Your privacy and the protection of your data is central to the success of Cleanmail. Therefor we handle all data made accessible to us strictly confidential and have the required organisational and technical controls in place to ensure Confidentiality and Integrity of customer data.The following explanation provides an overview on how Cleanmail cares about your data.
Cleanmail follows the principle of data minimization – we process only the data needed to provide a particular service (where “process” has the meaning of privacy protection regulations, ie it includes the whole life cycle of collection, processing, storage and deletion of data).
Cleanmail does not share data with third parties and works to the best of our knowledge that no unauthorised third party can access the data. Cleanmail reserves the right to share data with public authorities based on appropriate legal notification, and/or based on law and regulation.
We offer the right to view, change and delete data to our customers and other persons about which we may have stored data. The contact page provides the official contact information for all such requests.
If you have any questions, please contact us at firstname.lastname@example.org.
Our internal systems to manage customer and billing data store their data according to the rules on business records (ie in general business records are stored for 10 years). The systems used provide role-based access systems in order to limit access by employees on a need-to-know basis. Data about contact persons (for business customers) or the customer data itself (for private customers) are considered as personal data in that context. We limit the use of this personal data to the purposes of invoicing and general customer contact: postal and e-mail addresses, first and last names, and potentially phone numbers.
If third parties are involved to process this data, appropriate contractual agreements to provide a comparable and appropriate level of privacy protection are in place.
Domain Gateway and Quarantine
The concept of the Cleanmail Domain Gateway demands that e-mails are routed via our servers for analysis. Additionally, our filtering system has to analyse each individual e-mail in order to decide what to do with an e-mail: reject it, forward it to the recipient, or store it in the spam quarantine. Cleanmail ensures that e-mails that pass through the system can not be received, opened, read or otherwise processed by unauthorised third parties.
In the Domain Gateway we store meta data about communication in log files. In the Cleanmail Quarantine application, duly authorised administrators of customers and from Cleanmail and customer support staff have access to prepared log files of the past 14 days.
Cleanmail saves raw SMTP protocol logs for 12 months in line with legal requirements.
These log files and protocols allow to reconstruct sender, recipient and time of e-mail sent / received. Access to these protocols is limited to a small group of highly authorised Cleanmail administrators.
According to the SMTP standards, content of e-mails must be stored for a brief period of time during processing of a message (called “queue”). As soon as an e-mail has been forwarded to the target server defined by the customer, it is removed from the queue. If the target server is not available, the e-mail is kept for a defined period of time in the queue (with regular retry attempts to the target server). If the e-mail could not be delivered to the target server at the end of the defined time, an error message with relevant header data of the e-mail is sent back as an error message to the sender.
In order to improve filtering methods, Cleanmail reserves the right to give technical administrators within the company access to pre-filtered e-mails. With this access, sender, recipient and Subject of the message (in general: all e-mail header lines based on SMTP protocols) are available for viewing. This applies to messages which had been wrongly filtered and therefor need to be treated manually in order to avoid future false positives with almost 100% accuracy. The ratio of such e-mails is below 0.02% of the overall e-mail traffic, and the ratio of manually reviewed e-mails is significantly lower than that.
All administrators with that level of access are subject to written professional secrecy agreements.
In consultation with the customer (eg for incident resolution), Cleanmail support staff can access these meta data as well.
If you contract Cleanmail to host your e-mails, we will perform this service in accordance with the product descriptions. We will store full contents, including personal data, as per your direction, for all received and sent e-mails, and potentially other content (calendar entries, notes, and similar items).
The duration of the storage is – within the limits of the product descriptions – only defined by the users.
The log files created while the services are used are stored at most for the same duration as for the Domain Gateway. These log files are used in case of an incident and for preventive maintenance. These log files contain information about accesses to the service (time, type and result of the access).
Data stored by the users are removed immediately after the contract ends. Customers need to migrate data before contract cancellation, if they need to be preserved beyond the contract end date.
What personal data are stored
Access to the Cleanmail website are anonymous. For statistical purposes, IP addresses and the browser used are stored. No personal data is stored. When a order is placed through the website, the customer data provided will be used as described above.
The Cleanmail website has a function to chat with employees of Cleanmail. The system used relies on Cookies and IP-based identification in order to recognize return visitors upon opening a chat session, and to allow chat among multiple pages within the Cleanmail website which the customer may visit during a chat session. Cleanmail stores such chats if needed as part of the internal customer data, if such a chat contains information which is relevant for the production of the service, or for administrative reasons.
The Cleanmail website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so called “Cookies”, small text files which are stored on your computer and which allow analysis your use of the website. The information stored in a cookie about your use of the website is shared with servers operated by Google (usually hosted in the USA). On behalf of the operator of this website, Google will provide reports on website activity and provide additional services related to website and Internet use to the operator of this website.
You can avoid storing cookies through the settings of your browser; this may lead to certain functions of the website to not operate as expected. In addition, you can use a browser plugin to stop collecting data stored in the cookie, and to stop sending your use of the website (incl storing your IP address) to Google and to avoid processing of such data by Google. You can download the plugin here: https://tools.google.com/dlpage/gaoptout?hl=en