CodeTwo Terms and Privacy
Privacy Policy
Published: April 5, 2024. See previous versions (https://www.codetwo.com/regulations/privacy#previous-versions)
In CodeTwo, we care deeply about the privacy and security of your data. This Privacy Policy will help you understand what data we collect, what we use it for and how you can exercise your rights.
We abide by the following principles while processing your data:
- we do not collect more information than it is necessary;
- we do not use your data for purposes other than those specified in this Privacy Policy;
- we do not keep your data if it is no longer needed;
- we do not disclose your data in cases other than these specified in this Privacy Policy.
This Privacy Policy applies to services offered through our websites and to services that we provide in connection with our Software. Our websites contain links to other websites. Once redirected to a website outside of our domains, this Privacy Policy is no longer applicable.
Summary
You can browse our websites without giving away any information about you other than your IP address. In general, our websites and cloud Software use cookies to enhance navigation, analyze how they are being used, as well as to market our Software online. By default, we only save cookies that are strictly necessary for our websites and cloud Software to function properly on your device. We save analytical and marketing cookies on your device only if you give us your consent to do so. You can find more information about the types of cookies we use in our Cookie Policy (https://www.codetwo.com/cookie-policy).
Once you decide to contact us, download some of our guides, download or access a trial version of our Software or purchase a license for our Software you will be asked to provide your personal details which – depending on the context – may encompass your full name, your contact details, the name and characteristics of the organization that you represent or billing information. Depending on the context in which you provide your personal data to us, we may use this data e.g. to perform an agreement concluded with you, fulfill statutory data retention obligations (e.g. resulting out of tax law or accounting law regulations), communicate with you and prepare quotations for you, inform you about updates and bug fixes, seek your feedback on our Software and pursue other legitimate goals (e.g. prevent ourselves against fraud). You can find more information about how we process your data in these contexts in the What information do we collect and when? section.
Most of our Software solutions require installation in your on-premises IT infrastructure. This means that in most cases we will not have access to your organization's data and this data will not be stored in our infrastructure. Only if you decide to use CodeTwo Email Signatures 365 (formerly CodeTwo Email Signatures for Office 365), some of your organization's data will be processed within our infrastructure. We may also temporarily process data which belongs to your organization if you want to use our technical support services and decide to share program and system logs with us. You can find more information about how we process data in the What information do we collect and when? section and in our Data Processing Agreement.
You have the right to request access to your data and the right to have information about you corrected or deleted. You also have the right to have the processing of your data restricted. If the processing of your data is based on your consent, you also have the right to withdraw it at any given time. Withdrawal of your consent will not influence the lawfulness of processing based on this consent before its withdrawal. If the processing of your personal data is based on our legitimate interests, you also have the right to object against such processing. We will not use your data for the purposes of automated decision-making or profiling. You can find more information about your rights in the What are your rights? section.
We have appointed a Data Protection Officer. If you want to exercise your privacy rights or have any other questions relating to this Privacy Policy you can contact our Data Protection Officer using this form (https://www.codetwo.com/form/data-protection).
What information do we collect and when?
Our websites and cookies
You can browse our websites without giving away any information about you other than your IP address. Recording of your IP address is necessary for technical purposes related to the administration of our servers. We will also use it to collect general, statistical information about you (e.g. to get information about the region from which you connect with our websites). We will not be able to identify you based only on your IP address.
Our websites use the so-called 'cookies', which are small information files saved to your hard drive. We make use of (1) session cookies, which remain on your device until a web browser session is completed or the web browser is closed, and (2) persistent cookies, which remain on your device until their expiry date is reached or until you delete them. The persistent cookies that we use are never stored for more than a year. You can find more information about the types of cookies that we use in our Cookie Policy (https://www.codetwo.com/cookie-policy). By default, we only save cookies that are strictly necessary for our websites and cloud Software to function properly on your device. We save analytical and marketing cookies on your device only if you give us your consent to do so.
