Copernica Privacy Policy

Copernica processes a wide range of data for customers and itself. This document will provide insight into how data is handled and stored, as well as details the rights of users of the software.

Distinction between private data and customer data

Copernica makes a distinction between two classes of data: data we process on behalf of our customers and users and data we process for ourselves. Data entered by customers is always strictly separated from Copernica’s private data. Customer data is only accessible to the specific customer and not used for Copernica’s own purposes. Third-parties will not have access to the data.

Customers are free to structure their database as desired and determine what data to store in our system. Apart from an obligation to follow all legal regulations customers can organize according to their own desires. Legally and contractually we are obligated to protect customer confidentiality and therefore we do not release any statements about the form, content or size of the data stored by customers. If you wish to obtain knowledge about the usage of Copernica’s system by a customer you have to consult their privacy policy or establish direct contact with the customer.

Copernica employees may access customer data under specific circumstances. This may be done for support purposes or to prevent abuse of Copernica’s systems. The specific circumstances in which this may occur will be detailed further into this document.

Besides customer data we also store data for private use, including data about our customers, past customers, employees, past employees, applicants, prospects, suppliers and partners. In this document we will detail how we gather and store data, as well as the measures that are taken to secure this data and protect the privacy of those involved.

Trade names and products

Copernica BV offers several products. The most recognized name is the trademark Copernica, which is used for our elaborate marketing platform. Other trademarks include “SMTPeter” and “MailerQ”, which are used to refer to an SMTP cloud-service and an MTA application respectively. Although Copernica products have their own logos, websites and corporate identity they are all offered by company Copernica BV.

Besides the aforementioned products Copernica operates several static websites including websites that offer open-source packages. The following websites are owned and operated by Copernica:

The copernica.com, smtpeter.com and mailerq.com websites are interactive and allow users to register, login and use several interactive tools. The remainder of the websites are static in nature and are used to present content only. They are not linked to a user database.

The list of websites is non-exhaustive, since other domain names also represent content from Copernica. Examples include temporary marketing initiatives, domain names claimed to catch misspellings or different extensions and websites, products and domain names that are no longer in use.

Copernica’s software is mostly web-based and accessible through special web addresses. The following addresses are the most common:

License conditions may allow customers to place the software on different domains and/or apply their own branding. This may prevent the application from being recognized as Copernica software. This is only a visual difference and you will still be able to access these environments with your regular Copernica credentials.

Tracking on our websites

To measure business use of our website we use Leadinfo, a service located in Rotterdam. This service provides us with company names and addresses based on IP addresses of our website visitors. This service is only used if permission is granted to store additional cookies.

Copernica's websites are using cookies. Besides technical cookies for login, security, and cookie preferences, additional cookies can be stored if the visitor grants permission. These additional cookies are used to improve our website and to get insight in potential customers.

Shared user database

The copernica.com, smtpeter.com and mailerq.com websites all use the same user database. A registration on one website also applies to the others. Any changes made to a profile on any of the websites apply to all websites.

You are uniquely identified by your email address. An email address can only be linked to one user and one record in the database. Apart from the email address we optionally also store the following information for each user:

  • Full name, split into a first name and a last name and any prepositions or post fixes.
  • Gender
  • Phone number
  • Encrypted password
  • Image (optional)
  • Newsletter preferences
  • Login attempts
  • A history of encrypted passwords (for security purposes)

Copernica is a business-to-business service provider, which means users are linked to a company profile. If the employer of a user is known we will store this information. Every company profile stores the following information:

  • Company name
  • Description (for internal use)
  • Address information (including address, postal code, town, province/state, country and addressee
  • The default email address
  • Phone number
  • VAT number
  • Bank account information
  • Company logo

You have access to this information and can alter it if your access rights allow for it. You can do this by logging into Copernica and opening the dashboard.

When is your information registered?

When registering through one of our websites a user profile is created automatically and your information is stored in our database. However, data is also stored in the following cases:

  • You register for our newsletter
  • You register for one of our webinars
  • You download a whitepaper or other marketing communication
  • You share personal data in order to attend online or offline event
  • Your colleague invites you to register by adding your email address to the company profile
  • A Copernica employee creates a user profile for you, for example because personal contact or contact by phone was established
  • You share data with us on social media

In any of these cases a minimal user profile is created. This is not an official personal registration, but your email address and other known information will be stored already. If you choose to register officially the information will be linked to your credentials. This may also result in your user profile containing more information than you have provided upon registration. We merge this information so a user does not have to fill in this information multiple times.

