This privacy notice (“Privacy Notice” or “Notice”) describes how All In One Email LLC, a Delaware limited liability company (“All In One”, “we”, “us”, or “our”), collects, uses and discloses certain information, including your personal data, and the choices you can make about that data.
All In One provides an online email marketing services platform that enables our customers to, among other things, manage their contacts, and send, manage and modify email marketing campaigns (collectively, these services and tools, as they may be updated, supplemented or replaced from time to time, are hereinafter referred to as the “Services”).
This Privacy Notice is incorporated by reference into our Standard Terms and Conditions (“Terms”), and governs the processing and transfer of data collected in connection with: (i) visitors to our website at https://www.AllInOneEmail.com/ or our other digital assets, such as our social media accounts (“Visitors” and "website" respectively); (ii) customers who sign up (or log-in) for and use our Services (“Customers”); and (iii) our Customers' end users (“Recipients”). Customers, Recipients and Visitors may be collectively referred to as “Users”, “you” or “your”, herein. In addition, this Privacy Notice is incorporated by reference and integrated with our Cookie Policy.
This Notice applies to all information about you that we collect in connection with the provision of Services throughout the world, and explains what data we may collect from you, how such data may be used or shared with others, how we safeguard such data, and how you may exercise your rights related to your Personal Data (as defined below) under the applicable privacy laws, such as but not limited to, the 2018 California Consumer Privacy Act, as amended (“CCPA”).
California residents, please review our supplemental
CCPA Privacy Notice. Under the CCPA, All In One is a “service provider” (as defined therein).
Colorado, Connecticut, Utah and Virginia residents, please review our supplemental
User Rights Privacy Notice.
Amendments
We reserve the right to amend this Notice from time to time, at our sole discretion. The most recent version of the Notice will be posted on the website. The updated date of the Notice will be reflected in the “Last Updated” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to this Notice will become effective thirty (30) days after their publication on the website. Please review this Policy periodically to ensure that you understand our most updated privacy practices.
Contact Information
All In One LLC, a Delaware limited liability company, has a principal place of business at the following mailing address: 10000 Marshall Dr., Lenexa, Kansas.
You may contact our privacy team and our Data Protection Officer (“DPO”) as follows:
Data Sets We Collect and For What Purpose
We may collect two types of information from you, depending on your interaction with us.
The first type of information is non-identifiable and anonymous information (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data. Non-Personal Data which is being gathered consists of technical information, and may contain, among other things, the type of operating system and type of browser, type of device, your action in the website or Services (such as session duration).
The second type of information is individually identifiable information, including information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”).
For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection exists.
The table below describes the types of Personal Data we process, the purpose, lawful basis, and our processing operations, depending on your relationship and interaction with us (capitalized terms not defined herein will have the meaning set forth in the Terms):
Data Set
Purpose and Operations
Lawful Basis
Online Identifiers and Usage Data. When you access our website and Company Platform, we collect certain online identifiers through first party cookies, which are necessary for the operation of the website and Company Platform, and through third party cookies for analytics and marketing. Such identifiers include IP address, log files, device identifiers, unique ID and other unique identifiers. A device identifier may remain persistently on your device to help you log in and better navigate and experience the Services. Through these cookies, we also collect information on how you use our website, such as click stream data, bugs and error data, duration of use, time and date you enter or exit the website or Platform.
The purposes of using first party cookies are operational and technical, and enable, among other things, the uploading of the website, fraud prevention and data security, remembering you when you re-enter the Services, and uploading of the cart allowing you to make product and service selections and purchases. The purposes of using third-party cookies are tracking technologies for analytic, marketing and advertising.
Use of first-party cookies are necessary for operating the website and Company Platform, and are based on our legitimate interest to enable operation of the website and Services. Third-party cookies will only be enabled to process data if you provide consent through the cookie notice and a consent management tool used on the website. You may withdraw consent at any time by using the cookie preference settings.
Requesting a Demo. If you request a demo of the Services you may be asked to provide us with your name, email address, phone number, company name.
We will use this information to provide you with the information and demonstration of Services that you requested.
We process this information to perform our agreement with you to provide a free demonstration of the Services.
Contact Information. If you contact us through a form available on the website or via email or other means, you may be asked to provide certain information, such as your full name, email address, and any other information you elect to share with us (“Contact Information”).
We process your Contact Information to provide a reply to your inquiry. We may also process the content of our correspondence with you to improve our customer service.
We process Contact Information subject to our legitimate interest. We may also keep such correspondence on file as required by law or regulation, depending on the content of your communication.
Careers. When you apply for a position, we will process your resume as uploaded by you, including your name, email address, phone number, your education and skills, employment history, and related information you provide. To the extent required by law, we may process data regarding your candidacy, such as ethnicity, gender, health or veteran status. In addition, we may collect information from public and online sources, references, former employers and combine such data with your other data that we have about your application (collectively referred to as “Recruitment Information”).
We collect Recruitment Information to process your application, for recruitment management purposes (e.g., scheduling interviews), and to enable us to comply with corporate governance, legal and regulatory requirements. If you are hired, your Recruitment Information may be stored with our human resources records as part of your employee file, subject to the Company's policies and procedures.
