Our Privacy Policy
Purpose of this privacy policy
This privacy policy aims to give you information on how PostFromUS, Ltd collects and processes your personal data through your use of this Site, including any data you may provide through this Site when you sign up to use our services or register an account on our Site.
This Site is not intended for children and we do not knowingly collect data relating to children save where it might be collected as part of Personal Data (see below).
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you or third parties provided by you so that you are fully aware of how and why we are using such data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
The information that we obtain through your use within our Site, domain and subdomains, whether through the registration process or otherwise, is subject to the privacy policy posted on the Site (“Privacy Policy“), which is incorporated within this Agreement by reference. You may access the PostFromUS Privacy Policy by clicking on this link: Privacy Policy. The Privacy Policy describes our collection and use of the information you provide to us, including our and your respective rights relative to that information. Please review the Privacy Policy before you use the Site. If you are unwilling to accept the terms and conditions of the Privacy Policy, please do not use the Site. If you don’t understand any part of the document please feel free to reach our support for clarification. PostFromUS will not share, rent or lease your personal information to any third party for their independent use or benefit without your explicit consent and outside the defined data necessary to provide the service. Information we collect from you is used to process your orders, ship products, verify accounts, in order to provide you with service.
POSTFROMUS, LLC (Company number 4538735, whose registered office is at 23600 Mercantile Rd. Suite C-100, Beachwood OH 44122 U.S.A.) is the processor, joint controller and operator of postfromus.com domain, including all subdomains and responsible for the personal data you provide through our Site (collectively referred to as "we", "us" or "our'' in this privacy policy).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
How to obtain more informations or resolve privacy related matters:
If you have any questions about this privacy policy or our privacy practices, please contact our support team at: hello@postfromus.com
Shall you find that we did not address your concerns within your expectations, please contact our DPO, via registered mail at:
Akiva Henfield
23600 Mercantile Rd. Suite C-100, Beachwood OH 44122 U.S.A.
If a follow up on the matter still doesn't address your concern, depending on the country of residence you have the right to make a complaint to the National Data Protection Authority (DPA) in your state or Information Commissioner's Office (If you are resident of the United Kingdom).
We would, however, appreciate the chance to deal with your concerns before you approach the DPA / ICO so please contact us in the first instance.
Changes to the privacy policy and accountability
We keep our privacy policy under regular review. You may find the history of changes by clicking on the archive link at the top of this page.
It is important that the personal data we hold is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links
We do not share your personal data with any third-parties except as set out in the Glossary below (Subprocessors). Please note that third-party links might be subject to their own privacy policy and we encourage you to inform yourself if you are leaving our domain.
Personal Data we collect and process:
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a new customer | (a) Identity (b) Contact |
Performance of a contract with you |
| To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us |
(a) Identity (b) Contact (c) Transaction (d) Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us and accounting purposes) |
| To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey |
(a) Identity (b) Contact (c) Profile (d) Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our services) |
| To enable you to partake in a survey, provide feedback or keep you informed. | (a) Identity (b) Contact (c) Profile (d) Usage (e) Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our services, to develop them and grow our business) |
| To administer and protect our business and Site (including troubleshooting data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services,network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) (b) Necessary to comply with a legal obligation |
| To deliver relevant Site content | (a) Identity (b) Contact (c) Profile (d) Usage (e) Communications (f) Technical |
Necessary for our legitimate interests (to study how customers use our services, to develop them, to grow our business. |
| To use data analytics to improve our website and services, customer relationships and experiences | (a) Technical (b) Usage |
Necessary for our legitimate interests (to define types of customers for our services, to keep our Site updated and relevant and to develop our business) |
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data includes first name, last name, username or similar identifier, title and if relevant, your employer or the organization which you represent.
• Contact Data includes email address, physical addresses and telephone numbers.
• Transaction Data includes the services you have ordered from us.
• Technical Data includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Site.
• Profile Data includes your username and password, orders made by you, your preferences and feedback and any survey responses.
• Usage Data includes information about how you use our Site and services.