Commenting on our blog posts
If you decide to post a comment on our blog you will be asked to provide your personal details such as your name and your email. We need this data to ensure smooth functioning of our blogs (e.g. ban spammers). The processing of your personal data in this case is based on a contract which is concluded between you and us when you decide to use our blog. We will process your data as long as your comment is visible on our blog. You cannot post a comment without giving away this information about you.
Contacting us
Once you decide to contact us you will be asked to provide your personal details such as your name, the name and characteristics of the organization that you represent or your contact details. Depending on the type of your question, we will use this data to communicate with you, prepare quotations for you or answer any other questions that you may have. If your inquiry concerns our offer and you decide not to become our client, we will delete your data after your inquiry is solved and information about you is no longer needed. If you contact us for any other matter, including to report non-compliance or suspected illegal content, or to exercise your rights, we will delete your data upon expiry of the limitation period for claims in accordance with applicable law. The processing of your personal data in all of the above cases is based on our legitimate interest, i.e. the need to respond to business queries received from current and potential customers.
Information about the availability and performance of our services
If you decide to receive information about the availability and performance of our services, you will be asked to provide your personal data, such as an email address. If you want, you can also share your phone number with us. Your contact information is necessary for us to inform you about the availability and performance of our services, possible accessibility problems or planned maintenance, as well as to contact you to ask for your feedback or offer our Software. In this case, the processing of your personal data is based on your consent. We will process your personal data until you withdraw your consent or until we get your feedback. You have the right to withdraw your consent at any given time. You are not obliged to give us any of the above information, but you cannot receive information about the availability and performance of our services without providing us with your email address first. Providing a phone number is optional – you don't need to do that.
Downloading our guides
If you decide to download one of our guides you may be asked to provide your personal details such as your name and your email. We need this data to make the file that you want to download available to you and to be able to contact you after you download our guide and ask for your feedback or offer you our Software. We will only process your personal data for the period necessary to follow up on your download or get your feedback. The processing of your data in such case is based on our legitimate interest.
Accessing or downloading trial versions of our Software
If you decide to download or access a trial version of our Software you will be asked to provide your personal details such as your name and your email. If you wish to do so, you may also share your telephone number with us. We need your personal details to:
- make the download or access available to you, to grant you a trial license for our Software and send you important notifications about the Software. The processing of your data in such case is necessary to perform the agreement concluded between you and us;
- prevent ourselves against actions of users who try to make use of the trial version against our Terms and Conditions of Sales and Services. The processing of your data in such case is based on our legitimate interest;
- seek your feedback on our Software, contact you during or right after the trial period and help you make the best use of our Software during this time. The processing of your data in such case is based on our legitimate interest.
If you don't purchase a license for our Software, we will delete your personal data after all claims that you may bring against us in connection with the use of trial versions of our Software become time-barred.
You are not obliged to give us any of the information above, but you cannot download or access a trial version of our Software without giving away your name and your email. However, you do not have to give away your telephone number if you don't want to do so.
Purchasing a license for our Software
In order to purchase a license for our Software, apart from your personal details and the details of your organization, you may also be asked to provide credit card data and other billing information. This data is necessary for us to sell a license for our Software to you. Additionally, we will also record your IP address for the purposes of our license control system. We will process this data to perform the agreement concluded with you (i.e. to provide our products and services) and pursue other legitimate goals such as getting your feedback on our products and providing you with vital information about our products and services (e.g. updates, bug fixes, etc.) during the license agreement term. Once the license agreement expires (and you decide not to renew it), we will archive your data and process it to fulfill data retention obligations imposed on us by accounting and tax regulations. We will delete your data after all such statutory data retention periods lapse.
You are not obliged to give us any of the information above, but if you decide not to give it to us or provide us with false or incorrect information we may be unable to respond to your message, to provide our services to you or to process your order.
Making use of our Software
Unless you decide to use CodeTwo Email Signatures 365, we will not store any personal data that you or your organization process using our Software. In particular, we will not process this data within our infrastructure. This means that you will be the controller of your data and that we will not be the processor of such data. This is because most of our Software is not cloud-based and requires installation in your on-premises IT infrastructure. It also means that it is your obligation to make sure that processing of personal data within this Software is done in accordance with applicable privacy regulations, such as the GDPR.
