Privacy policy

Privacy Policy Version Date: September 18, 2024

This Privacy Policy (the "Policy") describes the personal data that ECOMZ HOLDING LIMITED (doing business as UniOne ("Company", "UniOne" "we" or "us")) collects from or about you when you use UniOne’s hosted email platform and related services, how we use that information, and to whom we disclose it.

UniOne provides certain services relating to the development, transmission, analysis, and management of email messages through the web site located at www.unione.io and such other sites as may be designated by us (each, the "Site" or collectively, the "Sites") and/or through UniOne API (the "Services").

This Policy should be read in conjunction with the Terms of Service (https://unione.io/en/terms) (the "Agreement"), into which it is incorporated by reference.

We may modify this Policy from time to time. We will provide you with notice of any material changes to this Policy by publishing or communicate the changes through our Services or by other means so that you may review the changes before continuing to use our Services. Your continued use of the Services after we publish or communicate a notice about any changes to this Policy means that you are consenting to the changes.


DEFINITIONS

  • "Personal Information" or "Personal data" is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • "Process" or "Processing" means any operation which is performed upon Personal Information, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

CONSENT

By using the Services, or registration with our website (www.unione.io), you signify your agreement to the terms and conditions of this Policy and to our collection, use and disclosure of your personal data as set out herein. By giving your consent to us, you retain the right to have your personal data rectified, to be forgotten and/or to be erased.

You may change or withdraw your consent to the collection, use or disclosure of your personal data at any time by contacting us via email at privacy@unione.io. In some circumstances, a change or withdrawal of consent may affect your ability to use the Services.

You also agree and accept that we may contact you by email or SMS in relation to your subscription.

PRIVACY LAWS/GDPR COMPLIANCE

UniOne is responsible for personal data under our control. We have established policies and procedures to effectively safeguard any confidential personal data that we collect and to deal with complaints and inquiries. We are committed to maintaining the accuracy, confidentiality, and security of your personal data, and we will ensure that you have access to information regarding the policies and procedures that we use to manage your personal data.

UniOne has designated a Privacy Officer/Data Protection Officer ("DPO") who is accountable for our compliance with this Policy and for ensuring that information about our policies and practices relating to the management of personal data is easily accessible. All questions or concerns regarding this Policy and our compliance with it should be directed to the Privacy Officer in writing and sent by email or postal mail to:
ECOMZ HOLDING LIMITED
Attn: Data Protection Officer
Gladstonos 12-14, 8046, Paphos, Cyprus
Email: privacy@unione.io

Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual user.

SCOPE

Except where otherwise indicated, this Privacy Policy applies to individuals who: (a) visit our Site, (b) use UniOne email delivery platform and related Services through the Site, UniOne API or otherwise; or (c) use any other, present or future, online or offline, programs, services, or offerings of UniOne ("Offerings"). When we refer to the "Customer," we are referring to the individual or entity that is registered with us to use the Service or Offerings. When we say "you," we are referring to Customers and/or to some other individual who visits our Site.

UniOne provides the Services to Customers so they may provide information to, and stay in contact with their subscribers and other individuals ("Contacts") through email. When we Process Personal Information of Contacts ("Contacts Personal Information") on behalf of our Customers, we Process such Personal Information only as a data processor and in accordance with our Customers’ instructions. If you are a Contact of one of our Customers, you should review that Customer’s privacy policy, terms, or other notices to learn how that Customer collects and uses information about you, including through our Services. If a Customer has submitted Personal Information pertaining to you as an individual to us as Contact Personal Information and you wish to exercise any rights you may have to access, correct, port, or delete such Personal Information, please inquire with the applicable Customer directly. Because UniOne personnel have limited ability to access Contacts Personal Information, if you wish to make your request directly to UniOne, please provide the name of the applicable UniOne Customer. We will refer your request to that Customer and will support them as needed in responding to your request within the timeframe required by applicable law.

CUSTOMER’S DATA

Personal Data Collected
1. Identity and contact details of the data processor

Personal data is collected through our Site and Services by ECOMZ Holding Limited, a company registered under the laws of Cyprus under number 309897 with its registered office at 6B Georgiou Karyou, office 6B, Dasoupoli, Strovolos, Nicosia, Cyprus.

