Jurisdiction
Our servers and hence your data are located in France, a country who signed the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, in force since 1985. As such you are protected with regard to the processing of your personal data and have the right to access your data and data related to you. Unless specific legal action is undertaken, no party external to PrivateRelay may have access to your data.
Surveillance
- We do not participate in any sharing, reviewing or scanning of your email, tasks, contacts or calendar.
- We do not perform any personal profiling of our clients based on their data, nor usage of our services.
- We do not sell our clients data nor disseminate this in any way to third parties.
- We do not track our client’s remote access to our services, nor usage (other than to technically improve our services and public web site).
Client data protection
We actively work to ensure that our client’s data remains secure. Connections using http, IMAP and SMTP use encrypted SSL connections to transmit data between our client’s devices and our servers.
Email sent externally from PrivateRelay will, where the remote systems permit, also use encrypted data transfer over the SMTP protocol.
Access to client data will only be made available to our technicians, and only then to permit the operation and maintenance of our services.
Data backups are, for operational reasons, made of our client’s data. These backups are encrypted for transit between data centres.
Law enforcement
PrivateRelay takes the security of your data extremely seriously. As such we will only give access to your data if we are forced by a French authorised body providing a specific warrant for this access.
Should international law enforcement bodies apply for access, then these request will be refused unless supported by a French authorised body providing a warrant for this access.
We deal with law enforcement requests individually and will only entertain such requests when legally forced to do so. We will notify all clients for whom we have been served a warrant / order to disclose information unless, in the unlikely event, that we are prevented to do so by law in the terms of that order.
Data mining and personal profiling
We do not participate in any data mining or personal profiling of our clients. Access to client’s data is available only to our technicians, and this, simply to manage the services that we provide.
No client data will be given, sold or shared with third parties.
How we use information we collect
We collect personal information on our clients simply to facilitate the use of their account(s). This personal information is treated as any of our client’s data and used only for our internal operations and never given, sold or shared to third parties.
Retention of data
We retain our client’s data for the operational use of the services which they have purchased.
This data is held in backups and may remain so, simply for operational reasons, for up to two months after a client account has been deleted. Backups are deleted when their usage is no longer required.
Cookies and anonymous identifiers
The operation of our web services such as front office ordering and web client access, use cookies to store non identifiable tokens in our client’s web browsers. These cookies are simply to allow the operation of our computer services. We do not provide any access to third parties to link with these cookies, nor liaise with any marketing agencies to exploit this data.
Account closing
Accounts which remain unpaid at their renewal date will be suspended but still remain on our servers for ninety days. This is to give the client time to reactivate their account if required. If the account has not been renewed after that time, the account will be deleted.
The account deletion procedure will remove all client emails, tasks, contacts and calendar data from our active servers. PrivateRelay will retain the customer account for possible future use by the client, should they require services in the future.
Account deletion
We will expedite all client requests for account deletion. In this case all emails, tasks, contacts and calendar data will be removed from our active servers. If stipulated by the client we will also remove the client’s customer account from our database. Please note however that an element of historic information will remain, in the form of invoices, which we are legally obliged to retain under French law for accounting purposes.
Changes
Access to this Privacy Policy is permanently available on our web site.
We may occasionally need to update this policy, in which case our clients will be made aware of the changes.