Our Software does not have any capabilities that would allow us to access your IT infrastructure at any time. If you ask us to do so, we may mutually agree to conduct a remote session using e.g. TeamViewer, Teams or other similar tools. You should make sure that you do not reveal any personal or other sensitive data to us during a remote session.
From time to time, if you request technical support from us, we may ask you to provide our technicians with Software log files or system log files. You should make sure that you do not reveal any personal or other sensitive data to us when sharing the log files with us. In case it is impossible for you to remove personal data from the log files, we may get access to a limited scope of personal data that you control and process using our Software (e.g. some email addresses of people within your organization) contained in the log files. We will use these log files to render technical support services to you and also to analyze the performance of our products and improve them. We will delete the log files once issues that they document are fixed and they are no longer needed.
From time to time, to ensure proper performance of the agreement concluded with you, we may use your email address or telephone number that you provided us with while purchasing a license for our Software, or that you defined in our Software, to send you technical information, e.g. about the necessity to update the Software, difficulties in accessing the service, or planned maintenance. We provide you with such information so that you can make use of the purchased license for our Software without any issues.
If you decide to use CodeTwo Email Signatures 365 we will process personal data that you control within our infrastructure at a location of your choice. According to the GDPR and other applicable data protection laws, in such a case we will be the processor of such data and you will remain the controller of the data. In principle, this data will encompass some of your Azure AD data and email addresses of users within your organization. In respect of some of the additional features of CodeTwo Email Signatures 365, we might ask you to grant our application additional access rights and process other types of data than mentioned above. See Appendix 1 in our Data Processing Agreement for more details.
We will process all data that you entrust us for processing in accordance with our Terms and Conditions of Sales and Services (https://www.codetwo.com/regulations/sales-and-services) and Data Processing Agreement (https://www.codetwo.com/regulations/dpa/). These documents contain all of our representations and obligations as data processor and – once accepted by you – constitute a Data Processing Agreement, as prescribed by art. 28 of the GDPR and other applicable data protection laws. Even in such case, however, our access policies make it impossible for us to physically access your data.
What are your rights?
General
In order to comply with requests concerning your rights, sometimes we may ask you to give us some additional information that we will use to verify your identity. If you fail to provide such information and the information that you have already given to us is not sufficient to identify you, we may refuse to fulfill your request.
If you wish to exercise any of the rights described below you can do this by contacting our Data Protection Officer using this form (https://www.codetwo.com/form/data-protection/).
Access to data
You have the right to access the information that we have on you. If you choose to exercise this right, we will also make sure to provide you with a copy of the data we process about you.
We will fulfill your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you with an administrative fee.
Rectification of data, erasure and restriction of processing
If you believe that the information we have about you is incorrect, you are welcome to contact us, so we can update it and keep your data accurate.
We will automatically delete information about you after it is no longer needed for the purposes it was collected for. Nonetheless, if at any point you wish for us to delete information about you, you have the right to do so.
You also have the right to obtain restriction of processing of your data.
Data portability
In case the processing of your personal data is based on a contract, you have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You can also request us to transmit such data to another controller if it is technically feasible.
Withdrawal of consent and the right to object to processing
If the processing of your data is based on a consent, you have the right to withdraw your consent at any time. Remember that withdrawal of consent will not affect the lawfulness of processing based on this consent before its withdrawal.
In case the processing of your data is based on our legitimate interest you have the right to object to such processing.
Profiling
We do not use any information provided by you for the purposes of automated decision-making, including profiling.
Disclosure of your data
We guarantee that all your personal information is protected, and that we will not make this information available to third parties in cases different than those specified below, unless you give us a permission to do so or unless such disclosure is necessary to comply with a legal obligation that is imposed on us.