We process Recruitment Information subject to our legitimate interest. Where you elect to provide health, diversity and inclusion or other data as part of our application procedures, we process such data based upon your consent; you may always withdraw consent at any time by notifying us. We may retain your Recruitment Information for recruitment and human resources record-keeping based on our legitimate interest, your consent, and as required by applicable laws and regulations.
Newsletter Registration. If you request to receive one or more of our newsletters or other marketing material, you will be asked to provide contact details such as your name and email address.
We will use your contact information to send you our newsletter(s) and other marketing materials.
We process such data subject to your consent. You may withdraw consent at any time through the “unsubscribe” link within a marketing email we send you or by contacting us directly.
Social Media and Blogs. In the event you choose to leave a comment on one of our blogs or social media sites, you may be required to register with us or the social media site on which you post.
We will use the information you provide to enable you to comment on our blog or website.
Any information you provide to use is subject to this Policy and any information you provide to a third party social media site is subject to the privacy policy of that social media site.
Data Set
Purpose and Operations
Lawful Basis
Registration Information. To access our Services and Company Platform you must register and maintain an approved account (“Account”). As part of the registration process, you will be asked to provide certain information, including your name, company name, email address, a user name and password. To enable the Account, you may be required to select and set-up in your Account an account administrator and one or more authorized users, who will also be asked to provide contact information.
We use the Registration Information to approve, manage, and support your Account, verify your identity and enable the Services.
We process Registration Information to perform our obligations under our agreement with you, as described in and governed by the ESA.
Customer Support. When you contact us for customer support, we process your Contact Information.
We use Contact Information to provide customer support. We may retain some or all correspondence for as long as needed and to provide a record of the support provided.
We process customer support information as part of the performance of our obligations under our agreement with you, as described in and governed by the ESA.
Account Communication. We may send you Account management, invoicing and marketing content using your Registration Information.
We may use Registration Information to communicate about maintenance of your Account, to alert you to offers and content such as new services, and to send you invoices and payment related information.
We process such information and communication for our legitimate interest and pursuant to the ESA; provided, however, you may opt-out of our marketing communication by clicking the “unsubscribe” link in any marketing email we send you or by contacting us through your Account.
Payment Information. For access to the Services and Company Platform, you may be asked from time to time to confirm your Registration Information or update your billing information, such as name and billing address (this information is referred to as “
Payment Information”). We do not collect or store your credit card information; we rely on our payment processor, Stripe, Inc., to process your credit card. Please review Stripe's privacy policy
here.
We process your Payment Information to provide you with Services as selected and used by you.
We process your Payment Information pursuant to the terms of the ESA. As permitted or required by our agreement with our payment processor, applicable law, and our policies, we may record transaction information, such as your payments and purchase history.
Data Set
Purpose and Operations
Lawful Basis
Recipient Contact Information. To use the Services, you may upload to the Company Platform your Recipient's email addresses and names, job title, geographical location, and other data (collectively, “Recipient Contact Information”).
We use Recipient Contact Information to perform the Services, depending on the preferences and selections made by you through the Company Platform for your particular marketing campaign(s).
Under applicable data processing laws, we are the processor of your Recipient Contact Information and you are the controller of your Recipient Contact Information. Your provision of Recipient Contact Information and the instructions and selections you make through the Company Platform provide the lawful basis for our processing your Recipient Contact Information, in accordance with the DPA.
Recipient Behavior Data. We analyze Recipients' behaviors, such as clicking or not clicking on an email, time and date of a click, type of browser used, and other collectible data (collectively, “Recipient Behavior Data”).
We use Recipient Behavior Data to provide Customers with marketing tools, such as profiles of Recipients, detecting the best times to send email, and other insights and optimization suggestions as part of the Services.
Under applicable data processing laws, we are the processor of the Recipient Behavior Data and you are the controller of the Recipient Behavior Data. Our processing of Recipient Behavior Data is made pursuant to the terms and conditions of the ESA, including without limitation, your representations, warranties and covenants that you have permission and authority for us to process the Recipient Behavior Data and selections you make through the Company Platform. The lawful basis for our processing the Recipient Behavior Data is the ESA, and in particular the DPA.
Our processing of data generally includes operations through automated means, including automated collection, storage, use, disclosure by transmission, erasure or destruction of data.
We expressly reserve our rights to use, access and process Personal Data to perform and enforce the ESA, including the Terms, and including without limitation, to prevent prohibited activity, such as fraud, misappropriation, infringement, identity theft and any other unauthorized use, or to protect the security or integrity of the Services and the Company Platform, or to take precautions against liability. Such processing is based on our legitimate interests.
We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Company Platform, as detailed above.
How We Collect Information
- Automatically – we may use cookies or similar tracking technologies in connection with our website and Company Platform. The way in which we, and third parties placing cookies in connection with the Services, use cookies and collect data, is explained in our Cookie Policy. We automatically process and collect the Recipient Behavior Data on behalf of Customers.
- Provided by you voluntarily – we will collect information if and when you provide us with the information, such as through the Services or Company Platform (e.g., by filling out a contact form or registering to open an Account).
