Privacy Policy
This Data Privacy Policy ("Privacy Policy" or "Policy") establishes the foundational guidelines that SchulkinsTech ("we", "our") adheres to regarding data privacy. These guidelines ensure that we handle Personal Data responsibly, maintaining transparency, fairness, and security throughout the processes of collection, use, retention, and disclosure.
This Policy meets, and in some instances surpasses, the principal requirements of relevant laws and regulations. It is consistent with other specific SchulkinsTech policies related to the handling of Personal Data, tailored to address the unique needs of each entity within SchulkinsTech for everyday activities (e.g., cookies policy, privacy policies for employees, customer-specific information notices, etc.). This Policy recognizes that SchulkinsTech affiliates are based in various countries, each with its own legal and cultural practices concerning privacy and data protection. Therefore, this Privacy Policy may be supplemented by additional policies and procedures in specific geographic regions to adhere to local laws and align with cultural expectations.
Should there be any discrepancy between this Privacy Policy and local privacy policies and/or relevant local laws, or if any provision of this Privacy Policy is found to be inapplicable, the local policies and laws will take precedence.
For your convenience, section 2 of this Privacy Policy includes a list of useful definitions.
1. Scope
1.1 This Policy encompasses all Personal Data regardless of its format, including electronic data, disks, and paper documents. It covers all forms of processing, both manual and automated, that are either in the possession of or under the control of SchulkinsTech, across all regions where SchulkinsTech operates. This includes data related to SchulkinsTech members, partners, employees, contractors, consultants, clients, consumers, suppliers, business contacts, and any third parties.
1.2 This Policy also extends to any Third Parties who provide services for or on behalf of SchulkinsTech. These third parties are expected to uphold standards of conduct that align with the principles outlined in this Privacy Policy.
2. Definitions
2.1 SchulkinsTech refers to the specific SchulkinsTech entity that processes Personal Data, along with its various affiliates.
2.2 Third-Party indicates any third party or business partner who receives Personal Data from SchulkinsTech, or who is granted access to, or is otherwise entrusted with, Personal Data on behalf of SchulkinsTech, such as suppliers, contractors, subcontractors, and other service providers.
2.3 Data Subject refers to an identified or identifiable individual whose Personal Data is processed by SchulkinsTech.
2.4 Informed Consent is the explicit, informed agreement by a Data Subject to the processing of their Personal Data, as required.
2.5 Personal Data is any information that can identify a natural person, either directly or indirectly, particularly by reference to an identifier like a number or to one or more elements specific to their physical, physiological, mental, economic, cultural, or social identity. Information qualifies as Personal Data when it allows for the identification of an individual, even if the entity holding the data cannot make the identification independently.
2.6 Application Data includes any Personal Data processed by SchulkinsTech’s Services, whether done by SchulkinsTech or by Third Parties acting on its behalf. Data processed on SchulkinsTech's marketing websites is not considered Application Data for clarity.
2.7 Sensitive Data (or Special Category of Data) encompasses data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of genetic data, biometric data uniquely identifying an individual, health-related data, or data concerning a person’s sex life or sexual orientation.
2.8 Data on Criminal Convictions and Offenses is a category of Personal Data which, due to its sensitive nature, is governed by laws or policies requiring enhanced privacy and security measures.
2.9 Process/Processing includes any operation or set of operations performed on Personal Data, whether automated or not. This includes but is not limited to collection, recording, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, making available, alignment, combination, restriction, erasure, or destruction.
2.10 SchulkinsTech’s Services refers to the services utilized by you under the relevant agreement. This may include services such as SmartMailerAI, and includes any updates, replacements, or technical support provided periodically by SchulkinsTech.
3. Ensuring Lawfulness, Fairness, and Transparency in Processing Personal Data
Personal Data is processed based on legal justifications, ensuring that Data Subjects are fully aware and informed.