We may share information that you provided us with while purchasing a license for our Software, or that you defined in our Software, with:
- payment processors, i.e. PayPal (Braintree), in order to be able to process and complete the payment process for your order;
- providers of services necessary to automate and simplify the process of concluding electronic agreements with our clients (e.g. services such as DocuSign);
- providers of services necessary to send transaction-related and product-related information via email and SMS to the extent that such disclosure is necessary to automate, simplify and analyze these processes, to ensure proper performance of the agreement concluded with you;
- external accounting and bookkeeping services providers to the extent that such disclosure is necessary to have these services provided to us;
- our legal advisors to the extent that such disclosure is necessary to obtain legal advice or protect our rights in legal proceedings;
- governments and law enforcement authorities only if we are required to do so by law. We will always attempt to redirect the law enforcement agency or government to request any data directly from you. If compelled to disclose your data, we will promptly notify you and provide a copy of the demand unless we are legally prohibited from doing so.
We may share information obtained in connection with your use of CodeTwo Email Signatures 365 only if required to do so by law or if necessary to protect our rights in legal proceedings.
International data transfers
Whenever possible, we will try to use processors which process personal data within the European Economic Area ("EEA"). In case there is a need for us to use processors located outside of the EEA, we will only disclose personal data to them provided that appropriate international data transfer safeguards described in the GDPR are in place.
As of the date of this Privacy Policy, we may transfer information that you provided us with to the United States of America. Such transfer will rely on the mechanisms provided in the GDPR that allow the transfer of personal data outside the EEA, including in particular standard contractual clauses approved by the European Commission.
If you have further questions about international data transfers that we make or want to obtain a copy of the safeguards that are in place to guarantee the legality of the transfer you can contact our Data Protection Officer using this form (https://www.codetwo.com/form/data-protection/).
Changes to the Privacy Policy
We constantly review our Privacy Policy and strive towards making it better. That is why we reserve the right to amend this Privacy Policy from time to time. We will not reduce any of your rights stated in this Privacy Policy without asking for explicit prior consent to the changes. Each amendment to the Privacy Policy will be signed with the date of publishing and will be effective from that date. You can access previous versions of this Privacy Policy here (https://www.codetwo.com/regulations/privacy#previous-versions).
How to contact us and seek additional help?
If you have any questions or doubts related to this Privacy Policy or want to know more about how we protect your personal data or your rights, please contact our Data Protection Officer using this form (https://www.codetwo.com/form/data-protection).
We hope that we will be able to answer all your questions and settle all disputes amicably. Nonetheless, if you think that your rights were not observed or that your privacy was harmed, you can always lodge a complaint with the Polish Personal Data Protection Authority which directly supervises our operations or with a personal data protection authority of the country that you reside in.
CodeTwo is a limited partnership (CodeTwo sp. z o.o. sp. k.) established under the laws of the Republic of Poland. You can find our full contact details here (https://www.codetwo.com/company/contact).
Previous versions
- January 17, 2024 (https://www.codetwo.com/regulations/privacy/archive-2024-01-17)
- August 21, 2023 (https://www.codetwo.com/regulations/privacy/archive-2023-08-21)
- September 15, 2022 (https://www.codetwo.com/regulations/privacy/archive-2022-09-15)
- November 18, 2021 (https://www.codetwo.com/regulations/privacy/archive-2021-11-18)
- January 12, 2021 (https://www.codetwo.com/regulations/privacy/archive-2021-01-12)
- October 28, 2020 (https://www.codetwo.com/regulations/privacy/archive-2020-10-28)
- April 9, 2020 (https://www.codetwo.com/regulations/privacy/archive-2020-04-09)
- July 25, 2019 (https://www.codetwo.com/regulations/privacy/archive-2019-07-25)
- March 29, 2019 (https://www.codetwo.com/regulations/privacy/archive-2019-03-29)
- December 27, 2018 (https://www.codetwo.com/regulations/privacy/archive-2018-12-27)
- October 24, 2018 (https://www.codetwo.com/regulations/privacy/archive-2018-10-24)
- May 2, 2018 (https://www.codetwo.com/regulations/privacy/archive-2018-05-02)
- March 31, 2017 (https://www.codetwo.com/regulations/privacy/archive-2017-03-31)