MAILARCHIVA CLOUD PRIVACY NOTICE

Introduction

 

Stimulus Software (Pty) Ltd is a provider of archiving and e-discovery software solutions whose purpose is to assist organizations in preserving their digital records. Companies use our software for a variety of reasons, one of which is to comply with legislation governing the retention of electronic data.

 

In regards to data privacy, we are committed to protecting personal and company data whether required by law, agreement or simply in good faith. This Privacy Policy has been prepared to inform you about the information we gather and how it is used.

Scope

 

This privacy policy is intended to cover the operations of the MailArchiva Cloud Service. This policy covers all geographical jurisdictions where the product is deployed and used. Furthermore, these services are subject to the provisions of the EU ‘General Data Protection Regulation 2016/679’ (here referred to as “GDPR”) which is EU wide and which seeks to protect and enhance the rights of data subjects.

Privacy Shield

 

The MailArchiva Cloud service complies with the EU–U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively.

Information & Uses

 

The following outlines the collection and use of data within the MailArchiva environment:

 

  • Email, calendar, contact data, electronic notes, and task information. This information is preserved for the purposes of providing e-discovery services and in accordance with the retention policies defined by the customer.
  • List of users in the customer’s organization. This info is used to identify mailboxes available for archiving. It is also used to build tree structure consisting of all user mailboxes in the organization.
  • Basic information (e.g. email address and full name) pertaining to users logging into the system. The email address is used for filtering out data relevant to the user, and the user’s name is used for audit and display purposes.
  • Basic company information. This is used for billing purposes.
  • Information on what groups a user belongs to. This information is used to assign roles to users based on their user group.
  • The IP address and username of the logged in user is recorded for auditing purposes.
  • Since archives typically contain sensitive information, all user interactions with the system are recorded. These records may be made available to the client’s auditors upon request.
  • MailArchiva interoperates with Google GSuite to fulfil its archiving and e-discovery functions. The table in Appendix A outlines the specific Google scopes and uses required by MailArchiva.
  • MailArchiva interoperates with Microsoft Office 365. The table in Appendix B outlines the specific Microsoft permissions required by MailArchiva.

Consent

By agreeing to this Privacy Notice, consent is given for Stimulus Software to process company and personal data for the purposes outlined above. Consent may be withdrawn at any time by emailing support@mailarchiva.com.

Information Sharing

 

All information stored for archival purposes (including sensitive email, calendar, contact data, electronic notes, and task information) is kept strictly confidential and will not be shared without the expressed permission of the client except as may be required by law.

 

We may access customer data only for the purpose of providing the services, resolving technical problems or as required by law.

 

We may share basic information about our clients (.e.g. name, address) to third parties for the purposes of conducting business operations such as invoicing, sending out newsletters and collections. We may also include our client names in our reference lists.

 

Our business partners are authorized only to use our client’s details in so far as it is necessary to provide the requested services to us.  In such cases, this shared information may also be subject to the business partners’ privacy statements.

Information Access

 

Stimulus Software acknowledges that our clients have the right to know whether we hold information about them. We agree to provide access to their information on upon request (subject to certain conditions). Please inquire with our customer service team should you wish to access, correct, amend or delete company and personal data.

 

Data pertaining to EU resident clients is subject to the following rights under the GDPR:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing, such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.

 

In the event that Stimulus Software refuses an information access request, a motivation will be provided, which you will have the right to legally challenge.

 

To access personal data, identification will be required. Stimulus Software will accept the following forms of ID when person and company data is requested: A copy of your company registration certificate and a driving license or passport or birth certificate and a utility bill not older than three months. If Stimulus Software is dissatisfied with the quality of the ID presented, further information may be sought before any personal data is released. All requests should be made to support@stimulussoft.com.

Data Transfer

 

Stimulus Software is a global company with customers and partners worldwide. Accordingly, the information we collect may be used, stored and processed in the United States or in any other country in which Stimulus Software does business.