Newsletters and notifications

Copernica sends out periodic newsletters. Everybody can register for these newsletters. Our newsletters contain informational and marketing related communication about our products. Our database contains information per user about the newsletters they are subscribed to. We distinguish between the following newsletters:

  • Copernica’s regular newsletter
  • Copernica’s special newsletter announcing software updates
  • Copernica’s newsletter for partner companies containing advanced notice about updates and other content relevant to partners
  • SMTPeter’s regular newsletter
  • MailerQ’s regular newsletter

Each newsletter contains an unsubscribe link. You can click this to remove yourself from the mailing list for this specific newsletter.

Besides newsletters, we also offer an automated notification system. You can configure the notifications you would like to receive (and how to receive them) via the Marketing Suite, SMTPeter and MailerQ dashboards. Notifications can be received through the in-app system, push notification (in the browser) or per email. You can enable or disable any notification and channel using the dashboards.

Contact history and email

Correspondence with customers and prospects is stored by Copernica using our own internal software. This includes reports about meetings, phone calls and face-to-face correspondence. We also store incoming email, outgoing email and any questions and remarks received through our support system. We make these profiles so we can store all communication between you and Copernica in one central system. This is in our own interest, as it allows us to keep a record of all communication between you and Copernica.

Copernica employees have a personal email address. This address has the form firstname.lastname@domainname.com, with the domain name referring to the product they represent. Emails using such an email address and/or are signed with a personal name have been manually sent from a Copernica employee. Responding to such an email will send the response to their personal inbox. This may result in longer response times due to illness, vacations, changes in personnel, working hours and other reasons. In case of absence emails may be forwarded to other employees. Emails from personal emails are more sensitive to mistakes and inconsistencies since they do not have to be checked and approved.

Besides the personal email addresses Copernica uses general email addresses like info@domainname and support@domainname. These are accessible by multiple employees and communication may be automated. Automated communication is sent from general addresses only and identifiable by content or layout.

All incoming and outgoing mail is stored in the personal mailboxes on Copernica’s mail servers. Employees can access their mailbox using the IMAP protocol. They are permitted to do so from external locations or devices, provided that this happens securely and is a benefit to our services. They may not store messages outside of Copernica’s systems for any longer than what is strictly necessary.

Due to the intrinsically unsafe nature of email we recommend that you never send (privacy) sensitive information per email.

Data processing of applicants

The application is sent via email. These emails are read by the HR managers. Suitable applications are entered into Recruitee, which is used to keep track of the recruitment process, and are forwarded to possible managers of the applicant. These managers also receive the solution of a possible assigned exercise. If the applicant is hired, the documents are added to the personnel file. If the application is not hired all data will be kept in our systems for 180 days, when the applicant gives his or her permission. The information is only used to enter into an employment contract. Information that is temporarily stored in Recruitee is listed below in the list of external platforms.

Data processing through external platforms

We utilize external platforms where personal data is processed. You'll find an overview of the services we use and the data involved below.

Pipedrive

Copernica uses Pipedrive to guide the sales process. The data stored belongs mainly to (employees of) companies that are not customers or partners of Copernica. However, it is possible that customer or partner data is stored on Pipedrive. We also store the information you provide when you download a whitepaper from one of our websites. Copernica stores the following information on the platform:

  • Name;
  • Email address;
  • Phone number;
  • Employer;
  • Job title;
  • LinkedIn profile;
  • Correspondence with Copernica's sales team.

The following documents provide more information about how Pipedrive handles user information:

Recruitee

Copernica uses Recruitee as Applicant Tracking System. The data stored are listed below. This information will be removed after 180 days when they've given their consent.

  • Candidate's name;
  • Candidate's cv;
  • Names of employees of Copernica that are involved in the procedure.

The following documents provide more information about how Recruitee handles user information:

WebinarGeek

Copernica uses the WebinarGeek platform to organise webinars. We register the following data for everyone following our webinars through this platform:

  • Name;
  • Statistics on viewing behavior;
  • IP address.

The following document provides more information about how WebinarGeek handles user information:

8x8

Copernica uses the 8x8 for its telephone system. We may register some contact details. Also, by using the system telephone numbers may be stored.

  • Name of employee;
  • Telephone number of employee;
  • Name of contact;
  • Telephone number of contact;
  • Telephone number of callers.

The following documents provide more information about how 8x8 handles information:

statuspage.io

Copernica uses statuspage.io to send out notifications in case of an emergency and our own servers are not available. Therefore we have stored a list of email addresses at statuspage.io. This list consists of users who indicate that they want to receive messages regarding system status and maintenance windows. The data stored are:

  • Email address.