- Provided by Third Parties – as described above, our Customers provide Recipient Contact Information.
Cookies & Tracking Technologies
We use cookies or similar tracking technologies when you access the website or interact with the Services we offer or you visit the Company Platform. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer or device while you are viewing a website. You can find more information about cookies at http://www.allaboutcookies.org/.
Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, as well as for advertising purposes. You can learn more about our use of cookies, as well as how to change your cookie settings and preferences when interacting with the Company Platform, by reviewing our Cookie Policy.
Summary of Third Party Data-Sharing by Category
We share your Personal Data with third parties, including our partners and service providers that help us provide the Services. You can find in the table below more information about our data sharing practices.
Category Receiving Data
Category of Data Being Shared
Purpose of Sharing
Customers
Recipient Behavior Data
We share Recipient Behavior Data with Customers, to provide our Services.
Service Providers
Personal Data and Non-Personal Data
We sub-contract and work with other businesses and contractors to conduct our business. For example, we cooperate with third parties to facilitate the following operations: sending communications, processing payments, analyzing data, providing marketing advertising and sales assistance, identifying errors and crashes, conducting customer relationship management, data storage and hosting services, and working with experts in databases, networks, communication, law, and accounting. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited from using your Personal Data for any purposes other than helping provide the Services.
Any acquirer of our business
Personal Data and Non-Personal Data
We may share Personal Data and Non-Personal Data in the event of a corporate transaction, such as sale of all or a portion of our business, merger, consolidation or an asset sale. If such transaction(s) occur(s), the surviving or acquiring business will assume the rights and obligations described in this Notice.
Legal and law enforcement
Personal Data and Non-Personal Data
We may disclose certain data to law enforcement, governmental agencies, or other authorized investigators or third parties as required by law, in response to a request relating to a civil or criminal investigation, allegation of illegal activity or any other activity that may expose us, you, or a third-party to liability.
User Rights
Different people have different privacy concerns and preferences. We allow you to exercise certain choices, rights, and controls in connection with your information. Depending on your relationship with us, your jurisdiction and the data protection laws that apply to you, you have the right to control whether and how information about you is used. This Privacy Notice is supplemented with important disclosures for California residents in our CCPA Privacy Notice, and for Colorado, Connecticut, Utah and Virginia residents in our CO, CT, UT and VA Privacy Notice.
For more information on your rights and how to exercise them, please see the Data Subject Request Form (“DSR”), and if you fill it out, you should send it to our DPO at: dpo@allinoneemail.com.
Some of your rights may be exercised by you at your convenience without filling out a DSR. For example:
- As our Customer, you may correct certain data provided under your Account (such as contact information) through the account settings;
- You may opt-out from receiving our marketing emails by clicking the “unsubscribe” at the bottom of each marketing email we send;
- You may use the cookie settings tool on our website to change your cookie preferences. Please review our Cookie Policy for more information about cookies and how we use them.
Data Retention
In general, we retain Personal Data we collect for as long as necessary to fulfill the purposes for which they were collected, as described above, until: you express your preference to opt-out (where applicable), you terminate your use of the Services, or you request to delete your Personal Data.
We reserve our rights to retain your Personal Data for longer periods in the following circumstances: (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements; (ii) for us to have an accurate and complete record of our communications in the event of an audit, investigation, complaint, dispute or claim by you or a third party; or (iii) as required by law, regulation or subpoena. Except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary to preserve your Personal Data.
We shall process Personal Data on behalf of the Customer as a Service Provider and shall not sell or share the Personal Data or retain, use or disclose the Personal Data for any purpose other than for Customer purpose specified in the Agreement.
Security Measures
We make commercially reasonable efforts to secure our systems and ensure the privacy of Personal Data on the Company Platform. We have implemented physical, technical and administrative security measures for the Services to comply with applicable laws and industry standards. We disclaim responsibility, to the fullest extent permitted by law, for unauthorized access beyond our control, and we make no representation, warranty or covenant, express, implied, or otherwise, that we will always be able to prevent unauthorized access to the Company Platform or the Personal Data.
Please contact us at dpo@allinoneemail.com, if you believe you are the victim of a security or data breach arising from data on the Company Platform, if you believe we are in breach of this Privacy Notice, or if you become aware of a third party's attempt to gain unauthorized access to any of your Personal Data on the Company Platform.
International Data Transfer
The data servers in which we host and store Personal Data is located in the USA. We are headquartered in the USA, and we do not solicit business or offer our Services outside the USA at this time. We do not transfer data outside the USA in the normal course of business. In general, our privacy practices and procedures are consistent with data compliance laws and standards outside of the USA, including the European Union and the United Kingdom. We process data pursuant to data processing terms and agreements between and among our Customers and our vendors. As referenced above, we have a Data Protection Officer, and you may send inquiries about international data transfers to us at dpo@allinoneemail.com.
Eligibility and Children Privacy
The All In One website and our Services may not be used or accessed by children and we do not knowingly collect or maintain information about anyone under the age of 16. Please contact us at: dpo@allinoneemail.com if you have reason to believe that a child has shared any data with us.