 

By using our services, our clients consent to the transfer of the information outside of their country to any country (including countries which may not have adequate levels of protection). However, for customers of the MailArchiva Cloud service hosted in the EU (i.e. the mailarchiva.eu service), company and personal data will not be transferred to a country or territory outside the EU unless either that country ensures an adequate level of protection is in place or that the appropriate safeguards are in place to protect the data and to meet the ‘adequacy’ requirement under the GDPR and EU data protection laws.

Data Security

 

Our intent is to strictly protect the security of company and personal information; honour their wishes for its intended use; and carefully protect against loss, misuse, unauthorized access or disclosure, alteration, or destruction. Appropriate steps have been taken to safeguard and secure information collected and stored online, including the use of encryption when collecting, storing or transferring sensitive data. However, one should always take into consideration that the internet is an open forum and that data may flow across networks with little or no security measures.

Contacting Us

 

If you have any questions or comments about our privacy notice or practices, please contact us at support@stimulussoft.com. Stimulus Software may modify or update this privacy notice from time to time at any time without prior notice. You can check the “Last Updated” date below to see when the notice was last changed. We encourage you to check this notice often so that you can continue to be aware of how we are protecting your personal information. Your continued use of the MailArchiva On-Premise, MailArchiva Cloud and MailArchiva Managed Service Provider (MSP) products and services constitutes your consent to the contents of this privacy notice, as it may be modified from time to time.

 

Complaints

 

In the event that you wish to make a complaint about how your personal data is being processed by Stimulus Software, you have the right to complain to Stimulus Software’s info@mailarchiva.com.

 

Appendix A – Google GSuite API Scopes

Scope: https://www.googleapis.com/auth/admin.directory.domain.readonly

Retrieve domain information so that MailArchiva knows which domains to accept journaling traffic for.

Scope: https://www.googleapis.com/auth/admin.directory.customer.readonly

Retrieve basic information about the customer, such as email and address. This information is needed for billing purposes.

Scope: https://mail.google.com/a/feeds/compliance/audit/

Receive Google audit information for the purposes of indexing and archiving customer audit information.

Scope: https://www.googleapis.com/auth/admin.directory.user.readonly

To identify the list of users associated with the domain so that data can be retrieved from their mailboxes The scope is also used to construct and display list of users and their mailbox structures in the tree view.

Scopes: https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.group.member.readonly

To enable users to be able to search for data associated with users within a specific user group.

Scope: https://mail.google.com/

To acquire data from user mailboxes for the purposes of archiving and retention. If a copy of the data is received from a “journal mailbox”, duplicate data may be deleted from the journal mailbox once processed.

Scope: https://www.googleapis.com/auth/userinfo.email

To obtain the email address of a logged in user. This scope is needed to ensure that users can only access for which they are permitted to access.

Scope: https://www.googleapis.com/auth/userinfo.email

To authenticate users using the Open-ID connect protoocal.

Scope: https://www.googleapis.com/auth/userinfo.profile

To display the logged in user’s name and basic info in the user interface.

 

Appendix B – Office 365

Azure Active Directory Graph (4)

 

Directory.Read.All

Read directory data

User.Read

Sign in and read user profile

User.ReadBasic.All

Read all users' basic profiles

Exchange (6)

 

Calendars.Read

Read calendars in all mailboxes

Calendars.Read.All

Read calendars in all mailboxes

Contacts.Read

Read contacts in all mailboxes

Mail.Read

Read mail in all mailboxes

MailboxSettings.Read

Read all user mailbox settings

Microsoft Graph (12)

 

Calendars.Read

Read calendars in all mailboxes

Contacts.Read

Read contacts in all mailboxes

Directory.Read.All

Read directory data

Group.Read.All

Read all groups

Mail.Read

Read mail in all mailboxes

Mail.Send

Send mail as any user

Mail.Send

Send mail as a user

User.Read

Sign in and read user profile

User.Read.All

Read all users' full profiles

email

View users' email address

openid

Sign users in

profile

View users' basic profile

Was this information helpful?

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please make sure you spelled the page name correctly or use the search box.