The following document provides more information about how statuspage.io handles information:

Other external platforms

Copernica uses the following external platforms:

  • Slack: Copernica uses Slack for internal communication. Copernica employees discuss customers and partners if necessary for providing Copernica's services (Privacy Policy.).
  • DocuSign: Copernica uses DocuSign to sign contracts and other documents. What data is involved depends on the document to be signed. In any case we register your name and signature. (Privacy Policy.)
  • Google Drive: Copernica uses Google Drive to create, edit, store and share documents. Personal data might be involved in conversation reports, meeting notes, sales overviews etc. (Privacy Policy).
  • Blue10 and Twinfield: Copernica uses Blue10's software and Twinfields software for administrative purposes (Blue10's Privacy Policy and Twinfield's Privacy Policy (dutch only).).
  • ABN AMRO: Copernica uses ABN AMRO's software for banking (Privacy Policy.).
  • Miro: Copernica uses Miro's software for internal (product) development sessions.

Access through external platforms

All login forms and registration forms offer the possibility to login using an external platform. The following platforms are available:

  • LinkedIn
  • Facebook
  • Google

If you make use of this option, we will have limited access to your profile on that platform. We only use your first name, last name and email address to create your profile.

Integration of Google services

Several Google services have been integrated into several of our websites and applications. We do not send customer data to Google to use these. However, Google may track information about you themselves. We refer to Google’s privacy policy for more information about the data they gather about you. The following Google services are used by Copernica:

  • Google Analytics: For registering website and Marketing Suite traffic.
  • Google Tag manager: For conversion tracking in the website.
  • Google reCAPTCHA to prevent abuse by bots.

For more information you can consult the following Google policies:

Links and integrations with Copernica

Copernica offers one or multiple APIs for most of its software, which allows programmers to link Copernica’s platform to other websites or applications. You can create these links yourself or use existing links and integrations. The copernica.com offers an overview of such links and integrations.

Unless explicitly stated otherwise these links and integrations have been developed by external parties. Copernica did not create them and has not reviewed their code or functionality. With the exception of validated integrations it is unknown to Copernica how the integration handles data and which test- and safety procedures were used by the developer. When using links and integrations you are responsible for compliance with the technical and legal requirements of your organization. You may be required to enter a data processing agreement with the provider or developer of the integration. It might also be necessary to reflect its consequences in your own privacy policy.

In case of complaints about an integration or concerns about its quality for technical, ethical, commercial or legal reasons we will remove this integration from our website. However, integrations are not checked before being published on our website and the publication alone does not guarantee the quality of the integration.

Validated integrations are judged on, among other things, ease of use, cost, security, support, stability, and performance. Although we judge these integrations thoroughly, we cannot take any responsibility for them. Nor can we guarantee that the integration is GDPR compliant.

Validated integrations can lose their validation predicate, when we receive complaints about them or when we reevaluate them. This can even be a reason to remove the integration completely from our website.

API tokens

Developers that make integrations or links between Copernica and other applications need an access token to get access to the API. This token is a long sequence of characters that is included in every call to the API. Tokens need to be treated with care as they allow access to all data in an account. Copernica employees never ask you for a token, nor do they ever send you a token per e-mail or in any other way.

When you need an API token for one of your own accounts, you can fetch one from the Marketing Suite dashboard. Tokens that give access to other accounts can be obtained with an OAuth handshake, where the owner of other accounts can allow your application access to their accounts.

Partner model

Copernica BV employs a partner model allowing affiliated partner companies to offer services and support to regular users. Most partners are digital companies, IT service providers and consultancy companies. The partner model manifests in two different ways:

  • A partner has the ability to create accounts and edit information and campaigns on behalf of their own customers. Such customers will henceforth be known as “partner customer”.
  • A regular Copernica customer is able to select a partner for support purposes, but signed up through Copernica’s own platform.

In the first case there is usually no direct relation between Copernica and the partner customer. The relation between the partner customer and Copernica is indirect: Copernica has a relation to the partner and the partner has a relation to the partner customer. Copernica BV expects both the partner and partner customer to have legal grounds for processing their data. Both are required to publish a privacy statement clearly stating that information is processed by Copernica. A data processing requirement, or an agreement of a similar nature, must exist between both parties. Copernica does not verify this.

Partners can offer services not only to partner customers, but also to regular customers. In the latter case Copernica has a legal agreement with the customer and is able to appoint a partner for support. Partners can form a bridge between the IT-focused Copernica and the customer, who might need more specialized support for their campaigns. In this case the customer and partner are responsible for setting up a data processing agreement.

