1. Introduction
This Privacy Policy establishes the conditions for the processing of personal data of users (the “User” or “you”) of the DoSales service (the “Service”) by DoSales, doo (“DoSales” or “we”) as well as the conditions for the processing of personal data by DoSales on behalf of Users within the Service.
DoSales shall process personal data in accordance with European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and applicable data protection laws.
2. Processing of personal data of Users by DoSales (as Controller)
2.1. This Section explains the processing of personal data of Users by DoSales as a controller, that is, when DoSales decides about the purposes and means for the processing of the data. This only happens regarding the data of the User used by DoSales to render the Service (having an account, invoicing…). This does not include the communications sent by the User through the Service and related-data, which shall only be processed in accordance with Section 3 below.
DoSales shall process as controller your personal data to provide you with the Service and to manage and improve the Service, including the sending of communications regarding the Service or with information about the Service or DoSales.
2.2. Personal data of Users processed by DoSales for the above purposes may include contact information, such as name or email address, language preferences, current location for the proper price/currency displaying, payment data, and other personal data provided by the User in the context of the provision of the Service.
2.3. The legal basis for the processing of personal data of Users is the contractual relationship between the Users and DoSales for the Service and also the legitimate interest of DoSales of informing registered Users about the Service and the company, unless they opt out to receive this information.
2.4. Personal data of the Users will be processed by DoSales throughout the term of the contractual relationship for the Service and subsequently for the period during which applicable regulations require such personal data be he held thereafter.
2.5. DoSales may share personal data with third parties, some of which may be located outside of the European Economic Area, only for the provision of the Service and at all times subject to the guarantees and requirements provided by applicable data protection laws.
2.6. The User may at all times exercise his rights to access, recitation, erasure and restriction of processing and data portability as provided in the GPDR and applicable regulations by contacting DoSales at Svetozara Miletica 43a/12 21000 Novi Sad (Serbia); or, by sending an email to info@dosales.email.
If at any time the User wishes to stop receiving communications regarding DoSales or with commercial information about the Service, the User may request so by sending an email to info@dosales.email.
3. Processing of personal data on behalf of Users by DoSales (as Data Processor)
3.1. This Section explains the processing of personal data by DoSales on behalf of Users, as a data processor, that is, when the purposes and means for the processing of the data are decided by the User and DoSales only access the data for the rendering of the Service and on behalf of the User.
The Service may imply the access and processing by DoSales of personal data controlled by the User and generated within the Service in relation to each electronic mail sent by the User through the Service (“Accessed Data”). In such cases, DoSales shall be deemed as the data processor and shall process such personal data only on behalf of the User and not for its own purposes.
The Accessed Data shall comprise:
Information required to identify the electronic mails sent through the Service
information of the recipients;
email bodies of the saved templates
subject of the email; and
date and time in which the email was sent;
Information provided by the Service:
receipt confirmation;
open confirmation;
timestamp of each email opening;
history of the times (number, date and time) the recipient has opened the
received email; browser and operating system used by the recipient who opened the email;
number of links included in the email;
text and URL of such links;
number of clicks made on each of them by the recipient;
timestamp of each click on the link; and
browser and operating system used by the person who has clicked on the link.
Accessed Data is the only information to which DoSales shall access to provide the Service. Authorizations for Gmail and the connection to your Google account as detailed in the Service Terms and Conditions are needed technically for the rendering of the Service by DoSales and to provide the DoSales service, but do not imply the access by DoSales to any data or information of the User other than the Accessed Data.
For your better understanding, this is the detail of the use of the above permissions by DoSales:
Basic permissions: view your email metadata such as labels and headers, but not the email body (only exceptions are email templates created within DoSales. The Service needs this permission to identify your emails and correctly assign the open status (double check marks).
Send email into your inbox: this permission is necessary to add email alerts in your Gmail inbox when your emails are opened.
Read and change your data in a number of websites (All usergooglecontent.com sites, All DoSales.email sites, Inbox.google.com, mail.google.com, DoTemplates.email, DoTrack.email). The Service modifies Gmail and Google Inbox websites in order to display the double check marks as well as the DoSales website.
As detailed in the above permissions, some of them are never used by DoSales, but the permission system from Google does not have enough granularity to select only the ones that DoSales really needs.
DoSales guarantees that:
Only automated software uses the above permissions
No one at DoSales reads your emails
DoSales will never send emails on your behalf
DoSales will never share the content of your emails with third parties DoSales will never share your browsing data with third parties DoSales doesn’t store the body of your emails.