3.1 We process Personal Data strictly based on legitimate legal grounds:
When it's necessary to fulfill a contract (e.g., with our employees, contractors, clients using SchulkinsTech's Services, suppliers); notably, we will only use Application Data to deliver SchulkinsTech's Services as stipulated in the contract; To comply with legal obligations (e.g., fulfilling our responsibilities as an employer); For legitimate business interests, such as improving client understanding and distributing promotional offers, provided it does not involve Application Data; When we have obtained explicit Informed Consent from the Data Subject, particularly when no other legal bases apply, and as allowed by applicable laws.
3.2 We prioritize assessing privacy risks before collecting, using, retaining, or disclosing Personal Data, whether in a new system or as part of a project.
3.3 SchulkinsTech will process Personal Data solely as outlined in our specific privacy notices or policies and any Informed Consent from the Data Subject.
3.4 SchulkinsTech refrains from profiling or automated decision-making activities unless they are justified by legal obligations, contract performance, or explicit consent from the Data Subject, along with appropriate safeguards to protect the rights of the Data Subjects.
3.5 Our websites use cookies to enhance functionality. You can reference section 11 of this document for our Cookie Policy.
4. How We Ensure Personal Data is Processed for Specific, Legitimate Purposes and Maintained Accurately and Minimally
4.1 Personal Data is collected and processed only for clear, explicit, and legitimate reasons, and is always consistent with the principle of data minimization. This ensures that only necessary data for stated purposes is processed and that the data remains accurate.
4.2 Personal Data will not be processed further in ways that are not compatible with the purposes for which it was collected.
4.3 We rigorously determine the purposes for processing Personal Data before initiating any project. These purposes might include management of HR data, recruitment, payroll, financial management, allocation of IT tools, digital solutions or collaborative platforms, IT support, health and safety protocols, information security, customer relationship management, marketing, supply management, internal and external communications, event management, compliance with legal obligations such as anti-money laundering and anti-bribery laws, data analytics, and implementing compliance processes.
4.4 We ensure that the Personal Data collected is relevant, adequate, and not excessive relative to its processing purpose and subsequent use. This entails collecting and processing only the Personal Data that is essential for the intended purpose.
4.5 The collection of Sensitive Data or Personal Data related to criminal convictions and offenses is strictly regulated. Such data is only collected when mandated by law or permitted by law with the explicit prior consent of the Data Subject.
4.6 We commit to taking all reasonable steps to ensure that Personal Data is kept accurate and up-to-date throughout its processing lifecycle, including collection, transfer, storage, and retrieval.
4.7 We encourage Data Subjects to assist in keeping their Personal Data current by exercising their rights, particularly rights to access and rectify their data.
4.8 With regard to SmartMailerAI specifically. The software is designed so that none of your Google Drive data or personal data will leave your Google account through any avenues other than what you reveal through explicitly making AI requests to third parties like OpenAI by generating messages, and through sending emails. Further, the only data that leaves the realm of your Google account in our system is your email address, solely for the purpose of account management. We do not sell or distribute your email address in any way. Doing so would be a violation of Google policies.
5. Security and Confidentiality Measures
At SchulkinsTech, the trust placed in us by our employees, contractors, customers, suppliers, consumers, and business partners is paramount, particularly when they entrust us with their Personal Data. We are committed to ensuring the security and confidentiality of this data.
5.1 We safeguard Personal Data that we collect, use, retain, and disclose in support of our business operations by adhering to applicable usage, technical, and organizational policies, standards, and procedures.
5.2 We employ industry-standard technical and organizational measures to protect against accidental or unlawful destruction or loss of Personal Data, unauthorized alterations, disclosures, access, or any other illegal or unauthorized processing activities.
5.3 When outsourcing processing activities, SchulkinsTech selects service providers that offer adequate guarantees to implement appropriate technical and organizational measures. These measures are designed to meet the data protection requirements of relevant laws and safeguard the rights of Data Subjects.