• Communications Data includes your preferences in receiving communications from us.
Aggregated Data
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data (not including Private Data) but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to understand your interactions with the system on our Site. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
Privacy Impact Assessment
We have carried out assessments of our legitimate interests and weighed these against the interests, fundamental rights and freedoms of the individuals on whom we process data. We make sure we consider and balance any potential impact on you and your rights before we process your Data for our legitimate interests.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. To learn more about cookies, please visit https://en.wikipedia.org/wiki/HTTP_cookie
The PostFromUS Service Data Flow
Registration and Consent
Before you use the Services, you must open a PostFromUS Account by completing the PostFromUS Account Set Up form with true, accurate, current and complete information about yourself (the “Registration Information”). You can also access our service by using our “quick-ship’’ option. You give consent to maintain and update the Registration Information to keep it true, accurate, current and complete. If you provide any information that is untrue, inaccurate, not current or incomplete, or if PostFromUS has reasonable grounds to suspect that information you have provided is untrue, inaccurate, not current or incomplete, PostFromUS has the right to investigate, temporarily put services on hold, and depending on results - suspend or terminate your access and refuse you any and all use of the Site and the Services.
Password, Personal Data and Security Measures
When your registration is complete, you may access your PostFromUS Account Page and other secure areas of PostFromUS.com using a password. You are responsible for safeguarding the password. You agree not to disclose your password to any third party. You agree to take sole responsibility for any activities or actions under your password. You will immediately notify PostFromUS.com of any unauthorized use of your password.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents and contractors and other third parties who have a business need to know and will only process your personal data on our instructions and they are subject to our privacy policy and a duty of confidentiality.
Our security measures include: using encryption, implementing captcha and strong passwords, using secure site URLs, implementing input validation and sanitisation, implementing secure and centralized error handling, using robust user identification and authorisation mechanisms, strong database security, Layer 7 firewalls and secure APIs. If you would like more information on the security measures we implement, please contact us.
In addition, we ensure that no identifiable Personal Data will be used for training or improving our system.
Breach Notification
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so - not longer than 48 hours from the moment of becoming aware of the security incident.
Account Verification
After registering an account with PostFromUS, you will be asked to submit various forms of identification, as set forth on your PostFromUS Account Page. These forms of identification may include a drivers license, passport, utility bills and a US Postal Service Form 1583. The more forms of identification that you send to us, the higher your Verification Status will be. Customers with a low Verification Status pose a much higher risk for us. We reduce that risk by imposing certain limits on those accounts. This system reduces fraud and enables us to keep our prices low. We encourage our customers to raise their Verification Status as much as possible, which will enable us to remove restrictions on the account. We will not hold such data for longer than required to provide verification service, and no longer than required by law. Personal documents are destroyed in accordance with our data retention policy upon validation, contract termination, legal requirements or a period of 1 year (whichever comes first) from the moment of last given consent.
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
We will only hold Identity and contact information within Private Data for the purposes of customer registration and executing service for the purposes for which it was provided to us. We designate specific fields in the system for the input of personal and identifiable and user data (including such data as is required to generate letters or other documentation, such as: recipient and sender details and sender signatures) and these fields will not be accessible to us and will not be used for the purposes of training or fine tuning our system.
We may use non-identifiable, anonymized Personal Data for the purpose of training our system.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. In general, your personal data will not be held for a period no longer than one year from the moment of providing a consent.
Will Your Information be shared with anyone?
In Short: We only share information with your consent, to comply with laws, to protect your rights, or to fulfill business obligations.
We may process or share data based on the following legal basis:
Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.
Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
More specifically, we may need to process your data or share your personal information in the following situations:
Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Sites, which will enable them to collect data about how you interact with the Sites over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes.