2. Personal Information Collected Through our Site and the Services

UniOne collects certain Personal Information, as follows:

  • (a) Information Customers Provide to Us: You may provide personal information to us through the Site or Services – for example, when you subscribe to our Services, register a UniOne account, contact customer support, send us an email, or otherwise access or use UniOne. The following That Personal Information may include your email, title, first name, last name, country, time zone, Intracommunity VAT number where applicable, login & password, postal address, telephone number, IP address(es) and domain name. UniOne will also maintain your Services history and usage, record of your purchases, UniOne account balance, transactional information and any communications and responses logs.
  • (b) Information Collected Automatically Through our Services: By using our Services, the following Personal Information is also collected automatically and managed by us: log-in and browsing data, order history, information on subscriptions and support ticket messages, Customer’s ID with UniOne, third-party API/services integrations, API key, IP addresses, including dedicated IP usage history, browser types, log files, information on payment methods, PIN code for creating the messages, payment transaction IDs, and other information regarding Your system and connection. Some data is collected automatically by reason of your activity on the site.

We also collect and process information regarding the performance of the Services, including metrics related to the deliverability of emails and other electronic communications You send through the UniOne platform. This information allows us to improve the content and operation of the Services, and facilitate research and analysis of the Services.

The data you submit should not include any sensitive personal data, such as Government identifiers (i.e. social security, driving licence, or taxpayer identification numbers), complete credit card or complete personal bank card numbers, medical records or particulars connected with applications for care or treatment associated with private individuals.

In addition, and in the context of using our services, namely creating and sending emails and campaigns, UniOne has access to the information contained in the subject and content of the emails that you send out, as well as the email contacts you send to via our services.

This data is stored on secure servers and only a limited number of people are authorised to access your contact lists, in particular for the purpose of providing support services.

You are easily able to recover your contact lists from your UniOne account at any time, by clicking on the "export" button. You may also modify and or delete contacts at any time from your account.

YOUR CONTACTS’ DATA

As creator of the contacts and associated emails, you are considered the data controller of the Contacts Personal Information within the meaning of the GDPR, and UniOne is acting only as a data processor. In this capacity, you are responsible in particular for:

  • making all the declarations necessary to the relative data protection authority,
  • complying with all current regulations in force, including the data protection laws,
  • obtaining the explicit consent of the Contacts concerned when collecting their personal data,
  • ensuring your authority to use the personal data collected in accordance with the defined end purposes and refraining from any unauthorised use.

If a recipient of your emails sent via our services requests us to modify or delete his/her personal data, we will honor that request after proper verification and will inform you of it.

In no case does UniOne sell, share or rent out your Contacts Personal Information to third parties, nor does it use them for any purpose other than those set forth in this policy. We will use the information from your contacts only for legal requirements, to invoice and collect summaries for our own statistics and for the purposes of providing you with customer support services.

USE OF PERSONAL DATA

We may use the your Personal Data and information we collect through the Services for a range of reasons, which include:

  • To provide, operate, optimize and maintain the Services;
  • To deal with Customer enquiries and support requests, and to provide information and access to resources or services that they have requested from us;
  • To manage the UniOne platform, system administration and security;
  • To process and complete transactions;
  • To compile aggregated statistics about the operation and use of the Services and to better understand the preferences of our Customers;
  • To send our Customers technical alerts, reports, updates, security notifications and other Service-related communications;
  • To carry out research and development to improve our products and services;
  • To send You marketing communications (where this is in accordance with Your communication preferences);
  • Investigate and prevent fraud, unauthorized access or use of Services, breaches of terms and policies, and other wrongful behavior;
  • To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify You.

LEGAL BASIS FOR PROCESSING

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from You only where we have Your consent to do so, where we need the Personal Data to perform a contract with You, or where the processing is in Our legitimate interests and not overridden by Your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect the Personal Data in question.

If we ask You to provide Personal Data to comply with a legal requirement or to perform a contract with You, we will make this clear at the relevant time and advise You whether the provision of Your Personal Data is mandatory or not (as well as of the possible consequences if You do not provide Your Personal Data).

Similarly, if we collect and use Your Personal Data in reliance on our or a third party's legitimate interests and those interests are not already listed above (in the "Use of Personal Data" section), we will make clear to You at the relevant time what those legitimate interests are.

If You have questions about or need further information concerning the legal basis on which we collect and use Your Personal Data, please contact us using the contact details provided in "Contact Us" section below

THIRD PARTY TRANSFERS AND SUBPROCESSORS

We may share and disclose Your Personal Data to our vendors and other third-party service providers who require access to Your Personal Data to assist in the provision of the Services, and other business-related functions

We use Google Analytics to provide statistics of campaigns effectiveness. This Service is our subprocessor in respect to the processing of Contacts’ Personal Information in the course of Your use of the Services. The basis for data processing is to perform the Agreement with You (in accordance with para 1 (f) Art 6 GDPR).

We use Yandex Metrics and Google Analytics to understand user behavior on the site in order to provide you with the best customer experience. The basis for data processing is to perform the Agreement with You (in accordance with para 1 (f) Art 6 GDPR).