5.4 SchulkinsTech commits to incorporating reasonable privacy protections into its processing activities by default and by design. This means embedding data protection principles and privacy safeguards from the very beginning of the design process of any operation (‘Privacy by design'). Additionally, we ensure that, by default, only necessary Personal Data is processed, storage duration is limited, and access is restricted, thereby ensuring that Personal Data is not inadvertently exposed or accessible to an indefinite number of people (‘Privacy by default').
5.5 If the processing of Personal Data is expected to pose a high risk to the rights and freedoms of Data Subjects, we will conduct a privacy impact assessment or "Personal Data impact assessment" before commencing such processing.
5.6 We take every breach seriously, no matter its size. We thoroughly investigate all incidents of potential or actual breaches of this Privacy Policy or relevant data protection laws that are reported to us or that we identify, and we take all reasonable steps to mitigate their effects.
6. Duration of Personal Data Retention
6.1 Personal Data handled on behalf of SchulkinsTech is retained only as long as necessary to fulfill the purposes for which it was collected and processed, which may include purposes such as:
Supporting or fulfilling SchulkinsTech business activities; Complying with legal or regulatory obligations and adhering to relevant statute of limitation requirements; Defending against legal or contractual claims, in which case Personal Data may be kept until the end of the applicable statute of limitations or as dictated by any relevant litigation hold policies.
6.2 The retention and destruction of Personal Data are carried out in compliance with applicable laws.
7. Your Rights as a Data Subject We respond to queries and requests from Data Subjects regarding their Personal Data and, as mandated by law, enable Data Subjects to access, correct, limit, and delete their Personal Data in accordance with legal provisions. We also recognize their rights to object to the processing of their Personal Data and to exercise their right to data portability.
7.1 Right of Access: We provide access to all Personal Data we hold about a Data Subject as required by law. This includes information about the purposes of processing, the categories of Personal Data processed, the categories of recipients, the duration of data retention, and the rights to modify or delete the accessed Personal Data, if applicable.
7.2 Right to Data Portability: We may provide a copy of the Personal Data in our records in a structured, commonly used, and machine-readable format to facilitate your right to data portability, as applicable under law.
7.3 Right to Rectification: Data Subjects have the right to have us correct, update, or delete any of their Personal Data that is incorrect, outdated, or incomplete.
7.4 Right to Erasure: Data Subjects may request the deletion of their Personal Data when (i) it is no longer necessary for the purposes for which it was collected, (ii) the Data Subject withdraws consent which was the sole basis for processing, (iii) the Data Subject objects to the processing, (iv) the processing is unlawful, or (v) the data must be erased to comply with a legal obligation. We will inform other relevant entities within SchulkinsTech about the erasure to ensure compliance.
7.5 Right to Restriction of Processing: Data Subjects may request that we restrict processing of their Personal Data (i) if they dispute its accuracy, allowing time for verification; (ii) if they prefer restriction over deletion despite unlawful processing; (iii) if they need the data retained for the establishment, exercise, or defense of legal claims; or (iv) while verifying whether our legitimate grounds for processing override their rights.
7.6 Right to Withdraw Consent: If processing is based on consent, Data Subjects may withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
7.7 Right to Object: Data Subjects can object to the processing of their Personal Data for marketing purposes, profiling, or if their data is shared with third parties or within SchulkinsTech. They can also object if the processing is based on our legitimate interest, unless we demonstrate compelling legitimate grounds for processing that override their interests, rights, and freedoms or for legal claims.
7.8 Digital Legacy: Data Subjects may set instructions (general or specific) concerning the management of their Personal Data posthumously.
To exercise these rights, please contact us using the details provided in Section 10 of this Privacy Policy. Data Subjects also have the right to lodge a complaint with the appropriate data protection supervisory authority.
8. Circumstances and Methods of Disclosing Your Personal Data
We disclose Personal Data outside of SchulkinsTech only when there is a compelling legal reason to do so.
8.1 Disclosure occurs on a strict 'need to know' basis, and only when there is a clear reason for transferring Personal Data. This could be because the Data Subject has given consent, the transfer is necessary to fulfill a contract, or for a legitimate interest that does not override the Data Subject’s fundamental rights, including privacy rights (e.g., in the context of a merger or acquisition). Data Subjects are informed in advance about any potential disclosures. We also ensure that recipients commit to using the Personal Data solely for legitimate purposes and maintaining its security.