The processing of the above personal data is only carried out for the provision of the Service within the terms and duration stated in the Service Terms and Conditions
3.2. Accordingly, DoSales shall:
(i) not process the Accessed Data for a purpose other than the provision of the Service requested by the User and shall not transfer such data, not even for their storage, to unauthorized parties;
(ii) process the Accessed Data only on documented instructions from the User; and if DoSales is aware that or of the opinion that any instruction given by the User breaches the data protection regulations, DoSales shall immediately inform the User;
(iii) notify the User promptly if it becomes aware of any data breach and shall provide full details of the relevant breach;
(iv) ensure that persons authorized to process the Accessed Data have committed themselves to condentiality or are under an appropriate statutory obligation of condentiality;
(v) taking into account the nature of the processing, assist the User by appropriate technical and organizational measures, insofar as this is possible, for the fullment of the Users’ obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;
(vi) take all measures required pursuant to Article 32 of the GDPR (Security of Processing);
(vii) assist the User in complying with its obligations pursuant to Articles 32 to 36 of GDPR taking into account the nature of processing and the information available to DoSales, including but not limited to, assisting the User with:
(viii) at the choice of the User, delete or return all the Accessed Data to the User after the end of the provision of Service, unless the storing of the data is required by applicable law; and
(ix) make available to the User all the information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User.
3.3 DoSales shall not subcontract third parties for the processing operations which may imply access to the Accessed Data without the authorization of the User.
In this respect, the following sub-processors are deemed as authorized by the User:
Google, Inc. as provider of the hosting of the Service, through servers located in Ireland.
Google services: Google Apps, Google Analytics, Webmaster Tools and Google Forms
Live Agent, for the provision of the customer service
Salesmachine, for the provision of the customer service and analytics
Intercom, for the provision of the customer service
Yanado, for the provision of the customer service
3.4. DoSales shall guarantee the confidentiality of the Accessed Data, even after the termination of the Service.
3.5. The User is the data controller of the processing of the Accessed Data within the meaning in GDPR. The User is the only one deciding the purposes and means for the processing of Accessed Data, so DoSales does not use Accessed Data for its own purposes and only uses them for the rendering of the Service and on behalf of the User. To such extent, the User shall have to comply with applicable obligations under data protection regulations, including relying on an appropriate legal basis for the processing of personal data of the recipients of the emails sent through the Service. The User, and not DoSales, shall be solely responsible for compliance with such obligations.
3.6. The User acknowledges and agrees that the use of the Service and the processing of the Accessed Data as a result of the same is its own free and exclusive decision and has verified that the conditions of the Service and the processing of the Accessed Data are in line with its interests.
4. Security
DoSales shall process all personal data in the strictest confidentiality and implement the appropriate technical and organisational measures as required by applicable regulations.We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology.
5. Exclusion of the DoSales (DoTrack and DoTemplates) service.
5.1. The recipient of an email sent by the User of the Service may be excluded of the monitoring conducted by the User if the recipient selects the checkbox “Opt-out” available on the “ User Privacy” section.
5.2. Due to technical limitations, the only way to exclude the recipient of the Service from the Service implies the installing of a cookie from the website DoSales.email. Therefore, in case the recipient proceeds to delete cookies from his browser, the recipient will be included once again in the Service.
5.3. The aforementioned cookie will only work on the browser used by the recipient to select the exclusion. Therefore, in the event of using a different browser, the recipient will have to carry out the exclusion process on such browser.
6. Frequently asked questions about privacy.
6.1. How can I remove DoSales access to my Google account and emails? You can stop DoSales access to your Google account here . In such a case, you will not enjoy the Service any more.
6.2. Does DoSales sell or rent my personal data or the content of my emails? No, DoSales does not sell or rent your personal data.
6.3. Do you need a data privacy agreement? This Privacy Policy constitutes a binding data processing agreement (DPA) in case you need it.
6.4. Where is my information stored?Information submitted to DoSales will be transferred to, processed, and stored in Google.com services facilities in Ireland and USA.
6.5. How can I delete my personal data from the Service? You can remove your Personal Data from the Service at any time by contacting support.
6.6. How safe is my credit card information? Your credit card information is safe. DoSales does not have access to your credit card information at any point during the transaction, so we do not store your credit card information. We process every payment via Paddle which acts as our reseller.
6.7. Does DoSales store the body of my emails? No, DoSales doesn’t store the body of your emails unless you have created those emails as email templates within DoSales.
6.8. Why does DoSales need permissions to access your Gmail / Google Account and how those permissions are used? This is the detail of the use of the permissions by DoSales:
Basic permissions: view your email metadata such as labels and headers, but not the email body. The Service needs this permission to identify your emails and correctly assign the open status (double check marks).
Send email into your inbox: this permission is necessary to add email alerts in your Gmail inbox when your emails are opened.
Read and change your data in a number of websites (*.googleusercontent.com, mail.google.com, *.yanado.com, *.dotrack.email, *.dotemplates.email, *.dosales.email). The Service modifies Gmail in order to display the double check marks as well as the DoSales website.
As detailed in the above permissions, some of them are never used by DoSales, but the permission system from Google does not have enough granularity to select only the ones that DoSales really needs.
6.9 Privacy code of conduct DoSales guarantees that:
Only automated software uses the above permissions
No one at DoSales reads your emails
DoSales will never send emails on your behalf
DoSales will never share the content of your emails with third parties