The partner will be granted access to the data of the customer upon entering an agreement, including the name, contact information and other information about employees. The partner will also be able to access the invoices Copernica has sent to the customer. Partners will only be able to access the account of the customer and the data they have entered after explicit permission has been provided to the partner.

The information above is especially relevant for the customer, as their employee and invoice information will be shared with the partner. If a partner is also provided access to one or multiple accounts, this could include access to privacy sensitive information. Partners that provide you with services or have access to your account should be mentioned in your privacy policy. Any legal requirements are the responsibility of the partner and the customer.

Access for Copernica employees

Access to privacy sensitive information is prohibited where possible by technical means and internal procedures and rules. However, Copernica employees are allowed and capable of accessing data directly or indirectly. This applies to customer data as well as data gathered by Copernica itself.

Only employees with an employment contract under Dutch law can be eligible to access customer data. A confidentiality clause is included in all employment contracts. External employees such as independent contractors, consultants, accountants will not have access to customer data, but might be allowed to access data gathered by Copernica. This applies to accountants that can view address, billing and payment information of customers.

Copernica employees are only allowed to access sensitive information of any kind if this is strictly necessary for their position. Whenever this happens the invasion of privacy should be relative to the goal and the least invasive measure to achieve the goal.

Abuse complaints reported to Copernica by email providers are processed and can be viewed by Copernica employees. The complaints contain the email address of the reporter and may contain the full message body as well.

An often used way to obtain access to customer data is the usage of the “take identity” feature. This allows Copernica employees to view the software precisely as it would be viewed by the user. Upon request by the customer an employee can also send out a test to external platforms to make sure emails arrive and display as intended. Copernica employees can also access customer data by directly accessing systems in which the data is stored. Access to customer data may occur in the following cases:

  • Support employees are supporting a customer.
  • Support employees are investigating potential abuse.
  • Programmers are investigating a bug submitted by the user.
  • Programmers are fulfilling a feature request from the user.
  • Programmers are implementing features specific to certain users.
  • Testers are executing random checks to test new features for negative consequences.
  • Deliverability managers are investigating an abuse report.
  • Deliverability managers are investigating abuse concerns raised by logs or feedback.
  • Deliverability managers are executing random checks to identify and combat abuse.
  • Deliverability managers and account managers are assessing an account to prepare for a meeting with the customer.

Employees are after approval of the DPO allowed to bring their work laptop abroad (e.g. on a business trip). These employees are after approval of the customer still allowed to access customer's data. This implies that in rare circumstances technically data of a customer is accessed outside of the EU. This access is always occurring via secure channels.

Copernica BV monitors usage of its platform to prevent spam and other unsolicited and illegal email. Due to this mailings may be monitored by employees in cases of suspected abuse or randomly. Employees will be able to access the possibly privacy sensitive contents of the messages.

Location

Copernica BV’s servers are located in the Netherlands. Copernica uses both its own servers and servers that are owned and operated by Leaseweb Netherlands BV (Leaseweb). Both Copernica's own servers and those belonging to Leaseweb are located in the Iron Mountain data center in Haarlem, The Netherlands. Copernica also operates a secondary location for storing backups, which is in the network of True BV and physically located in the euNetworks datacenter in Amsterdam. Data entered by you is only stored in the Netherlands.

Copernica employees only have physical access to those servers that are owned by Copernica. Physical access to these servers is restricted to those employees tasked with operating these servers.

Backups

To minimize the risk of data loss as a result of (hardware) failure, all servers holding customer data run in a redundant setup. To minimize the risk of data loss resulting from user action, backups are created on a daily schedule. These backups are stored in two separate physical locations (Haarlem and Amsterdam) and are kept for a maximum of seven days.

Data that has been removed can still be stored in logfiles, backups, etc. for some time because of this.

Retention period

Data is stored within our systems untill it is no longer necessary for the aim of our processing. It is not possible to specify a period beforehand. Data is deleted on a case-by-case basis.

Access and the right to be forgotten

You can contact our Data Protection Officer Aljar Meesters to request all data we have stored about you or to correct or remove your personal data. You can reach our Data Protection Officer at dpo@copernica.com. Any questions about Copernica BV’s privacy policy can also be sent to this address.

A data request will only apply to the information Copernica BV has retrieved and stored for private use. We do not provide data stored by our customers. You can obtain data stored by a specific customer by communicating with them directly.

Language

This document is available in multiple languages. In case of any translation errors or other differences between versions the Dutch version is leading.