8.2 Disclosure of Personal Data may be necessary and appropriate to:
SchulkinsTech affiliates for reasons outlined in this Policy; SchulkinsTech’s authorized employees, agents, representatives, and intermediaries for operational purposes defined in this Policy; External partners, agencies, and service providers, including IT service providers who support the technical operations or assist in delivering our services. Key service providers for SchulkinsTech, where applicable, include:
Google Inc. (or its affiliates), primarily for data hosting and managing sales prospects; Dreamhost for web hosting and support; Stripe, for sales, and customer billing management; Furthermore, we may disclose Personal Data when legally required or as requested by competent authorities.
8.3 When a specific legal obligation necessitates disclosure (such as to governmental entities or law enforcement), Personal Data is provided only to the extent required by law. Whenever possible and legally permissible, the Data Subject is informed about such disclosures in advance, either through the informed consent process or at the time of the data request.
9. Protection Measures for International Transfers of Personal Data from the EU
Personal Data managed by SchulkinsTech entities within the EU will not be transferred outside the European Economic Area (EEA) to countries that do not provide an adequate level of data protection unless such transfers are accompanied by suitable safeguards as mandated by applicable laws.
9.1 The international transfer of Personal Data is a critical issue. We carefully consider each transfer of Personal Data from its originating country within the EEA to a non-EEA country. This includes transfers for technical reasons, such as storage, hosting, or maintenance, as well as for primary purposes like the centralization of client database management.
9.2 We ensure that no international transfers of Personal Data occur from the EEA to non-EEA countries without verified and appropriate mechanisms in place that comply with existing data protection laws. This ensures that the data receives adequate protection during transfer.
10. How do we handle complaints?
10.1 SchulkinsTech is dedicated to addressing any legitimate privacy concerns raised by its employees, clients, and other stakeholders. Should any staff member believe that they have acted in violation of this Privacy Policy, they are required to contact the SchulkinsTech Privacy Officer at the email: legal@schulkinstech.com to report the issue.
10.2 Data Subjects are advised that they can raise concerns about privacy matters by contacting the SchulkinsTech Privacy Officer via the email provided above. They are also informed of their right to lodge a complaint with a supervisory authority if they believe their privacy concerns have not been adequately addressed.
10.3 If a Data Subject, governed by this Privacy Policy, submits a complaint concerning the processing of their own or another person's Personal Data and the issue is not resolved to their satisfaction, SchulkinsTech will collaborate with the relevant data protection Supervisory Authorities and adhere to their guidance to resolve the complaint. Should the SchulkinsTech Privacy Contact or the Supervisory Authorities find that SchulkinsTech or any of its employees has not adhered to this Privacy Policy or to data protection laws, SchulkinsTech will take suitable measures as recommended by the authorities or its Privacy Contact to mitigate any negative effects and ensure future compliance.
10.4 Data Subjects under the Children's Online Privacy Protection Act (COPPA) with inquiries or concerns regarding this Policy may also contact legal@schulkinstech.com. SchulkinsTech does not direct marketing to children as our customers, nor are they our intended audience. SchulkinsTech does not knowingly collect the personal information of children. If you are a parent and you believe that SchulkinsTech has accidentally collected data about your child you can contact legal@schulkinstech.com.
11. Cookie Policy
11.1 How We Use Cookies. We currently only use cookies for essential function of our website. This includes signing up for a subscription and managing your current subscriptions. Most of these cookies are managed through Stripe SDK code and not directly by SchulkinsTech.
11.2 Disabling Cookies. You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies.
12. Update of this Privacy Policy
As our business and the regulatory environment regularly change, this Privacy Policy may also change. You are thus invited to consult it on a regular basis.
However, users of our products will be notified in advance of any material changes to this Privacy Policy via email or embedded app notifications.