whether ahoy! is Processing Personal Information about you, request access to Personal Information, and ask that we correct, amend or delete your Personal Information where it is inaccurate or has been Processed in violation of applicable data protection laws. Where otherwise permitted by applicable law, you may contact us at email@example.com to request access to, receive, port, restrict Processing, seek rectification or request erasure of Personal Information held about you by ahoy! Such requests will be carried out in accordance with applicable laws. Although ahoy! makes good faith efforts to provide you with access to your Personal Information, there may be circumstances in which ahoy! is unable to provide access, including for example, where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where it is commercially proprietary. If ahoy! determines that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, ahoy! will take reasonable steps to verify your identity before granting access to or making any changes to your Personal Information.
Subscriber Personal Information
As a data processor for our Customers, ahoy! processes data, which may include Subscriber Personal Information on behalf of our Customers. We will not use, share, distribute, or reference any such Subscriber Personal Information except as provided in the applicable agreement between us and our Customer, or as may be required by law. If Personal Information pertaining to you as an individual has been submitted to us by a Customer as Subscriber Personal Information and you wish to exercise any rights you may have to access, receive, port, restrict Processing, seek rectification, or request erasure, please inquire with the applicable Customer directly. If you wish to make your request directly to ahoy!, please provide the name of the applicable ahoy! customer. We will refer your request to that Customer, and will support them as needed in responding to your request within the timeframe required by applicable law.
We take reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the Personal Information. If a security breach causes an unauthorized intrusion into our system that materially affects you or Subscribers, then ahoy! will notify you as soon as possible and later report the action we took in response.
Our credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor is certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC). We also perform annual SOC II audits. If you have any questions about the security of your Personal Information, you may contact us at firstname.lastname@example.org.
ahoy! accounts require a username and password to log in. You must keep your username and password secure, and never disclose them to a third party. If you have reason to believe that your passwords or Personal Information is no longer secure, please promptly notify us at email@example.com.
Due to the nature of ahoy!’s business, our Services are not marketed to minors. ahoy! does not knowingly solicit or collect Personal Information from children under the age of 13 (and in certain jurisdictions under the age of 16). This applies to any Personal Information directly collected by us, but does not apply to the Personal Information provided to us by third party services and organizations or from our Customers regarding their Subscribers (please refer to the terms of their respective privacy policies). If we learn that we have collected Personal Information from a child under the age of 13 (and in certain jurisdictions under the age of 16) in relation to the Services, we will promptly delete that information.
California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties. If you are a California resident and would like to make such a request, please submit your request to firstname.lastname@example.org.
Links to Third Party Websites
V1.0 Updated May 20th, 2018