We use Tableau for processing statistics on the campaigns of the Customer, as well as to compute sales tax (VAT), on the basis of and in accordance with para 1 (f) Art 6 GDPR.

You may access the Service through Google+ and Facebook on the basis of the Agreement and in accordance with para 1 (a) Art 6 GDPR. Customer decides whether to use such services or not.

For the purposes of payment processing, we use Stripe and Paymentwall. The basis for data processing is to perform the Agreement with You (in accordance with para 1 (f) Art 6 GDPR).

We use Intercom to facilitate communications, for more information on Intercom’s services and it’s privacy policy, please visit https://www.intercom.com/terms-and-policies#privacy.

For the purposes of hosting and storing Customer files, we use Amazon AWS and (TET) Lattelecom, based on the agreements concluded with us. Hetzner is used as a data backup facility.

Retention.com is an online data partner that provides us with information they have in their databases about individuals who are associated with activity on or visitors to our Site and/or Service, which may include Personal Information. We may use this information to market our Service and send emails and advertising to you directly or through our service providers. To learn more about the privacy practices of Retention.com, please review their Privacy Policy: https://retention.com/privacy-policy/
You may opt out of having your information associated with their databases and prevent certain other activities by visiting https://app.retention.com/optout and https://app.retention.com/ccpa_details/

We may also share certain Personal Data collected through the Services or generated by the System (e.g. online identifiers) with third party companies so that they may offer products and services that we believe will be of interest to You or with third party advertising-serving companies to better target the adverts and other content displayed on our site and to provide offers we think may be of interest to You. You may reject the use of Your Personal Data for marketing purposes anytime by contacting us using the contact details provided in “Contact Us” section below.

 

UniOne does not disclose your personal data to third parties, except if: (1) you (or your account administrator acting on your behalf) requests or authorizes disclosure thereof; (2) the disclosure is required to process transactions or supply services which you have requested (i.e. to check you are employing best practice in your mailings or for the purposes of processing an acquisition card with credit-card issuing companies); (3) UniOne is compelled to do so by a government authority or a regulatory body, in the case of a court order, a summons to appear in court or any other similar requisition from a government or the judiciary, or to establish or defend a legal application; or, (4) the third party is a subcontractor or sub-processor of UniOne in the carrying out of services (for example: UniOne uses the services of an Internet provider or a telecommunications company).

INTERNATIONAL TRANSFERS

ВYour personal information may be stored and processed by us in any country where we have facilities or where we engage service providers, and by reading this Policy and using the Services You acknowledge that Your Personal Data may be transferred to countries outside of Your country of residence, including the counties, which may have different data protection rules to those of Your country. Where we do so, our collection, storage and use of Your personal information will be in accordance with the purposes set out in this Policy.

We will ensure that where other non-EEA affiliates or third-party service providers have access to Personal Data outside of the EEA, that they too commit to provide the same level of protection as the GDPR principles.

DATA RETENTION

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other lawful purposes. Where we have no ongoing legitimate business need to process Your personal information, we will either delete or anonymize it or. 

UniOne will delete any non-active account (i.e. an account that has not sent any emails or paid for the Service) and associated Personal Data after 24 months of inactivity. 

If you choose to end your subscription for the Service we will delete or anonymize all unnecessary personal data.

With regards to your invoices and Personal Data contained therein, we will hold them for 7 years from the invoice date due to legal obligations. We will delete all invoice data when the 7 year retention period has elapsed.

DATA SECURITY

We maintain reasonable and appropriate security measures to protect Your personal information from loss, misuse, and unauthorized access, disclosure, alteration and destruction. We will take all reasonable steps to ensure the safety of Your personal information.

We use data centers around the world from top-notch data center providers to host our systems. They have SOC2 Type 2 reports and provide all the physical security protection measures you would expect.

We understand that software security is very important. We continuously scan our applications for vulnerabilities, using a combination of static source code analysis and dynamic testing. We understand that password reuse is a killer, and offer two-factor authentication for added protection of your account. We also:

  • Encrypt all your data in transit using TLS.
  • Have an independent penetration test conducted on an annual basis.

CHANGES TO THIS POLICY

We reserve the right to change or update this Policy from time to time. If material changes are made, we will place a prominent notice on our Site or Services for at least 15 days prior to the change taking effect, or communicate with You directly by email or through the Services, and will update the last revised date at the top of this Policy. We encourage You to regularly check back on this page to ensure You are up to date with any changes.

CONTACT US

If You have any questions or concerns regarding the use or disclosure of Your personal information through the Services, You can contact us by sending an email to privacy@unione.io or sending an official request to the address below:
Ecomz Holding Limited
Gladstonos 12-14, 8046, Paphos, Cyprus