Business Partners. We may share your information with our business partners to offer you certain products, services or promotions.
| Name | Contact Information | Type of data used | Why Data Needs to Be Shared | Purpose of Processor |
|---|---|---|---|---|
| Amazon Web Services https://aws.amazon.com/compliance/data-privacy-faq/ |
https://aws.amazon.com/contact-us/ | Infrastructural Data | To maintain technical services, database security and continuity | To establish technical resources in order to provide you with services. |
| Stripe https://stripe.com/en-gb-us/privacy |
https://stripe.com/contact | Name, Surname, Card credentials | To create a customer profile and link card credentials to the Stripe profile | To make payments |
| Mandrill/Mailchimp https://mailchimp.com/legal/ |
https://mailchimp.com/contact/ | Everything pertaining to emailing - Email Address, Staff Member Name, Data in Notifications such as Customer Feedback (customer name, message, rating), Customer Reviews (fetched Google Review) | To create an email | To act as an email server to send emails |
| Google Maps API https://policies.google.com/privacy?hl=en |
https://about.google/contact-google/ | Name of Google Company and/or chosen Company Id, URL, identifier, company rating average and review count | 1. For the use of the client to determine/verify which Google Company they want to receive reviews for. 2. For the use of the functionality to fetch reviews from the specified Google Company using Outscraper |
Provide an autocomplete list of Google Companies that are similar in same with their Company Id, rating average and review count |
| Recaptcha https://policies.google.com/privacy?hl=en |
https://about.google/contact-google/ | IP address. Resources loaded, including styles or images. User Google account information. Behavior, like scrolling on a page, moving the mouse, clicking on links, time spent completing forms, and typing patterns. https://www.google.com/recaptcha/about/ | To protect the website from spam, abuse and to identify bots and other malicious software. | To protect the website from spam, abuse and to identify bots and other malicious software. |
| Google Tag Manager https://policies.google.com/privacy?hl=en |
https://about.google/contact-google/ | Google Tag Manager may collect some aggregated data about tag firing. This data does not include user IP addresses or any measurement identifiers associated with a particular individual. https://support.google.com/ tagmanager/answer/9323295 ?hl=en | To improve the customer website journey across different devices. | Tag Manager helps to optimize tag deployment, reduce tag configuration errors and allows you to modify and deploy tags on your site instantly from a web-based interface. |
| https://www.intercom.com/ | https://www.intercom.com/legal/privacy | Name / Freeform Messaging | To provide Interactive support | Customer Care |
| Meta (WhatsApp) | https://www.intercom.com/legal/privacy | Name / Phone Number / Social Profile | To Provide interactive support | Customer Care |
What Are Your Privacy Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data.
Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to processing of your personal data.
Request restriction of processing your personal data.
Request transfer of your personal data.
Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us. No fee required You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We explain what you’re consenting to clearly and without ‘legalese’, and ask that you explicitly consent.
Breach Notification
In the event of a breach we will notify affected users within 48 hours of first having become aware of the breach.
Right to Access
Users can request confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, we shall provide a copy of the personal data, free of charge, in an electronic format.
Right to be Forgotten
Once we have compared your (the subjects') rights to "the public interest in the availability of the data", we may delete your personal data where you have requested this.
Data Portability
We allow you to receive the personal data concerning you, which we will provide in a 'commonly used and machine readable format' and you have the right to transmit that data to ‘controller’.
Privacy by Design
We implement appropriate technical and organizational measures, in an effective way, in order to meet the requirements of this Regulation and protect the rights of data subjects'. We hold and process only the data absolutely necessary for the completion of our duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests as soon as reasonably possible. Occasionally it could take up to one month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Termination
If you use the Site in violation of this Agreement, PostFromUS may, upon investigation, retain necessary data collected from your use of the Site for the purpose of investigation and apply retention policy upon completion.
Changes to our privacy policy
We may occasionally update our Privacy Policy to reflect changes in our practices and services. If we make material changes in the way we collect, use, or share your personal information, we will notify you by sending you an email to the email address you most recently provided to us and/or by prominently posting notice of the changes on our website.
How to contact us
If you have any questions about this Privacy Policy, or our information practices, please contact us by email or postal mail below:
PostFromUS
Attention: Privacy
23600 Mercantile Rd. Suite C-119, Beachwood OH 44122 U.S.A.
hello@PostFromUS.com
